Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rna-star-2.7.6a+dfsg/source/AlignVsTranscript.h
Examining data/rna-star-2.7.6a+dfsg/source/BAMbinSortByCoordinate.cpp
Examining data/rna-star-2.7.6a+dfsg/source/BAMbinSortByCoordinate.h
Examining data/rna-star-2.7.6a+dfsg/source/BAMbinSortUnmapped.cpp
Examining data/rna-star-2.7.6a+dfsg/source/BAMbinSortUnmapped.h
Examining data/rna-star-2.7.6a+dfsg/source/BAMfunctions.h
Examining data/rna-star-2.7.6a+dfsg/source/BAMoutput.cpp
Examining data/rna-star-2.7.6a+dfsg/source/BAMoutput.h
Examining data/rna-star-2.7.6a+dfsg/source/Chain.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Chain.h
Examining data/rna-star-2.7.6a+dfsg/source/ChimericAlign.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ChimericAlign.h
Examining data/rna-star-2.7.6a+dfsg/source/ChimericAlign_chimericBAMoutput.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ChimericAlign_chimericJunctionOutput.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ChimericAlign_chimericStitching.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ChimericDetection.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ChimericDetection.h
Examining data/rna-star-2.7.6a+dfsg/source/ChimericDetection_chimericDetectionMult.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ChimericSegment.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ChimericSegment.h
Examining data/rna-star-2.7.6a+dfsg/source/ChimericTranscript.h
Examining data/rna-star-2.7.6a+dfsg/source/ErrorWarning.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ErrorWarning.h
Examining data/rna-star-2.7.6a+dfsg/source/GTF.cpp
Examining data/rna-star-2.7.6a+dfsg/source/GTF.h
Examining data/rna-star-2.7.6a+dfsg/source/GTF_superTranscript.cpp
Examining data/rna-star-2.7.6a+dfsg/source/GTF_transcriptGeneSJ.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Genome.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Genome.h
Examining data/rna-star-2.7.6a+dfsg/source/Genome_consensusSequence.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Genome_genomeGenerate.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Genome_genomeOutLoad.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Genome_insertSequences.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Genome_transformGenome.cpp
Examining data/rna-star-2.7.6a+dfsg/source/GlobalVariables.cpp
Examining data/rna-star-2.7.6a+dfsg/source/GlobalVariables.h
Examining data/rna-star-2.7.6a+dfsg/source/InOutStreams.cpp
Examining data/rna-star-2.7.6a+dfsg/source/InOutStreams.h
Examining data/rna-star-2.7.6a+dfsg/source/OutSJ.cpp
Examining data/rna-star-2.7.6a+dfsg/source/OutSJ.h
Examining data/rna-star-2.7.6a+dfsg/source/PackedArray.cpp
Examining data/rna-star-2.7.6a+dfsg/source/PackedArray.h
Examining data/rna-star-2.7.6a+dfsg/source/ParameterInfo.h
Examining data/rna-star-2.7.6a+dfsg/source/Parameters.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Parameters.h
Examining data/rna-star-2.7.6a+dfsg/source/ParametersChimeric.h
Examining data/rna-star-2.7.6a+dfsg/source/ParametersChimeric_initialize.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ParametersGenome.h
Examining data/rna-star-2.7.6a+dfsg/source/ParametersSolo.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ParametersSolo.h
Examining data/rna-star-2.7.6a+dfsg/source/Parameters_closeReadsFiles.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Parameters_openReadsFiles.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Parameters_readFilesInit.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Parameters_readSAMheader.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Parameters_samAttributes.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Quantifications.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Quantifications.h
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign.h
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk.h
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk_mapChunk.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk_processChunks.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_CIGAR.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_alignBAM.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_assignAlignToWindow.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_calcCIGAR.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_chimericDetection.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_chimericDetectionOld.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_chimericDetectionOldOutput.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_chimericDetectionPEmerged.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_createExtendWindowsWithAlign.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_mapOneRead.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_mapOneReadSpliceGraph.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_mappedFilter.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_maxMappableLength2strands.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_multMapSelect.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_oneRead.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_outputAlignments.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_outputSpliceGraphSAM.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_outputTranscriptCIGARp.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_outputTranscriptSAM.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_outputTranscriptSJ.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_outputVariation.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_peOverlapMergeMap.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_quantTranscriptome.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_stitchPieces.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_stitchWindowSeeds.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_storeAligns.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_transformGenome.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAlign_waspMap.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ReadAnnotations.h
Examining data/rna-star-2.7.6a+dfsg/source/SequenceFuns.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SequenceFuns.h
Examining data/rna-star-2.7.6a+dfsg/source/SharedMemory.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SharedMemory.h
Examining data/rna-star-2.7.6a+dfsg/source/SjdbClass.h
Examining data/rna-star-2.7.6a+dfsg/source/Solo.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Solo.h
Examining data/rna-star-2