Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/raxml-8.2.12+dfsg/ancestralStates.c
Examining data/raxml-8.2.12+dfsg/axml.h
Examining data/raxml-8.2.12+dfsg/classify.c
Examining data/raxml-8.2.12+dfsg/eigen.c
Examining data/raxml-8.2.12+dfsg/fastSearch.c
Examining data/raxml-8.2.12+dfsg/globalVariables.h
Examining data/raxml-8.2.12+dfsg/leaveDropping.c
Examining data/raxml-8.2.12+dfsg/legacyCode.c
Examining data/raxml-8.2.12+dfsg/mem_alloc.c
Examining data/raxml-8.2.12+dfsg/models.c
Examining data/raxml-8.2.12+dfsg/multiple.c
Examining data/raxml-8.2.12+dfsg/optimizeModel.c
Examining data/raxml-8.2.12+dfsg/parsePartitions.c
Examining data/raxml-8.2.12+dfsg/rapidBootstrap.c
Examining data/raxml-8.2.12+dfsg/rmq.h
Examining data/raxml-8.2.12+dfsg/rmqs.c
Examining data/raxml-8.2.12+dfsg/rmqs.h
Examining data/raxml-8.2.12+dfsg/rogueEPA.c
Examining data/raxml-8.2.12+dfsg/searchAlgo.c
Examining data/raxml-8.2.12+dfsg/topologies.c
Examining data/raxml-8.2.12+dfsg/treeIO.c
Examining data/raxml-8.2.12+dfsg/avxLikelihood.c
Examining data/raxml-8.2.12+dfsg/axml.c
Examining data/raxml-8.2.12+dfsg/bipartitionList.c
Examining data/raxml-8.2.12+dfsg/evaluateGenericSpecial.c
Examining data/raxml-8.2.12+dfsg/evaluatePartialGenericSpecial.c
Examining data/raxml-8.2.12+dfsg/fastDNAparsimony.c
Examining data/raxml-8.2.12+dfsg/makenewzGenericSpecial.c
Examining data/raxml-8.2.12+dfsg/newviewGenericSpecial.c
FINAL RESULTS:
data/raxml-8.2.12+dfsg/ancestralStates.c:1081:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr, "%s", tr->nameList[p->number]);
data/raxml-8.2.12+dfsg/ancestralStates.c:1140:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ancestralProbsFileName, workdir);
data/raxml-8.2.12+dfsg/ancestralStates.c:1141:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ancestralStatesFileName, workdir);
data/raxml-8.2.12+dfsg/ancestralStates.c:1142:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treeFileName, workdir);
data/raxml-8.2.12+dfsg/ancestralStates.c:1148:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ancestralProbsFileName, run_id);
data/raxml-8.2.12+dfsg/ancestralStates.c:1149:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ancestralStatesFileName, run_id);
data/raxml-8.2.12+dfsg/ancestralStates.c:1150:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(treeFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:150:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f, format, args );
data/raxml-8.2.12+dfsg/axml.c:154:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args );
data/raxml-8.2.12+dfsg/axml.c:169:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f, format, args );
data/raxml-8.2.12+dfsg/axml.c:173:7: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args );
data/raxml-8.2.12+dfsg/axml.c:191:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f, format, args );
data/raxml-8.2.12+dfsg/axml.c:195:7: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args );
data/raxml-8.2.12+dfsg/axml.c:1255:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->nameList[i], buffer);
data/raxml-8.2.12+dfsg/axml.c:1624:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->nameList[taxa], buffer);
data/raxml-8.2.12+dfsg/axml.c:1912:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->initialPartitionData[0].proteinSubstitutionFileName, proteinModelFileName);
data/raxml-8.2.12+dfsg/axml.c:1932:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->extendedPartitionData[i].partitionName, tr->initialPartitionData[i].partitionName);
data/raxml-8.2.12+dfsg/axml.c:1933:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->extendedPartitionData[i].proteinSubstitutionFileName, tr->initialPartitionData[i].proteinSubstitutionFileName);
data/raxml-8.2.12+dfsg/axml.c:1934:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->extendedPartitionData[i].ascFileName, tr->initialPartitionData[i].ascFileName);
data/raxml-8.2.12+dfsg/axml.c:2804:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(noDupFile, seq_file);
data/raxml-8.2.12+dfsg/axml.c:2807:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(noDupModels, modelFileName);
data/raxml-8.2.12+dfsg/axml.c:2810:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(noDupSecondary, secondaryStructureFileName);
data/raxml-8.2.12+dfsg/axml.c:2886:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(AAmodel, protModels[tr->partitionData[i].protModels]);
data/raxml-8.2.12+dfsg/axml.c:2889:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(AAmodel, protModels[tr->partitionData[i].protModels]);
data/raxml-8.2.12+dfsg/axml.c:3129:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(AAmodel, protModels[tr->partitionData[i].protModels]);
data/raxml-8.2.12+dfsg/axml.c:3132:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(AAmodel, protModels[tr->partitionData[i].protModels]);
data/raxml-8.2.12+dfsg/axml.c:3311:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(partName, workdir);
data/raxml-8.2.12+dfsg/axml.c:3312:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(partName, modelFileName);
data/raxml-8.2.12+dfsg/axml.c:3315:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(partName, buf);
data/raxml-8.2.12+dfsg/axml.c:3321:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outName, workdir);
data/raxml-8.2.12+dfsg/axml.c:3322:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outName, seq_file);
data/raxml-8.2.12+dfsg/axml.c:3325:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outName, buf);
data/raxml-8.2.12+dfsg/axml.c:3368:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outFileName, seq_file);
data/raxml-8.2.12+dfsg/axml.c:3374:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outFileName, tr->partitionData[i].partitionName);
data/raxml-8.2.12+dfsg/axml.c:4448:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4460:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4474:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4489:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4502:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4517:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4536:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4549:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4564:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4588:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4599:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4613:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4627:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4640:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4657:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4671:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4689:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4704:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/axml.c:4787:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->outgroups[count], name);
data/raxml-8.2.12+dfsg/axml.c:4800:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->outgroups[count], name);
data/raxml-8.2.12+dfsg/axml.c:4821:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text[0], "\n\nThis is %s version %s released by Alexandros Stamatakis on %s.\n\n", programName, programVersion, programDate);
data/raxml-8.2.12+dfsg/axml.c:5894:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(quartetGroupingFileName, optarg);
data/raxml-8.2.12+dfsg/axml.c:5934:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(binaryModelParamsInputFileName, optarg);
data/raxml-8.2.12+dfsg/axml.c:5942:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(optarg, "%s", multiStateModel);
data/raxml-8.2.12+dfsg/axml.c:5963:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(optarg, "%s", secondaryModel);
data/raxml-8.2.12+dfsg/axml.c:5996:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(excludeFileName, optarg);
data/raxml-8.2.12+dfsg/axml.c:6025:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if((sscanf(optarg,"%s", aut) > 0) && ((strcmp(aut, "autoFC") == 0) || (strcmp(aut, "autoMR") == 0) ||
data/raxml-8.2.12+dfsg/axml.c:6049:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if((sscanf(optarg,"%s", aut) > 0) && ((strcmp(aut, "MR") == 0) || (strcmp(aut, "MRE") == 0) || (strcmp(aut, "STRICT") == 0) ||
data/raxml-8.2.12+dfsg/axml.c:6073:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if( (sscanf( optarg, "%s", aut) > 0) && optarg[0] == 'T' && optarg[1] == '_')
data/raxml-8.2.12+dfsg/axml.c:6101:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if((sscanf(optarg,"%s", aut) > 0) && ((strcmp(aut, "MR") == 0) || (strcmp(aut, "MRE") == 0)))
data/raxml-8.2.12+dfsg/axml.c:6111:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if((sscanf( optarg, "%s", aut) > 0) && optarg[0] == 'T' && optarg[1] == '_')
data/raxml-8.2.12+dfsg/axml.c:6134:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(proteinModelFileName, optarg);
data/raxml-8.2.12+dfsg/axml.c:6140:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(secondaryStructureFileName, optarg);
data/raxml-8.2.12+dfsg/axml.c:6157:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outgroups, optarg);
data/raxml-8.2.12+dfsg/axml.c:6167:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bootStrapFile, optarg);
data/raxml-8.2.12+dfsg/axml.c:6174:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tree_file, optarg);
data/raxml-8.2.12+dfsg/axml.c:6180:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tree_file, optarg);
data/raxml-8.2.12+dfsg/axml.c:6190:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modelFileName,optarg);
data/raxml-8.2.12+dfsg/axml.c:6194:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(optarg,"%" PRId64, &(adef->parsimonySeed));
data/raxml-8.2.12+dfsg/axml.c:6209:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if((sscanf(optarg,"%s", aut) > 0) && ((strcmp(aut, "autoFC") == 0) || (strcmp(aut, "autoMR") == 0) ||
data/raxml-8.2.12+dfsg/axml.c:6259:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(weightFileName,optarg);
data/raxml-8.2.12+dfsg/axml.c:6263:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(optarg,"%" PRId64, &adef->boot);
data/raxml-8.2.12+dfsg/axml.c:6272:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(optarg,"%" PRId64, &adef->rapidBoot);
data/raxml-8.2.12+dfsg/axml.c:6495:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(run_id,optarg);
data/raxml-8.2.12+dfsg/axml.c:6500:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(resultDir, optarg);
data/raxml-8.2.12+dfsg/axml.c:6504:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tree_file, optarg);
data/raxml-8.2.12+dfsg/axml.c:6509:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_file, optarg);
data/raxml-8.2.12+dfsg/axml.c:6516:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model,optarg);
data/raxml-8.2.12+dfsg/axml.c:7201:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dir, separator);
data/raxml-8.2.12+dfsg/axml.c:7204:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dir, resultDir);
data/raxml-8.2.12+dfsg/axml.c:7207:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dir, separator);
data/raxml-8.2.12+dfsg/axml.c:7208:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(workdir, dir);
data/raxml-8.2.12+dfsg/axml.c:7219:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dir, separator);
data/raxml-8.2.12+dfsg/axml.c:7221:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(workdir, dir);
data/raxml-8.2.12+dfsg/axml.c:7248:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(verboseSplitsFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7249:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(permFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7250:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(resultFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7251:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7252:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(checkpointFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7253:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infoFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7254:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(randomFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7255:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bootstrapFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7256:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bipartitionsFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7257:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bipartitionsFileNameBranchLabels, workdir);
data/raxml-8.2.12+dfsg/axml.c:7258:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(icFileNameBranchLabels, workdir);
data/raxml-8.2.12+dfsg/axml.c:7259:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(icFileNameBranchLabelsUniform, workdir);
data/raxml-8.2.12+dfsg/axml.c:7260:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(icFileNameBranchLabelsStochastic, workdir);
data/raxml-8.2.12+dfsg/axml.c:7261:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ratesFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7262:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lengthFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7263:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lengthFileNameModel, workdir);
data/raxml-8.2.12+dfsg/axml.c:7264:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(perSiteLLsFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7265:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(binaryModelParamsOutputFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7266:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rellBootstrapFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:7267:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesquiteModel, workdir);
data/raxml-8.2.12+dfsg/axml.c:7268:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesquiteTrees, workdir);
data/raxml-8.2.12+dfsg/axml.c:7269:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesquiteMLTrees, workdir);
data/raxml-8.2.12+dfsg/axml.c:7270:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mesquiteMLLikes, workdir);
data/raxml-8.2.12+dfsg/axml.c:7296:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(verboseSplitsFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7297:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(permFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7298:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(resultFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7299:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7300:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(checkpointFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7301:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(infoFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7302:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(randomFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7303:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bootstrapFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7304:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bipartitionsFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7305:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bipartitionsFileNameBranchLabels, run_id);
data/raxml-8.2.12+dfsg/axml.c:7306:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(icFileNameBranchLabels, run_id);
data/raxml-8.2.12+dfsg/axml.c:7307:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(icFileNameBranchLabelsUniform, run_id);
data/raxml-8.2.12+dfsg/axml.c:7308:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(icFileNameBranchLabelsStochastic, run_id);
data/raxml-8.2.12+dfsg/axml.c:7309:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ratesFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7310:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lengthFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7311:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lengthFileNameModel, run_id);
data/raxml-8.2.12+dfsg/axml.c:7312:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(perSiteLLsFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7313:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(binaryModelParamsOutputFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7314:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rellBootstrapFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:7315:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mesquiteModel, run_id);
data/raxml-8.2.12+dfsg/axml.c:7316:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mesquiteTrees, run_id);
data/raxml-8.2.12+dfsg/axml.c:7317:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mesquiteMLTrees, run_id);
data/raxml-8.2.12+dfsg/axml.c:7318:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mesquiteMLLikes, run_id);
data/raxml-8.2.12+dfsg/axml.c:7327:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bootstrapFileNamePID, bootstrapFileName);
data/raxml-8.2.12+dfsg/axml.c:7329:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bootstrapFileNamePID, buf);
data/raxml-8.2.12+dfsg/axml.c:7331:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rellBootstrapFileNamePID, rellBootstrapFileName);
data/raxml-8.2.12+dfsg/axml.c:7333:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rellBootstrapFileNamePID, buf);
data/raxml-8.2.12+dfsg/axml.c:7744:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temporaryFileName, resultFileName);
data/raxml-8.2.12+dfsg/axml.c:7771:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temporaryFileName, treeID);
data/raxml-8.2.12+dfsg/axml.c:7909:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temporaryFileName, logFileName);
data/raxml-8.2.12+dfsg/axml.c:7910:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(checkPoints, checkpointFileName);
data/raxml-8.2.12+dfsg/axml.c:7934:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temporaryFileName, treeID);
data/raxml-8.2.12+dfsg/axml.c:7937:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(checkPoints, treeID);
data/raxml-8.2.12+dfsg/axml.c:7966:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temporaryFileName2, resultFileName);
data/raxml-8.2.12+dfsg/axml.c:7974:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temporaryFileName2, treeID);
data/raxml-8.2.12+dfsg/axml.c:7998:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(checkPoints, treeID);
data/raxml-8.2.12+dfsg/axml.c:8034:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temporaryFileName, randomFileName);
data/raxml-8.2.12+dfsg/axml.c:8036:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temporaryFileName, permFileName);
data/raxml-8.2.12+dfsg/axml.c:8042:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temporaryFileName, treeID);
data/raxml-8.2.12+dfsg/axml.c:8195:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]);
data/raxml-8.2.12+dfsg/axml.c:8199:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]);
data/raxml-8.2.12+dfsg/axml.c:8203:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]);
data/raxml-8.2.12+dfsg/axml.c:10968:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(distanceFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:10970:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(distanceFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:11091:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(integerFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:11093:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(integerFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:11175:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nameList[taxaCount], buffer);
data/raxml-8.2.12+dfsg/axml.c:12353:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(quartetFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:12355:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(quartetFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:12707:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bestTreeFileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:12709:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bestTreeFileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:12848:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:12850:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fileName, tr->nameList[i]);
data/raxml-8.2.12+dfsg/axml.c:12852:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fileName, run_id);
data/raxml-8.2.12+dfsg/axml.c:13205:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rootedTreeFile, workdir);
data/raxml-8.2.12+dfsg/axml.c:13207:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rootedTreeFile, run_id);
data/raxml-8.2.12+dfsg/axml.c:13640:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, workdir);
data/raxml-8.2.12+dfsg/axml.c:13642:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fileName, run_id);
data/raxml-8.2.12+dfsg/bipartitionList.c:1252:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(n, run_id);
data/raxml-8.2.12+dfsg/bipartitionList.c:1476:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, workdir);
data/raxml-8.2.12+dfsg/bipartitionList.c:1478:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fileName, run_id);
data/raxml-8.2.12+dfsg/bipartitionList.c:1480:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fileName, id);
data/raxml-8.2.12+dfsg/bipartitionList.c:1959:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bipFileName, workdir);
data/raxml-8.2.12+dfsg/bipartitionList.c:1961:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bipFileName, run_id);
data/raxml-8.2.12+dfsg/bipartitionList.c:2205:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rfFileName, workdir);
data/raxml-8.2.12+dfsg/bipartitionList.c:2207:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rfFileName, run_id);
data/raxml-8.2.12+dfsg/bipartitionList.c:2898:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rfFileName, workdir);
data/raxml-8.2.12+dfsg/bipartitionList.c:2900:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rfFileName, run_id);
data/raxml-8.2.12+dfsg/bipartitionList.c:4655:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(consensusFileName, workdir);
data/raxml-8.2.12+dfsg/bipartitionList.c:4680:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(consensusFileName, someChar);
data/raxml-8.2.12+dfsg/bipartitionList.c:4686:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(consensusFileName, run_id);
data/raxml-8.2.12+dfsg/classify.c:176:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr,"QUERY___%s:%s", tr->nameList[inserts[i]], branchLength);
data/raxml-8.2.12+dfsg/classify.c:179:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr,"QUERY___%s", tr->nameList[inserts[i]]);
data/raxml-8.2.12+dfsg/classify.c:223:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr, "%s", nameptr);
data/raxml-8.2.12+dfsg/classify.c:241:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr, ":%8.20f[%s]", 0.5 * p->bInf->epa->originalBranchLength, p->bInf->epa->branchLabel);
data/raxml-8.2.12+dfsg/classify.c:283:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr, ":%8.20f[%s", p->bInf->epa->originalBranchLength, p->bInf->epa->branchLabel);
data/raxml-8.2.12+dfsg/classify.c:288:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr, ":%8.20f[%s", 0.5 * p->bInf->epa->originalBranchLength, p->bInf->epa->branchLabel);
data/raxml-8.2.12+dfsg/classify.c:290:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr, ":%8.20f[%s", p->bInf->epa->originalBranchLength, p->bInf->epa->branchLabel);
data/raxml-8.2.12+dfsg/classify.c:2028:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entropyFileName, workdir);
data/raxml-8.2.12+dfsg/classify.c:2029:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jointFormatTreeFileName, workdir);
data/raxml-8.2.12+dfsg/classify.c:2030:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(labelledTreeFileName, workdir);
data/raxml-8.2.12+dfsg/classify.c:2031:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(originalLabelledTreeFileName, workdir);
data/raxml-8.2.12+dfsg/classify.c:2032:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(classificationFileName, workdir);
data/raxml-8.2.12+dfsg/classify.c:2040:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(entropyFileName, run_id);
data/raxml-8.2.12+dfsg/classify.c:2041:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(jointFormatTreeFileName, run_id);
data/raxml-8.2.12+dfsg/classify.c:2042:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(labelledTreeFileName, run_id);
data/raxml-8.2.12+dfsg/classify.c:2043:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(originalLabelledTreeFileName, run_id);
data/raxml-8.2.12+dfsg/classify.c:2044:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(classificationFileName, run_id);
data/raxml-8.2.12+dfsg/classify.c:2104:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(likelihoodWeightsFileName, workdir);
data/raxml-8.2.12+dfsg/classify.c:2106:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(likelihoodWeightsFileName, run_id);
data/raxml-8.2.12+dfsg/classify.c:2497:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(subTreeFileName, workdir);
data/raxml-8.2.12+dfsg/classify.c:2499:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(subTreeFileName, run_id);
data/raxml-8.2.12+dfsg/classify.c:2501:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(subTreeFileName, buf);
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2418:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jointFormatTreeFileName, workdir);
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2419:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(originalLabelledTreeFileName, workdir);
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2420:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(labelledTreeFileName, workdir);
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2421:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(likelihoodWeightsFileName, workdir);
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2428:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(jointFormatTreeFileName, run_id);
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2429:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(originalLabelledTreeFileName, run_id);
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2430:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(labelledTreeFileName, run_id);
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2431:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(likelihoodWeightsFileName, run_id);
data/raxml-8.2.12+dfsg/fastSearch.c:1307:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bestTreeFileName, workdir);
data/raxml-8.2.12+dfsg/fastSearch.c:1309:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bestTreeFileName, run_id);
data/raxml-8.2.12+dfsg/fastSearch.c:1419:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bestTreeFileName, workdir);
data/raxml-8.2.12+dfsg/fastSearch.c:1421:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bestTreeFileName, run_id);
data/raxml-8.2.12+dfsg/fastSearch.c:1430:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(shSupportFileName, workdir);
data/raxml-8.2.12+dfsg/fastSearch.c:1432:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(shSupportFileName, run_id);
data/raxml-8.2.12+dfsg/fastSearch.c:1449:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(shSupportPerPartitionFileName, workdir);
data/raxml-8.2.12+dfsg/fastSearch.c:1451:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(shSupportPerPartitionFileName, run_id);
data/raxml-8.2.12+dfsg/leaveDropping.c:1615:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dropFileName, workdir);
data/raxml-8.2.12+dfsg/leaveDropping.c:1617:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dropFileName, run_id);
data/raxml-8.2.12+dfsg/legacyCode.c:395:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(consensusFileName, workdir);
data/raxml-8.2.12+dfsg/legacyCode.c:412:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(consensusFileName, run_id);
data/raxml-8.2.12+dfsg/legacyCode.c:662:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rfFileName, workdir);
data/raxml-8.2.12+dfsg/legacyCode.c:664:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rfFileName, run_id);
data/raxml-8.2.12+dfsg/multiple.c:492:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sourceName, fileName);
data/raxml-8.2.12+dfsg/multiple.c:502:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temporary, sourceName);
data/raxml-8.2.12+dfsg/multiple.c:503:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temporary, buf);
data/raxml-8.2.12+dfsg/multiple.c:526:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sourceName, fileName);
data/raxml-8.2.12+dfsg/multiple.c:536:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temporary, sourceName);
data/raxml-8.2.12+dfsg/multiple.c:537:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temporary, buf);
data/raxml-8.2.12+dfsg/multiple.c:1168:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bestTreeFileName, workdir);
data/raxml-8.2.12+dfsg/multiple.c:1170:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bestTreeFileName, run_id);
data/raxml-8.2.12+dfsg/multiple.c:1829:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bestTreeFileName, workdir);
data/raxml-8.2.12+dfsg/multiple.c:1831:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bestTreeFileName, run_id);
data/raxml-8.2.12+dfsg/optimizeModel.c:2955:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gtrFileName, workdir);
data/raxml-8.2.12+dfsg/optimizeModel.c:2957:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(gtrFileName, run_id);
data/raxml-8.2.12+dfsg/optimizeModel.c:2965:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(gtrFileName, tr->partitionData[model].partitionName);
data/raxml-8.2.12+dfsg/parsePartitions.c:260:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->initialPartitionData[modelNumber].proteinSubstitutionFileName, fileName);
data/raxml-8.2.12+dfsg/parsePartitions.c:273:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->initialPartitionData[modelNumber].ascFileName, fileName);
data/raxml-8.2.12+dfsg/parsePartitions.c:312:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/parsePartitions.c:326:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/parsePartitions.c:350:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/parsePartitions.c:383:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/parsePartitions.c:397:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/parsePartitions.c:413:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(thisModel, protModels[i]);
data/raxml-8.2.12+dfsg/parsePartitions.c:714:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&(p_names[i][0]), cc);
data/raxml-8.2.12+dfsg/parsePartitions.c:1162:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mfn, secondaryStructureFileName);
data/raxml-8.2.12+dfsg/parsePartitions.c:1164:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mfn, excludeFileName);
data/raxml-8.2.12+dfsg/parsePartitions.c:1191:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mfn, modelFileName);
data/raxml-8.2.12+dfsg/parsePartitions.c:1193:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mfn, excludeFileName);
data/raxml-8.2.12+dfsg/parsePartitions.c:1224:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(AAmodel, protModels[tr->partitionData[i].protModels]);
data/raxml-8.2.12+dfsg/parsePartitions.c:1227:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(AAmodel, protModels[tr->partitionData[i].protModels]);
data/raxml-8.2.12+dfsg/parsePartitions.c:1347:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mfn, seq_file);
data/raxml-8.2.12+dfsg/parsePartitions.c:1349:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mfn, excludeFileName);
data/raxml-8.2.12+dfsg/parsePartitions.c:1651:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(partBuffer[i].partitionName, tr->extendedPartitionData[i].partitionName);
data/raxml-8.2.12+dfsg/parsePartitions.c:1652:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(partBuffer[i].proteinSubstitutionFileName, tr->extendedPartitionData[i].proteinSubstitutionFileName);
data/raxml-8.2.12+dfsg/parsePartitions.c:1653:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(partBuffer[i].ascFileName, tr->extendedPartitionData[i].ascFileName);
data/raxml-8.2.12+dfsg/parsePartitions.c:1669:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->extendedPartitionData[i].partitionName, partBuffer[i].partitionName);
data/raxml-8.2.12+dfsg/parsePartitions.c:1670:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->extendedPartitionData[i].proteinSubstitutionFileName, partBuffer[i].proteinSubstitutionFileName);
data/raxml-8.2.12+dfsg/parsePartitions.c:1671:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tr->extendedPartitionData[i].ascFileName, partBuffer[i].ascFileName);
data/raxml-8.2.12+dfsg/rogueEPA.c:251:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, workdir);
data/raxml-8.2.12+dfsg/rogueEPA.c:253:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fileName, run_id);
data/raxml-8.2.12+dfsg/searchAlgo.c:1308:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(terraceFileName, workdir);
data/raxml-8.2.12+dfsg/searchAlgo.c:1310:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(terraceFileName, run_id);
data/raxml-8.2.12+dfsg/searchAlgo.c:1312:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(terraceFileName, buf);
data/raxml-8.2.12+dfsg/treeIO.c:136:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->word, s);
data/raxml-8.2.12+dfsg/treeIO.c:248:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr, "%s", nameptr);
data/raxml-8.2.12+dfsg/treeIO.c:342:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr, "%s", "\0");
data/raxml-8.2.12+dfsg/treeIO.c:406:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr, "%s", nameptr);
data/raxml-8.2.12+dfsg/treeIO.c:452:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(treestr, "%s", "\0");
data/raxml-8.2.12+dfsg/treeIO.c:680:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(extendedTreeFileName, fileName);
data/raxml-8.2.12+dfsg/treeIO.c:683:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(extendedTreeFileName, buf);
data/raxml-8.2.12+dfsg/axml.c:5666:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc,argv, "R:T:E:N:B:L:P:S:Y:A:G:I:J:K:W:l:x:z:g:r:e:a:b:c:f:i:m:t:w:s:n:o:q:#:p:vudyjhHkMDFQUOVCX", long_options, &option_index/*&optind, &optarg*/);
data/raxml-8.2.12+dfsg/ancestralStates.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char workdir[1024];
data/raxml-8.2.12+dfsg/ancestralStates.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char run_id[128];
data/raxml-8.2.12+dfsg/ancestralStates.c:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char binaryStateNames[2];
data/raxml-8.2.12+dfsg/ancestralStates.c:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char dnaStateNames[4];
data/raxml-8.2.12+dfsg/ancestralStates.c:53:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char protStateNames[20];
data/raxml-8.2.12+dfsg/ancestralStates.c:54:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char genericStateNames[32];
data/raxml-8.2.12+dfsg/ancestralStates.c:1046:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(unsortedA[unsorted].probs, a[sorted].probs, sizeof(double) * (size_t)a[sorted].states);
data/raxml-8.2.12+dfsg/ancestralStates.c:1093:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, "%d", p->number);
data/raxml-8.2.12+dfsg/ancestralStates.c:1110:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, "ROOT");
data/raxml-8.2.12+dfsg/ancestralStates.c:1126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/ancestralStates.c:1144:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ancestralProbsFileName, "RAxML_marginalAncestralProbabilities.");
data/raxml-8.2.12+dfsg/ancestralStates.c:1145:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ancestralStatesFileName, "RAxML_marginalAncestralStates.");
data/raxml-8.2.12+dfsg/ancestralStates.c:1146:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(treeFileName, "RAxML_nodeLabelledRootedTree.");
data/raxml-8.2.12+dfsg/axml.c:469:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename,"rb");
data/raxml-8.2.12+dfsg/axml.c:485:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, mode);
data/raxml-8.2.12+dfsg/axml.c:1119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:1122:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/axml.c:1454:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:1457:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/axml.c:1866:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tr->initialPartitionData[0].partitionName, "No Name Provided");
data/raxml-8.2.12+dfsg/axml.c:1925:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->extendedDataVector, tr->initialDataVector, (rdta->sites + 1) * sizeof(int));
data/raxml-8.2.12+dfsg/axml.c:2019:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char
data/raxml-8.2.12+dfsg/axml.c:2022:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char
data/raxml-8.2.12+dfsg/axml.c:2025:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/axml.c:2102:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char
data/raxml-8.2.12+dfsg/axml.c:2105:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char
data/raxml-8.2.12+dfsg/axml.c:2108:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/axml.c:2545:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yBUF, y, ((size_t)rdta->numsp) * ((size_t)cdta->endsite) * sizeof(unsigned char));
data/raxml-8.2.12+dfsg/axml.c:2619:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->originalModel, tr->model, cdta->endsite * sizeof(int));
data/raxml-8.2.12+dfsg/axml.c:2620:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->originalDataVector, tr->dataVector, cdta->endsite * sizeof(int));
data/raxml-8.2.12+dfsg/axml.c:2621:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->originalWeights, tr->cdta->aliaswgt, cdta->endsite * sizeof(int));
data/raxml-8.2.12+dfsg/axml.c:2781:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char noDupFile[2048];
data/raxml-8.2.12+dfsg/axml.c:2782:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char noDupModels[2048];
data/raxml-8.2.12+dfsg/axml.c:2783:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char noDupSecondary[2048];
data/raxml-8.2.12+dfsg/axml.c:2805:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(noDupFile, ".reduced");
data/raxml-8.2.12+dfsg/axml.c:2808:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(noDupModels, ".reduced");
data/raxml-8.2.12+dfsg/axml.c:2811:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(noDupSecondary, ".reduced");
data/raxml-8.2.12+dfsg/axml.c:2878:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:2885:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(AAmodel, "ASC_");
data/raxml-8.2.12+dfsg/axml.c:3121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:3128:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(AAmodel, "ASC_");
data/raxml-8.2.12+dfsg/axml.c:3275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outName[1024], partName[1024], buf[16];
data/raxml-8.2.12+dfsg/axml.c:3313:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(partName, ".BS");
data/raxml-8.2.12+dfsg/axml.c:3314:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/raxml-8.2.12+dfsg/axml.c:3323:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outName, ".BS");
data/raxml-8.2.12+dfsg/axml.c:3324:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/raxml-8.2.12+dfsg/axml.c:3362:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outFileName[2048];
data/raxml-8.2.12+dfsg/axml.c:3375:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outFileName, ".phy");
data/raxml-8.2.12+dfsg/axml.c:3754:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:4447:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTCAT");
data/raxml-8.2.12+dfsg/axml.c:4459:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTCAT");
data/raxml-8.2.12+dfsg/axml.c:4473:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTCAT");
data/raxml-8.2.12+dfsg/axml.c:4488:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTCATI");
data/raxml-8.2.12+dfsg/axml.c:4501:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTCATI");
data/raxml-8.2.12+dfsg/axml.c:4516:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTCATI");
data/raxml-8.2.12+dfsg/axml.c:4535:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "ASC_PROTCAT");
data/raxml-8.2.12+dfsg/axml.c:4548:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "ASC_PROTCAT");
data/raxml-8.2.12+dfsg/axml.c:4563:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "ASC_PROTCAT");
data/raxml-8.2.12+dfsg/axml.c:4587:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTGAMMA");
data/raxml-8.2.12+dfsg/axml.c:4598:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "ASC_PROTGAMMA");
data/raxml-8.2.12+dfsg/axml.c:4612:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTGAMMAI");
data/raxml-8.2.12+dfsg/axml.c:4626:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTGAMMA");
data/raxml-8.2.12+dfsg/axml.c:4639:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "ASC_PROTGAMMA");
data/raxml-8.2.12+dfsg/axml.c:4656:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTGAMMA");
data/raxml-8.2.12+dfsg/axml.c:4670:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "ASC_PROTGAMMA");
data/raxml-8.2.12+dfsg/axml.c:4688:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTGAMMAI");
data/raxml-8.2.12+dfsg/axml.c:4703:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "PROTGAMMAI");
data/raxml-8.2.12+dfsg/axml.c:4760:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[nmlngth];
data/raxml-8.2.12+dfsg/axml.c:4815:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:4822:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text[1], "With greatly appreciated code contributions by:\n");
data/raxml-8.2.12+dfsg/axml.c:4823:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text[2], "Andre Aberer (HITS)\n");
data/raxml-8.2.12+dfsg/axml.c:4824:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text[3], "Simon Berger (HITS)\n");
data/raxml-8.2.12+dfsg/axml.c:4825:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text[4], "Alexey Kozlov (HITS)\n");
data/raxml-8.2.12+dfsg/axml.c:4826:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text[5], "Kassian Kobert (HITS)\n");
data/raxml-8.2.12+dfsg/axml.c:4827:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text[6], "David Dao (KIT and HITS)\n");
data/raxml-8.2.12+dfsg/axml.c:4828:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text[7], "Sarah Lutteropp (KIT and HITS)\n");
data/raxml-8.2.12+dfsg/axml.c:4829:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text[8], "Nick Pattengale (Sandia)\n");
data/raxml-8.2.12+dfsg/axml.c:4830:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text[9], "Wayne Pfeiffer (SDSC)\n");
data/raxml-8.2.12+dfsg/axml.c:4831:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text[10], "Akifumi S. Tanabe (NRIFS)\n");
data/raxml-8.2.12+dfsg/axml.c:4832:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text[11], "Charlie Taylor (UF)\n\n");
data/raxml-8.2.12+dfsg/axml.c:5497:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void analyzeRunId(char id[128])
data/raxml-8.2.12+dfsg/axml.c:5534:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:5696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:5746:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:5938:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *modelList[3] = { "ORDERED", "MK", "GTR"};
data/raxml-8.2.12+dfsg/axml.c:5959:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *modelList[21] = { "S6A", "S6B", "S6C", "S6D", "S6E", "S7A", "S7B", "S7C", "S7D", "S7E", "S7F", "S16", "S16A", "S16B", "S16C",
data/raxml-8.2.12+dfsg/axml.c:7193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:7212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:7272:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(verboseSplitsFileName, "RAxML_verboseSplits.");
data/raxml-8.2.12+dfsg/axml.c:7273:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(permFileName, "RAxML_parsimonyTree.");
data/raxml-8.2.12+dfsg/axml.c:7274:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(resultFileName, "RAxML_result.");
data/raxml-8.2.12+dfsg/axml.c:7275:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logFileName, "RAxML_log.");
data/raxml-8.2.12+dfsg/axml.c:7276:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(checkpointFileName, "RAxML_checkpoint.");
data/raxml-8.2.12+dfsg/axml.c:7277:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(infoFileName, "RAxML_info.");
data/raxml-8.2.12+dfsg/axml.c:7278:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(randomFileName, "RAxML_randomTree.");
data/raxml-8.2.12+dfsg/axml.c:7279:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bootstrapFileName, "RAxML_bootstrap.");
data/raxml-8.2.12+dfsg/axml.c:7280:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bipartitionsFileName, "RAxML_bipartitions.");
data/raxml-8.2.12+dfsg/axml.c:7281:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bipartitionsFileNameBranchLabels, "RAxML_bipartitionsBranchLabels.");
data/raxml-8.2.12+dfsg/axml.c:7282:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(icFileNameBranchLabels, "RAxML_IC_Score_BranchLabels.");
data/raxml-8.2.12+dfsg/axml.c:7283:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(icFileNameBranchLabelsStochastic, "RAxML_Corrected_Probabilistic_IC_Score_BranchLabels.");
data/raxml-8.2.12+dfsg/axml.c:7284:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(icFileNameBranchLabelsUniform, "RAxML_Corrected_Lossless_IC_Score_BranchLabels.");
data/raxml-8.2.12+dfsg/axml.c:7285:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ratesFileName, "RAxML_perSiteRates.");
data/raxml-8.2.12+dfsg/axml.c:7286:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lengthFileName, "RAxML_treeLength.");
data/raxml-8.2.12+dfsg/axml.c:7287:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lengthFileNameModel, "RAxML_treeLengthModel.");
data/raxml-8.2.12+dfsg/axml.c:7288:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(perSiteLLsFileName, "RAxML_perSiteLLs.");
data/raxml-8.2.12+dfsg/axml.c:7289:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(binaryModelParamsOutputFileName, "RAxML_binaryModelParameters.");
data/raxml-8.2.12+dfsg/axml.c:7290:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rellBootstrapFileName, "RAxML_rellBootstrap.");
data/raxml-8.2.12+dfsg/axml.c:7291:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mesquiteModel, "RAxML_mesquiteModel.");
data/raxml-8.2.12+dfsg/axml.c:7292:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mesquiteTrees, "RAxML_mesquiteTrees.");
data/raxml-8.2.12+dfsg/axml.c:7293:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mesquiteMLTrees, "RAxML_mesquite_ML_Trees.");
data/raxml-8.2.12+dfsg/axml.c:7294:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mesquiteMLLikes, "RAxML_mesquite_ML_Likes.");
data/raxml-8.2.12+dfsg/axml.c:7322:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:7325:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", processID);
data/raxml-8.2.12+dfsg/axml.c:7328:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bootstrapFileNamePID, ".PID.");
data/raxml-8.2.12+dfsg/axml.c:7332:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rellBootstrapFileNamePID, ".PID.");
data/raxml-8.2.12+dfsg/axml.c:7416:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modelType[128];
data/raxml-8.2.12+dfsg/axml.c:7421:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelType, "GAMMA+P-Invar");
data/raxml-8.2.12+dfsg/axml.c:7423:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelType, "GAMMA");
data/raxml-8.2.12+dfsg/axml.c:7573:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char treeType[1024];
data/raxml-8.2.12+dfsg/axml.c:7576:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(treeType, "user-specified");
data/raxml-8.2.12+dfsg/axml.c:7580:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(treeType, "distinct complete random");
data/raxml-8.2.12+dfsg/axml.c:7582:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(treeType, "distinct randomized MP");
data/raxml-8.2.12+dfsg/axml.c:7621:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:7742:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temporaryFileName[1024] = "", treeID[64] = "";
data/raxml-8.2.12+dfsg/axml.c:7769:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treeID, "%d", tr->treeID);
data/raxml-8.2.12+dfsg/axml.c:7770:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temporaryFileName, ".RUN.");
data/raxml-8.2.12+dfsg/axml.c:7903:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temporaryFileName[1024] = "", checkPoints[1024] = "", treeID[64] = "";
data/raxml-8.2.12+dfsg/axml.c:7932:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treeID, "%d", tr->treeID);
data/raxml-8.2.12+dfsg/axml.c:7933:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temporaryFileName, ".RUN.");
data/raxml-8.2.12+dfsg/axml.c:7936:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(checkPoints, ".RUN.");
data/raxml-8.2.12+dfsg/axml.c:7953:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:7970:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:7972:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treeID, "%d", tr->treeID);
data/raxml-8.2.12+dfsg/axml.c:7973:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temporaryFileName2, ".RUN.");
data/raxml-8.2.12+dfsg/axml.c:7997:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treeID, "%d", tr->checkPointCounter);
data/raxml-8.2.12+dfsg/axml.c:8029:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temporaryFileName[1024] = "", treeID[64] = "";
data/raxml-8.2.12+dfsg/axml.c:8040:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treeID, "%d", tr->treeID);
data/raxml-8.2.12+dfsg/axml.c:8041:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temporaryFileName, ".RUN.");
data/raxml-8.2.12+dfsg/axml.c:8070:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modelType[128];
data/raxml-8.2.12+dfsg/axml.c:8075:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelType, "GAMMA+P-Invar");
data/raxml-8.2.12+dfsg/axml.c:8078:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelType, "GAMMA");
data/raxml-8.2.12+dfsg/axml.c:8081:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modelType, "CAT");
data/raxml-8.2.12+dfsg/axml.c:8180:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void getDataTypeString(tree *tr, int model, char typeOfData[1024])
data/raxml-8.2.12+dfsg/axml.c:8185:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(typeOfData,"AA");
data/raxml-8.2.12+dfsg/axml.c:8188:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(typeOfData,"DNA");
data/raxml-8.2.12+dfsg/axml.c:8191:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(typeOfData,"BINARY/MORPHOLOGICAL");
data/raxml-8.2.12+dfsg/axml.c:8194:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(typeOfData,"SECONDARY 16 STATE MODEL USING ");
data/raxml-8.2.12+dfsg/axml.c:8198:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(typeOfData,"SECONDARY 6 STATE MODEL USING ");
data/raxml-8.2.12+dfsg/axml.c:8202:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(typeOfData,"SECONDARY 7 STATE MODEL USING ");
data/raxml-8.2.12+dfsg/axml.c:8206:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(typeOfData,"Multi-State");
data/raxml-8.2.12+dfsg/axml.c:8209:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(typeOfData,"Codon");
data/raxml-8.2.12+dfsg/axml.c:8230:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typeOfData[1024];
data/raxml-8.2.12+dfsg/axml.c:8258:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *freqNames[20] = {"A", "R", "N","D", "C", "Q", "E", "G",
data/raxml-8.2.12+dfsg/axml.c:8295:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *freqNames[32] = {"0", "1", "2", "3", "4", "5", "6", "7",
data/raxml-8.2.12+dfsg/axml.c:8310:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *freqNames[4] = {"A", "C", "G", "T"};
data/raxml-8.2.12+dfsg/axml.c:8319:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *freqNames[6] = {"AU", "CG", "GC", "GU", "UA", "UG"};
data/raxml-8.2.12+dfsg/axml.c:8328:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *freqNames[7] = {"AU", "CG", "GC", "GU", "UA", "UG", "REST"};
data/raxml-8.2.12+dfsg/axml.c:8337:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *freqNames[16] = {"AA", "AC", "AG", "AU", "CA", "CC", "CG", "CU",
data/raxml-8.2.12+dfsg/axml.c:8347:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *freqNames[2] = {"0", "1"};
data/raxml-8.2.12+dfsg/axml.c:9051:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EIGN_LG4[k], tr->partitionData[model].EIGN_LG4[k], pl->eignLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9052:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].rawEIGN_LG4[k], tr->partitionData[model].rawEIGN_LG4[k], pl->eignLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9053:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EV_LG4[k], tr->partitionData[model].EV_LG4[k], pl->evLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9054:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EI_LG4[k], tr->partitionData[model].EI_LG4[k], pl->eiLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9055:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].substRates_LG4[k], tr->partitionData[model].substRates_LG4[k], pl->substRatesLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9056:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].frequencies_LG4[k], tr->partitionData[model].frequencies_LG4[k], pl->frequenciesLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9057:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].tipVector_LG4[k], tr->partitionData[model].tipVector_LG4[k], pl->tipVectorLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9110:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->executeModel, tr->executeModel, sizeof(boolean) * localTree->NumberOfModels);
data/raxml-8.2.12+dfsg/axml.c:9131:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->coreLZ, tr->coreLZ, sizeof(double) * localTree->numBranches);
data/raxml-8.2.12+dfsg/axml.c:9132:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->executeModel, tr->executeModel, sizeof(boolean) * localTree->NumberOfModels);
data/raxml-8.2.12+dfsg/axml.c:9167:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->coreLZ, tr->coreLZ, sizeof(double) * localTree->numBranches);
data/raxml-8.2.12+dfsg/axml.c:9168:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->executeModel, tr->executeModel, sizeof(boolean) * localTree->NumberOfModels);
data/raxml-8.2.12+dfsg/axml.c:9200:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EIGN, tr->partitionData[model].EIGN, pl->eignLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9201:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EV, tr->partitionData[model].EV, pl->evLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9202:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EI, tr->partitionData[model].EI, pl->eiLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9203:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].tipVector, tr->partitionData[model].tipVector, pl->tipVectorLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9212:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->executeModel, tr->executeModel, localTree->NumberOfModels * sizeof(boolean));
data/raxml-8.2.12+dfsg/axml.c:9218:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EIGN, tr->partitionData[model].EIGN, pl->eignLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9219:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EV, tr->partitionData[model].EV, pl->evLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9220:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EI, tr->partitionData[model].EI, pl->eiLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9221:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].tipVector, tr->partitionData[model].tipVector, pl->tipVectorLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9251:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4);
data/raxml-8.2.12+dfsg/axml.c:9258:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->executeModel, tr->executeModel, localTree->NumberOfModels * sizeof(boolean));
data/raxml-8.2.12+dfsg/axml.c:9262:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4);
data/raxml-8.2.12+dfsg/axml.c:9287:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4);
data/raxml-8.2.12+dfsg/axml.c:9295:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->executeModel, tr->executeModel, localTree->NumberOfModels * sizeof(boolean));
data/raxml-8.2.12+dfsg/axml.c:9297:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4);
data/raxml-8.2.12+dfsg/axml.c:9324:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EIGN, tr->partitionData[model].EIGN, pl->eignLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9325:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EV, tr->partitionData[model].EV, pl->evLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9326:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EI, tr->partitionData[model].EI, pl->eiLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9327:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].substRates, tr->partitionData[model].substRates, pl->substRatesLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9328:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].frequencies, tr->partitionData[model].frequencies, pl->frequenciesLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9329:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].tipVector, tr->partitionData[model].tipVector, pl->tipVectorLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9333:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4);
data/raxml-8.2.12+dfsg/axml.c:9349:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EIGN, tr->partitionData[model].EIGN, pl->eignLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9350:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EV, tr->partitionData[model].EV, pl->evLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9351:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EI, tr->partitionData[model].EI, pl->eiLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9352:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].substRates, tr->partitionData[model].substRates, pl->substRatesLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9353:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].frequencies, tr->partitionData[model].frequencies, pl->frequenciesLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9354:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].tipVector, tr->partitionData[model].tipVector, pl->tipVectorLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9358:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].weights, tr->partitionData[model].weights, sizeof(double) * 4);
data/raxml-8.2.12+dfsg/axml.c:9359:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4);
data/raxml-8.2.12+dfsg/axml.c:9369:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].invariableFrequencies, tr->partitionData[model].invariableFrequencies, pl->states * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9466:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EIGN, tr->partitionData[model].EIGN, pl->eignLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9467:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EV, tr->partitionData[model].EV, pl->evLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9468:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EI, tr->partitionData[model].EI, pl->eiLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9469:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].substRates, tr->partitionData[model].substRates, pl->substRatesLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9470:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].frequencies, tr->partitionData[model].frequencies, pl->frequenciesLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9471:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].tipVector, tr->partitionData[model].tipVector, pl->tipVectorLength * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:9492:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionContributions, tr->partitionContributions, sizeof(double) * localTree->NumberOfModels);
data/raxml-8.2.12+dfsg/axml.c:9500:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->readPartition, tr->readPartition, sizeof(int) * (size_t)localTree->numberOfTipsForInsertion);
data/raxml-8.2.12+dfsg/axml.c:9515:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->contiguousWgt , tr->cdta->aliaswgt, sizeof(int) * localTree->contiguousScalingLength);
data/raxml-8.2.12+dfsg/axml.c:9516:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->contiguousInvariant , tr->invariant, sizeof(int) * localTree->contiguousScalingLength);
data/raxml-8.2.12+dfsg/axml.c:9525:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->contiguousRateCategory, tr->cdta->rateCategory, sizeof(int) * localTree->contiguousScalingLength);
data/raxml-8.2.12+dfsg/axml.c:9647:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&leftContigousVector[globalCount], &leftStridedVector[localCount], sizeof(double) * blockRequirements);
data/raxml-8.2.12+dfsg/axml.c:9653:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rightContigousVector[globalCount], &rightStridedVector[localCount], sizeof(double) * blockRequirements);
data/raxml-8.2.12+dfsg/axml.c:9997:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&contigousVector[globalCount], &stridedVector[localCount], sizeof(double) * blockRequirements);
data/raxml-8.2.12+dfsg/axml.c:10014:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->executeModel, tr->executeModel, localTree->NumberOfModels * sizeof(boolean));
data/raxml-8.2.12+dfsg/axml.c:10041:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].weights, tr->partitionData[model].weights, sizeof(double) * 4);
data/raxml-8.2.12+dfsg/axml.c:10042:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4);
data/raxml-8.2.12+dfsg/axml.c:10049:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->executeModel, tr->executeModel, localTree->NumberOfModels * sizeof(boolean));
data/raxml-8.2.12+dfsg/axml.c:10053:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].weights, tr->partitionData[model].weights, sizeof(double) * 4);
data/raxml-8.2.12+dfsg/axml.c:10054:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4);
data/raxml-8.2.12+dfsg/axml.c:10082:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EIGN_LG4[0], tr->partitionData[model].EIGN_LG4[0], sizeof(double) * 19);
data/raxml-8.2.12+dfsg/axml.c:10083:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EIGN_LG4[1], tr->partitionData[model].EIGN_LG4[1], sizeof(double) * 19);
data/raxml-8.2.12+dfsg/axml.c:10084:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EIGN_LG4[2], tr->partitionData[model].EIGN_LG4[2], sizeof(double) * 19);
data/raxml-8.2.12+dfsg/axml.c:10085:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localTree->partitionData[model].EIGN_LG4[3], tr->partitionData[model].EIGN_LG4[3], sizeof(double) * 19);
data/raxml-8.2.12+dfsg/axml.c:10395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bestVector, tr->perSiteLL, tr->cdta->endsite * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:10750:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalRateCategories, tr->cdta->rateCategory, sizeof(int) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/axml.c:10751:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalInvariant, tr->invariant, sizeof(int) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/axml.c:10963:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char distanceFileName[1024];
data/raxml-8.2.12+dfsg/axml.c:10969:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(distanceFileName, "RAxML_distances.");
data/raxml-8.2.12+dfsg/axml.c:11047:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:11067:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reference, tr->perSiteLL, tr->cdta->endsite * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:11092:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(integerFileName, "RAxML_weights.");
data/raxml-8.2.12+dfsg/axml.c:11129:82: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void extractTaxaFromTopology(tree *tr, rawdata *rdta, cruncheddata *cdta, char fileName[1024])
data/raxml-8.2.12+dfsg/axml.c:11134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:11394:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(binaryModelParamsInputFileName, "r");
data/raxml-8.2.12+dfsg/axml.c:11424:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:11539:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bits_in_16bits [0x1u << 16];
data/raxml-8.2.12+dfsg/axml.c:11755:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void groupingParser(char *quartetGroupFileName, int *groups[4], int groupSize[4], tree *tr)
data/raxml-8.2.12+dfsg/axml.c:12340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:12354:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(quartetFileName, "RAxML_quartets.");
data/raxml-8.2.12+dfsg/axml.c:12681:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:12708:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bestTreeFileName, "RAxML_bestTree.");
data/raxml-8.2.12+dfsg/axml.c:12797:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bestVector, tr->perSiteLL, tr->cdta->endsite * sizeof(double));
data/raxml-8.2.12+dfsg/axml.c:12845:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:12849:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fileName, "RAxML_ancestralTest.");
data/raxml-8.2.12+dfsg/axml.c:12863:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attachmentBranch, p->z, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12864:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(leftBranch, l->z, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12865:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rightBranch, r->z, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12875:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->z, attachmentBranch, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12876:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->back->z, attachmentBranch, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12891:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->z, attachmentBranch, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12892:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->back->z, attachmentBranch, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12893:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(l->z, leftBranch, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12894:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(l->back->z, leftBranch, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12909:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->z, attachmentBranch, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12910:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->back->z, attachmentBranch, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12911:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->z, rightBranch, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:12912:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->back->z, rightBranch, sizeof(double) * NUM_BRANCHES);
data/raxml-8.2.12+dfsg/axml.c:13190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:13206:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rootedTreeFile, "RAxML_rootedTree.");
data/raxml-8.2.12+dfsg/axml.c:13564:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/axml.c:13641:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fileName, "RAxML_stolenBranchLengths.");
data/raxml-8.2.12+dfsg/axml.h:473:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char branchLabel[64];
data/raxml-8.2.12+dfsg/axml.h:614:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proteinSubstitutionFileName[2048];
data/raxml-8.2.12+dfsg/axml.h:615:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascFileName[2048];
data/raxml-8.2.12+dfsg/axml.h:1214:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void ascertainmentBiasSequence(unsigned char tip[32], int numStates, int dataType, int nodeNumber);
data/raxml-8.2.12+dfsg/axml.h:1220:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void getDataTypeString(tree *tr, int model, char typeOfData[1024]);
data/raxml-8.2.12+dfsg/bipartitionList.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char run_id[128];
data/raxml-8.2.12+dfsg/bipartitionList.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char workdir[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char bootStrapFile[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:66:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tree_file[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:67:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char infoFileName[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:68:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char resultFileName[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char verboseSplitsFileName[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:70:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char bipartitionsFileNameBranchLabels[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:71:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char icFileNameBranchLabelsStochastic[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char icFileNameBranchLabelsUniform[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char icFileNameBranchLabels[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:450:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:525:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:544:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:595:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:614:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:672:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:701:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:984:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:998:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:1248:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/bipartitionList.c:1251:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(n, "trace.");
data/raxml-8.2.12+dfsg/bipartitionList.c:1255:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*f = fopen(n, "a");
data/raxml-8.2.12+dfsg/bipartitionList.c:1471:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/bipartitionList.c:1475:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%d", counter);
data/raxml-8.2.12+dfsg/bipartitionList.c:1477:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fileName, "RAxML_verboseIC.");
data/raxml-8.2.12+dfsg/bipartitionList.c:1647:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/bipartitionList.c:1896:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bipFileName[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:1960:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bipFileName, "RAxML_bipartitionFrequencies.");
data/raxml-8.2.12+dfsg/bipartitionList.c:2050:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rfFileName[1024];
data/raxml-8.2.12+dfsg/bipartitionList.c:2206:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rfFileName, "RAxML_RF-Distances.");
data/raxml-8.2.12+dfsg/bipartitionList.c:2345:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:2356:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:2885:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/bipartitionList.c:2899:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rfFileName, "RAxML_RF-Distances.");
data/raxml-8.2.12+dfsg/bipartitionList.c:4561:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/bipartitionList.c:4661:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(consensusFileName, "RAxML_MajorityRuleConsensusTree_IC.");
data/raxml-8.2.12+dfsg/bipartitionList.c:4663:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(consensusFileName, "RAxML_MajorityRuleConsensusTree.");
data/raxml-8.2.12+dfsg/bipartitionList.c:4667:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(consensusFileName, "RAxML_MajorityRuleExtendedConsensusTree_IC.");
data/raxml-8.2.12+dfsg/bipartitionList.c:4669:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(consensusFileName, "RAxML_MajorityRuleExtendedConsensusTree.");
data/raxml-8.2.12+dfsg/bipartitionList.c:4673:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(consensusFileName, "RAxML_StrictConsensusTree.");
data/raxml-8.2.12+dfsg/bipartitionList.c:4677:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(someChar, "RAxML_Threshold-%d-ConsensusTree_IC.", tr->consensusUserThreshold);
data/raxml-8.2.12+dfsg/bipartitionList.c:4679:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(someChar, "RAxML_Threshold-%d-ConsensusTree.", tr->consensusUserThreshold);
data/raxml-8.2.12+dfsg/bipartitionList.c:4862:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->bitMasks[b->entries], mask, sizeof(unsigned int) * (size_t)vLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:4879:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->bitMasks[b->entries], mask, sizeof(unsigned int) * (size_t)vLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:4989:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * (size_t)vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:4990:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->taxonMask, mask, sizeof(unsigned int) * (size_t)vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:5013:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->bitVector, bitVector, sizeof(unsigned int) * (size_t)vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:5014:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->taxonMask, mask, sizeof(unsigned int) * (size_t)vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:5075:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(correctedVector, toInsert, sizeof(unsigned int) * (size_t)vectorLength);
data/raxml-8.2.12+dfsg/bipartitionList.c:5700:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bipCopy, refBip, sizeof(unsigned int) * (size_t)vLength);
data/raxml-8.2.12+dfsg/classify.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char workdir[1024];
data/raxml-8.2.12+dfsg/classify.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char run_id[128];
data/raxml-8.2.12+dfsg/classify.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char bootStrapFile[1024];
data/raxml-8.2.12+dfsg/classify.c:172:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/classify.c:175:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(branchLength, "%f", bInf->epa->branches[i]);
data/raxml-8.2.12+dfsg/classify.c:190:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr,"):0.0,");
data/raxml-8.2.12+dfsg/classify.c:255:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f{%d", p->bInf->epa->originalBranchLength * 0.5, p->bInf->epa->jointLabel);
data/raxml-8.2.12+dfsg/classify.c:262:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f{%d", p->bInf->epa->originalBranchLength * 0.5, tr->numberOfBranches);
data/raxml-8.2.12+dfsg/classify.c:266:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f{%d", p->bInf->epa->originalBranchLength, p->bInf->epa->jointLabel);
data/raxml-8.2.12+dfsg/classify.c:275:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f{%d,%d", p->bInf->epa->originalBranchLength,
data/raxml-8.2.12+dfsg/classify.c:278:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f{%d", p->bInf->epa->originalBranchLength,
data/raxml-8.2.12+dfsg/classify.c:1880:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/classify.c:1966:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tr->bInf[i].epa->branchLabel, "I%d", i);
data/raxml-8.2.12+dfsg/classify.c:2034:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(entropyFileName, "RAxML_entropy.");
data/raxml-8.2.12+dfsg/classify.c:2035:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(jointFormatTreeFileName, "RAxML_portableTree.");
data/raxml-8.2.12+dfsg/classify.c:2036:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(labelledTreeFileName, "RAxML_labelledTree.");
data/raxml-8.2.12+dfsg/classify.c:2037:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(originalLabelledTreeFileName, "RAxML_originalLabelledTree.");
data/raxml-8.2.12+dfsg/classify.c:2038:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(classificationFileName, "RAxML_classification.");
data/raxml-8.2.12+dfsg/classify.c:2046:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(jointFormatTreeFileName, ".jplace");
data/raxml-8.2.12+dfsg/classify.c:2101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/classify.c:2105:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(likelihoodWeightsFileName, "RAxML_classificationLikelihoodWeights.");
data/raxml-8.2.12+dfsg/classify.c:2490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/classify.c:2495:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", subTreeIndex);
data/raxml-8.2.12+dfsg/classify.c:2498:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(subTreeFileName, "RAxML_subtreePlacement.");
data/raxml-8.2.12+dfsg/classify.c:2502:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(subTreeFileName, ".jplace");
data/raxml-8.2.12+dfsg/classify.c:2636:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tr->bInf[i].epa->branchLabel, "I%d", i);
data/raxml-8.2.12+dfsg/classify.c:2698:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/evaluateGenericSpecial.c:57:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ascertainmentBiasSequence(unsigned char tip[32], int numStates, int dataType, int nodeNumber)
data/raxml-8.2.12+dfsg/evaluateGenericSpecial.c:285:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/evaluateGenericSpecial.c:397:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:103:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char workdir[1024];
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:104:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char run_id[128];
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2398:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tr->bInf[i].epa->branchLabel, "I%d", i);
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2423:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(jointFormatTreeFileName, "RAxML_portableTree.");
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2424:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(originalLabelledTreeFileName, "RAxML_originalLabelledTree.");
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2425:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(labelledTreeFileName, "RAxML_labelledTree.");
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2426:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(likelihoodWeightsFileName, "RAxML_equallyParsimoniousPlacements.");
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2433:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(jointFormatTreeFileName, ".jplace");
data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2572:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
treeFile = fopen(labelledTreeFileName, "wb");
data/raxml-8.2.12+dfsg/fastSearch.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char permFileName[1024], resultFileName[1024],
data/raxml-8.2.12+dfsg/fastSearch.c:918:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lhVectors[0], tr->perSiteLL, sizeof(double) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/fastSearch.c:948:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lhVectors[1], tr->perSiteLL, sizeof(double) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/fastSearch.c:981:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lhVectors[2], tr->perSiteLL, sizeof(double) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/fastSearch.c:1205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/fastSearch.c:1308:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bestTreeFileName, "RAxML_fastTree.");
data/raxml-8.2.12+dfsg/fastSearch.c:1337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/fastSearch.c:1420:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bestTreeFileName, "RAxML_fastTree.");
data/raxml-8.2.12+dfsg/fastSearch.c:1431:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(shSupportFileName, "RAxML_fastTreeSH_Support.");
data/raxml-8.2.12+dfsg/fastSearch.c:1446:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/fastSearch.c:1450:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(shSupportPerPartitionFileName, "RAxML_fastTree_perPartition_SH_Support.");
data/raxml-8.2.12+dfsg/globalVariables.h:44:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char run_id[128] = "",
data/raxml-8.2.12+dfsg/globalVariables.h:86:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *protModels[NUM_PROT_MODELS] = {"DAYHOFF", "DCMUT", "JTT", "MTREV", "WAG", "RTREV", "CPREV", "VT",
data/raxml-8.2.12+dfsg/globalVariables.h:90:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char binaryStateNames[2] = {'0', '1'};
data/raxml-8.2.12+dfsg/globalVariables.h:91:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char dnaStateNames[4] = {'A', 'C', 'G', 'T'};
data/raxml-8.2.12+dfsg/globalVariables.h:92:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char protStateNames[20] = {'A','R', 'N', 'D', 'C', 'Q', 'E', 'G', 'H',
data/raxml-8.2.12+dfsg/globalVariables.h:95:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char genericStateNames[32] = {'0', '1', '2', '3', '4', '5', '6', '7',
data/raxml-8.2.12+dfsg/globalVariables.h:100:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char inverseMeaningBINARY[4] = {'_', '0', '1', '-'};
data/raxml-8.2.12+dfsg/globalVariables.h:101:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char inverseMeaningDNA[16] = {'_', 'A', 'C', 'M', 'G', 'R', 'S', 'V', 'T', 'W', 'Y', 'H', 'K', 'D', 'B', '-'};
data/raxml-8.2.12+dfsg/globalVariables.h:102:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char inverseMeaningPROT[23] = {'A','R', 'N', 'D', 'C', 'Q', 'E', 'G', 'H', 'I', 'L', 'K', 'M', 'F', 'P', 'S',
data/raxml-8.2.12+dfsg/globalVariables.h:104:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char inverseMeaningGeneric32[33] = {'0', '1', '2', '3', '4', '5', '6', '7',
data/raxml-8.2.12+dfsg/globalVariables.h:109:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char inverseMeaningGeneric64[33] = {'0', '1', '2', '3', '4', '5', '6', '7',
data/raxml-8.2.12+dfsg/globalVariables.h:165:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *secondaryModelList[21] = { "S6A (GTR)", "S6B", "S6C", "S6D", "S6E", "S7A (GTR)", "S7B", "S7C", "S7D", "S7E", "S7F", "S16 (GTR)", "S16A", "S16B", "S16C",
data/raxml-8.2.12+dfsg/leaveDropping.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char run_id[128];
data/raxml-8.2.12+dfsg/leaveDropping.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char workdir[1024];
data/raxml-8.2.12+dfsg/leaveDropping.c:545:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
result->commonAttributes = memcpy(result->commonAttributes, profile->commonAttributes, sizeof(ProfileElemAttr));
data/raxml-8.2.12+dfsg/leaveDropping.c:686:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(array->commonAttributes, oldArray->commonAttributes, sizeof(ProfileElemAttr));
data/raxml-8.2.12+dfsg/leaveDropping.c:1181:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
profileElemAttr = memcpy(profileElemAttr, infrequentBipartitions->commonAttributes, sizeof(ProfileElemAttr));
data/raxml-8.2.12+dfsg/leaveDropping.c:1203:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
tmpArray->commonAttributes = memcpy(tmpArray->commonAttributes, infrequentBipartitions->commonAttributes, sizeof(ProfileElemAttr));
data/raxml-8.2.12+dfsg/leaveDropping.c:1538:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/leaveDropping.c:1616:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dropFileName, "RAxML_prunedTrees.");
data/raxml-8.2.12+dfsg/legacyCode.c:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/legacyCode.c:400:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(consensusFileName, "RAxML_MajorityRuleConsensusTree.");
data/raxml-8.2.12+dfsg/legacyCode.c:403:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(consensusFileName, "RAxML_MajorityRuleExtendedConsensusTree.");
data/raxml-8.2.12+dfsg/legacyCode.c:406:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(consensusFileName, "RAxML_StrictConsensusTree.");
data/raxml-8.2.12+dfsg/legacyCode.c:638:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/legacyCode.c:663:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rfFileName, "RAxML_RF-Distances.");
data/raxml-8.2.12+dfsg/makenewzGenericSpecial.c:2734:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/makenewzGenericSpecial.c:2755:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/makenewzGenericSpecial.c:2805:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/makenewzGenericSpecial.c:2828:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/models.c:66:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *protModels[NUM_PROT_MODELS];
data/raxml-8.2.12+dfsg/models.c:292:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/models.c:564:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daa, tr->partitionData[model].externalAAMatrix, 400 * sizeof(double));
data/raxml-8.2.12+dfsg/models.c:565:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f, &(tr->partitionData[model].externalAAMatrix[400]), 20 * sizeof(double));
data/raxml-8.2.12+dfsg/models.c:3767:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->partitionData[model].frequencies_LG4[i], frequencies, 20 * sizeof(double));
data/raxml-8.2.12+dfsg/models.c:4310:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->partitionData[model].symmetryVector, s, sizeof(int) * 6);
data/raxml-8.2.12+dfsg/multiple.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tree_file[1024];
data/raxml-8.2.12+dfsg/multiple.c:57:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char rellBootstrapFileName[1024];
data/raxml-8.2.12+dfsg/multiple.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char seq_file[1024];
data/raxml-8.2.12+dfsg/multiple.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char permFileName[1024], resultFileName[1024],
data/raxml-8.2.12+dfsg/multiple.c:245:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->cdta->aliaswgt, tr->originalWeights, sizeof(int) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/multiple.c:246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->model, tr->originalModel, sizeof(int) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/multiple.c:247:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->dataVector, tr->originalDataVector, sizeof(int) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/multiple.c:249:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->cdta->rateCategory, originalRateCategories, sizeof(int) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/multiple.c:250:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->invariant, originalInvariant, sizeof(int) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/multiple.c:254:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->rdta->y0, tr->rdta->yBUF, ((size_t)tr->rdta->numsp) * ((size_t)tr->cdta->endsite) * sizeof(char));
data/raxml-8.2.12+dfsg/multiple.c:438:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst[i].EIGN, src[i].EIGN, pl->eignLength * sizeof(double));
data/raxml-8.2.12+dfsg/multiple.c:439:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst[i].EV, src[i].EV, pl->evLength * sizeof(double));
data/raxml-8.2.12+dfsg/multiple.c:440:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst[i].EI, src[i].EI, pl->eiLength * sizeof(double));
data/raxml-8.2.12+dfsg/multiple.c:441:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst[i].substRates, src[i].substRates, pl->substRatesLength * sizeof(double));
data/raxml-8.2.12+dfsg/multiple.c:442:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst[i].frequencies, src[i].frequencies, pl->frequenciesLength * sizeof(double));
data/raxml-8.2.12+dfsg/multiple.c:443:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst[i].tipVector, src[i].tipVector, pl->tipVectorLength * sizeof(double));
data/raxml-8.2.12+dfsg/multiple.c:461:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/multiple.c:479:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void concatenateBSFiles(int processes, char fileName[1024])
data/raxml-8.2.12+dfsg/multiple.c:489:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/multiple.c:493:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sourceName, ".PID.");
data/raxml-8.2.12+dfsg/multiple.c:497:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/multiple.c:501:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/raxml-8.2.12+dfsg/multiple.c:516:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void removeBSFiles(int processes, char fileName[1024])
data/raxml-8.2.12+dfsg/multiple.c:523:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/multiple.c:527:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sourceName, ".PID.");
data/raxml-8.2.12+dfsg/multiple.c:531:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/multiple.c:535:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/raxml-8.2.12+dfsg/multiple.c:571:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bestTreeFileName[1024];
data/raxml-8.2.12+dfsg/multiple.c:686:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalRateCategories, tr->cdta->rateCategory, sizeof(int) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/multiple.c:687:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalInvariant, tr->invariant, sizeof(int) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/multiple.c:1169:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bestTreeFileName, "RAxML_bestTree.");
data/raxml-8.2.12+dfsg/multiple.c:1471:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bestTreeFileName[1024];
data/raxml-8.2.12+dfsg/multiple.c:1830:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bestTreeFileName, "RAxML_bestTree.");
data/raxml-8.2.12+dfsg/newviewGenericSpecial.c:537:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/newviewGenericSpecial.c:579:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/newviewGenericSpecial.c:705:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/newviewGenericSpecial.c:745:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char
data/raxml-8.2.12+dfsg/optimizeModel.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ratesFileName[1024];
data/raxml-8.2.12+dfsg/optimizeModel.c:57:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char workdir[1024];
data/raxml-8.2.12+dfsg/optimizeModel.c:58:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char run_id[128];
data/raxml-8.2.12+dfsg/optimizeModel.c:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char lengthFileName[1024];
data/raxml-8.2.12+dfsg/optimizeModel.c:60:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char lengthFileNameModel[1024];
data/raxml-8.2.12+dfsg/optimizeModel.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *protModels[NUM_PROT_MODELS];
data/raxml-8.2.12+dfsg/optimizeModel.c:1391:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&startRates[pos * 4], tr->partitionData[index].gammaRates, 4 * sizeof(double));
data/raxml-8.2.12+dfsg/optimizeModel.c:1392:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&startExponents[pos * 4], tr->partitionData[index].weightExponents, 4 * sizeof(double));
data/raxml-8.2.12+dfsg/optimizeModel.c:1393:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&startWeights[pos * 4], tr->partitionData[index].weights, 4 * sizeof(double));
data/raxml-8.2.12+dfsg/optimizeModel.c:2632:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldCategory, tr->cdta->rateCategory, sizeof(int) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/optimizeModel.c:2633:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ratStored, tr->cdta->patratStored, sizeof(double) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/optimizeModel.c:2642:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldCategorizedRates[model], tr->partitionData[model].perSiteRates, tr->maxCategories * sizeof(double));
data/raxml-8.2.12+dfsg/optimizeModel.c:2643:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldUnscaledCategorizedRates[model], tr->partitionData[model].unscaled_perSiteRates, tr->maxCategories * sizeof(double));
data/raxml-8.2.12+dfsg/optimizeModel.c:2727:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->partitionData[model].perSiteRates, oldCategorizedRates[model], tr->maxCategories * sizeof(double));
data/raxml-8.2.12+dfsg/optimizeModel.c:2728:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->partitionData[model].unscaled_perSiteRates, oldUnscaledCategorizedRates[model], tr->maxCategories * sizeof(double));
data/raxml-8.2.12+dfsg/optimizeModel.c:2731:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->cdta->patratStored, ratStored, sizeof(double) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/optimizeModel.c:2732:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->cdta->rateCategory, oldCategory, sizeof(int) * tr->cdta->endsite);
data/raxml-8.2.12+dfsg/optimizeModel.c:2934:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/optimizeModel.c:2956:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gtrFileName, "RAxML_proteinGTRmodel.");
data/raxml-8.2.12+dfsg/optimizeModel.c:2964:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gtrFileName, "_Partition_");
data/raxml-8.2.12+dfsg/optimizeModel.c:3102:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/optimizeModel.c:4205:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rateBuffer, tr->partitionData[0].substRates, sizeof(double) * 6);
data/raxml-8.2.12+dfsg/optimizeModel.c:4231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->partitionData[0].substRates, &guessGTR[1], sizeof(double) * 5);
data/raxml-8.2.12+dfsg/optimizeModel.c:4247:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tr->partitionData[0].substRates, rateBuffer, sizeof(double) * 6);
data/raxml-8.2.12+dfsg/parsePartitions.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char modelFileName[1024];
data/raxml-8.2.12+dfsg/parsePartitions.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char excludeFileName[1024];
data/raxml-8.2.12+dfsg/parsePartitions.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char secondaryStructureFileName[1024];
data/raxml-8.2.12+dfsg/parsePartitions.c:57:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char seq_file[1024];
data/raxml-8.2.12+dfsg/parsePartitions.c:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *protModels[NUM_PROT_MODELS];
data/raxml-8.2.12+dfsg/parsePartitions.c:187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/parsePartitions.c:382:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thisModel, "ASC_");
data/raxml-8.2.12+dfsg/parsePartitions.c:666:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/raxml-8.2.12+dfsg/parsePartitions.c:763:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lower = atoi(buf);
data/raxml-8.2.12+dfsg/parsePartitions.c:811:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
upper = atoi(buf);
data/raxml-8.2.12+dfsg/parsePartitions.c:856:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modulo = atoi(buf);
data/raxml-8.2.12+dfsg/parsePartitions.c:977:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/raxml-8.2.12+dfsg/parsePartitions.c:1042:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(buf);
data/raxml-8.2.12+dfsg/parsePartitions.c:1070:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(buf);
data/raxml-8.2.12+dfsg/parsePartitions.c:1084:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(buf);
data/raxml-8.2.12+dfsg/parsePartitions.c:1156:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfn[2048];
data/raxml-8.2.12+dfsg/parsePartitions.c:1188:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfn[2048];
data/raxml-8.2.12+dfsg/parsePartitions.c:1219:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AAmodel[1024];
data/raxml-8.2.12+dfsg/parsePartitions.c:1223:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(AAmodel, "ASC_");
data/raxml-8.2.12+dfsg/parsePartitions.c:1344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfn[2048];
data/raxml-8.2.12+dfsg/parsePartitions.c:1469:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bracketTypes[4][2] = {{'(', ')'}, {'<', '>'}, {'[', ']'}, {'{', '}'}};
data/raxml-8.2.12+dfsg/parsePartitions.c:1694:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tr->extendedPartitionData[i].partitionName, "SECONDARY STRUCTURE 16 STATE MODEL");
data/raxml-8.2.12+dfsg/parsePartitions.c:1702:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tr->extendedPartitionData[i].partitionName, "SECONDARY STRUCTURE 6 STATE MODEL");
data/raxml-8.2.12+dfsg/parsePartitions.c:1711:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tr->extendedPartitionData[i].partitionName, "SECONDARY STRUCTURE 7 STATE MODEL");
data/raxml-8.2.12+dfsg/rapidBootstrap.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char seq_file[1024];
data/raxml-8.2.12+dfsg/rmqs.c:27:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char LSBTable256[256] =
data/raxml-8.2.12+dfsg/rmqs.c:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char LogTable256[256] =
data/raxml-8.2.12+dfsg/rmqs.h:78:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char LSBTable256[256];
data/raxml-8.2.12+dfsg/rmqs.h:85:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char LogTable256[256];
data/raxml-8.2.12+dfsg/rogueEPA.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char run_id[128];
data/raxml-8.2.12+dfsg/rogueEPA.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char workdir[1024];
data/raxml-8.2.12+dfsg/rogueEPA.c:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/rogueEPA.c:252:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fileName, "RAxML_SiteSpecificPlacementBias.");
data/raxml-8.2.12+dfsg/searchAlgo.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char seq_file[1024];
data/raxml-8.2.12+dfsg/searchAlgo.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char resultFileName[1024];
data/raxml-8.2.12+dfsg/searchAlgo.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tree_file[1024];
data/raxml-8.2.12+dfsg/searchAlgo.c:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char workdir[1024];
data/raxml-8.2.12+dfsg/searchAlgo.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char run_id[128];
data/raxml-8.2.12+dfsg/searchAlgo.c:1275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/raxml-8.2.12+dfsg/searchAlgo.c:1306:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", bCount);
data/raxml-8.2.12+dfsg/searchAlgo.c:1309:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(terraceFileName, "RAxML_terrace.");
data/raxml-8.2.12+dfsg/searchAlgo.c:1311:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(terraceFileName, ".BS.");
data/raxml-8.2.12+dfsg/treeIO.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char infoFileName[1024];
data/raxml-8.2.12+dfsg/treeIO.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tree_file[1024];
data/raxml-8.2.12+dfsg/treeIO.c:251:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, "%d", p->number);
data/raxml-8.2.12+dfsg/treeIO.c:275:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":0.0;\n");
data/raxml-8.2.12+dfsg/treeIO.c:277:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ";\n");
data/raxml-8.2.12+dfsg/treeIO.c:293:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, "%1.3f:%8.20f", p->bInf->ic, p->z[0]);
data/raxml-8.2.12+dfsg/treeIO.c:295:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, "%d:%8.20f", p->bInf->support, p->z[0]);
data/raxml-8.2.12+dfsg/treeIO.c:301:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f[%1.3f,%1.3f]", p->z[0], p->bInf->ic, p->bInf->icAll);
data/raxml-8.2.12+dfsg/treeIO.c:303:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f[%d]", p->z[0], p->bInf->support);
data/raxml-8.2.12+dfsg/treeIO.c:307:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f[%d]", getBranchLength(tr, perGene, p), p->bInf->support);
data/raxml-8.2.12+dfsg/treeIO.c:314:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f[", getBranchLength(tr, perGene, p));
data/raxml-8.2.12+dfsg/treeIO.c:320:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, "%d,", p->bInf->supports[model]);
data/raxml-8.2.12+dfsg/treeIO.c:325:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, "%d]", p->bInf->supports[model]);
data/raxml-8.2.12+dfsg/treeIO.c:332:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f", p->z[0]);
data/raxml-8.2.12+dfsg/treeIO.c:334:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f", getBranchLength(tr, perGene, p));
data/raxml-8.2.12+dfsg/treeIO.c:340:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f", getBranchLength(tr, perGene, p));
data/raxml-8.2.12+dfsg/treeIO.c:409:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, "%d", p->number);
data/raxml-8.2.12+dfsg/treeIO.c:433:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, "%d:%8.20f", p->bInf->support, p->z[0]);
data/raxml-8.2.12+dfsg/treeIO.c:435:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f[%d]", p->z[0], p->bInf->support);
data/raxml-8.2.12+dfsg/treeIO.c:437:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f[%d]", getBranchLength(tr, perGene, p), p->bInf->support);
data/raxml-8.2.12+dfsg/treeIO.c:442:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f", p->z[0]);
data/raxml-8.2.12+dfsg/treeIO.c:444:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f", getBranchLength(tr, perGene, p));
data/raxml-8.2.12+dfsg/treeIO.c:450:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ":%8.20f", getBranchLength(tr, perGene, p));
data/raxml-8.2.12+dfsg/treeIO.c:522:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(treestr, ");\n");
data/raxml-8.2.12+dfsg/treeIO.c:672:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extendedTreeFileName[1024];
data/raxml-8.2.12+dfsg/treeIO.c:673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/raxml-8.2.12+dfsg/treeIO.c:681:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", i);
data/raxml-8.2.12+dfsg/treeIO.c:682:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(extendedTreeFileName, ".PARTITION.");
data/raxml-8.2.12+dfsg/treeIO.c:850:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[nmlngth+2];
data/raxml-8.2.12+dfsg/treeIO.c:1085:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[64];
data/raxml-8.2.12+dfsg/treeIO.c:2093:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(smallTree->nodep[i], tr->nodep[i], sizeof(node));
data/raxml-8.2.12+dfsg/axml.c:106:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(f)) != EOF)
data/raxml-8.2.12+dfsg/axml.c:627:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(h);
data/raxml-8.2.12+dfsg/axml.c:681:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read;
data/raxml-8.2.12+dfsg/axml.c:1090:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f);
data/raxml-8.2.12+dfsg/axml.c:1227:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(INFILE);
data/raxml-8.2.12+dfsg/axml.c:1230:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(INFILE);
data/raxml-8.2.12+dfsg/axml.c:1237:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(INFILE);
data/raxml-8.2.12+dfsg/axml.c:1252:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer) + 1;
data/raxml-8.2.12+dfsg/axml.c:1258:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(INFILE);
data/raxml-8.2.12+dfsg/axml.c:1265:38: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((j < rdta->sites) && ((ch = getc(INFILE)) != EOF) && (ch != '\n') && (ch != '\r'))
data/raxml-8.2.12+dfsg/axml.c:1346:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(INFILE); /* flush line *//* PC-LINEBREAK*/
data/raxml-8.2.12+dfsg/axml.c:1374:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = getc(INFILE)) != EOF);
data/raxml-8.2.12+dfsg/axml.c:1559:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read;
data/raxml-8.2.12+dfsg/axml.c:1621:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = strlen(buffer) + 1;
data/raxml-8.2.12+dfsg/axml.c:1931:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tr->extendedPartitionData[i].partitionName = (char*)rax_malloc((strlen(tr->initialPartitionData[i].partitionName) + 1) * sizeof(char));
data/raxml-8.2.12+dfsg/axml.c:2891:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(AAmodel, "F");
data/raxml-8.2.12+dfsg/axml.c:2894:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(AAmodel, "X");
data/raxml-8.2.12+dfsg/axml.c:3134:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(AAmodel, "F");
data/raxml-8.2.12+dfsg/axml.c:3137:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(AAmodel, "X");
data/raxml-8.2.12+dfsg/axml.c:3373:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outFileName, ".");
data/raxml-8.2.12+dfsg/axml.c:3431:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(f)) != EOF)
data/raxml-8.2.12+dfsg/axml.c:3435:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/raxml-8.2.12+dfsg/axml.c:3442:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/raxml-8.2.12+dfsg/axml.c:4461:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "F");
data/raxml-8.2.12+dfsg/axml.c:4475:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "X");
data/raxml-8.2.12+dfsg/axml.c:4503:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "F");
data/raxml-8.2.12+dfsg/axml.c:4518:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "X");
data/raxml-8.2.12+dfsg/axml.c:4550:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "F");
data/raxml-8.2.12+dfsg/axml.c:4565:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "X");
data/raxml-8.2.12+dfsg/axml.c:4628:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "F");
data/raxml-8.2.12+dfsg/axml.c:4641:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "F");
data/raxml-8.2.12+dfsg/axml.c:4658:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "X");
data/raxml-8.2.12+dfsg/axml.c:4672:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "X");
data/raxml-8.2.12+dfsg/axml.c:4690:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "F");
data/raxml-8.2.12+dfsg/axml.c:4705:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "X");
data/raxml-8.2.12+dfsg/axml.c:6156:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outgroups = (char*)rax_malloc(sizeof(char) * (strlen(optarg) + 1));
data/raxml-8.2.12+dfsg/axml.c:7206:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(dir[strlen(dir) - 1] != separator[0])
data/raxml-8.2.12+dfsg/axml.c:7218:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(dir[strlen(dir) - 1] != separator[0])
data/raxml-8.2.12+dfsg/axml.c:7995:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(checkPoints, ".");
data/raxml-8.2.12+dfsg/axml.c:11146:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(f)) != ';')
data/raxml-8.2.12+dfsg/axml.c:11151:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/raxml-8.2.12+dfsg/axml.c:11163:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/raxml-8.2.12+dfsg/axml.c:11174:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameList[taxaCount] = (char*)rax_malloc(sizeof(char) * (strlen(buffer) + 1));
data/raxml-8.2.12+dfsg/axml.c:11776:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = getc(f)) != EOF)
data/raxml-8.2.12+dfsg/axml.c:12801:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = getc(f)) != EOF)
data/raxml-8.2.12+dfsg/axml.c:12851:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fileName, ".");
data/raxml-8.2.12+dfsg/bipartitionList.c:856:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(f)) != EOF)
data/raxml-8.2.12+dfsg/bipartitionList.c:1479:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fileName, ".");
data/raxml-8.2.12+dfsg/bipartitionList.c:1659:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(treeFile)) != ';')
data/raxml-8.2.12+dfsg/bipartitionList.c:1663:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(treeFile);
data/raxml-8.2.12+dfsg/bipartitionList.c:1675:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(treeFile);
data/raxml-8.2.12+dfsg/classify.c:298:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(treestr, "}");
data/raxml-8.2.12+dfsg/classify.c:300:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(treestr, "]");
data/raxml-8.2.12+dfsg/classify.c:2500:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(subTreeFileName, ".");
data/raxml-8.2.12+dfsg/classify.c:2590:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read;
data/raxml-8.2.12+dfsg/mem_alloc.c:22:14: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
void *PREFIX(memalign)(size_t align, size_t size);
data/raxml-8.2.12+dfsg/mem_alloc.c:35:17: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
return PREFIX(memalign)(align, size);
data/raxml-8.2.12+dfsg/parsePartitions.c:63:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, n = strlen(line);
data/raxml-8.2.12+dfsg/parsePartitions.c:327:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "F");
data/raxml-8.2.12+dfsg/parsePartitions.c:351:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "X");
data/raxml-8.2.12+dfsg/parsePartitions.c:398:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "F");
data/raxml-8.2.12+dfsg/parsePartitions.c:414:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(thisModel, "X");
data/raxml-8.2.12+dfsg/parsePartitions.c:613:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
register int c = getc(stream);
data/raxml-8.2.12+dfsg/parsePartitions.c:712:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(cc);
data/raxml-8.2.12+dfsg/parsePartitions.c:996:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = getc(f)) != EOF)
data/raxml-8.2.12+dfsg/parsePartitions.c:1012:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = getc(f)) != EOF)
data/raxml-8.2.12+dfsg/parsePartitions.c:1163:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mfn, ".");
data/raxml-8.2.12+dfsg/parsePartitions.c:1192:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mfn, ".");
data/raxml-8.2.12+dfsg/parsePartitions.c:1229:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(AAmodel, "F");
data/raxml-8.2.12+dfsg/parsePartitions.c:1231:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(AAmodel, "X");
data/raxml-8.2.12+dfsg/parsePartitions.c:1348:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mfn, ".");
data/raxml-8.2.12+dfsg/parsePartitions.c:1475:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(f)) != EOF)
data/raxml-8.2.12+dfsg/parsePartitions.c:1506:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(f)) != EOF)
data/raxml-8.2.12+dfsg/parsePartitions.c:1650:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
partBuffer[i].partitionName = (char*)rax_malloc((strlen(tr->extendedPartitionData[i].partitionName) + 1) * sizeof(char));
data/raxml-8.2.12+dfsg/parsePartitions.c:1668:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tr->extendedPartitionData[i].partitionName = (char*)rax_malloc((strlen(partBuffer[i].partitionName) + 1) * sizeof(char));
data/raxml-8.2.12+dfsg/treeIO.c:134:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->word = (char *)rax_malloc((strlen(s) + 1) * sizeof(char));
data/raxml-8.2.12+dfsg/treeIO.c:707:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(fp)) != EOF && ch != ']') {
data/raxml-8.2.12+dfsg/treeIO.c:724:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(fp)) != EOF) {
data/raxml-8.2.12+dfsg/treeIO.c:771:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/raxml-8.2.12+dfsg/treeIO.c:789:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/raxml-8.2.12+dfsg/treeIO.c:799:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/raxml-8.2.12+dfsg/treeIO.c:808:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/raxml-8.2.12+dfsg/treeIO.c:887:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (n > 0 && ((ch = getc(fp1)) != EOF))
data/raxml-8.2.12+dfsg/treeIO.c:953:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((ch = getc(fp)) != EOF)
data/raxml-8.2.12+dfsg/treeIO.c:962:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((ch = getc(fp)) != ']')
ANALYSIS SUMMARY:
Hits = 901
Lines analyzed = 76921 in approximately 1.86 seconds (41313 lines/second)
Physical Source Lines of Code (SLOC) = 57729
Hits@level = [0] 1441 [1] 85 [2] 541 [3] 1 [4] 274 [5] 0
Hits@level+ = [0+] 2342 [1+] 901 [2+] 816 [3+] 275 [4+] 274 [5+] 0
Hits/KSLOC@level+ = [0+] 40.5689 [1+] 15.6074 [2+] 14.135 [3+] 4.76364 [4+] 4.74631 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.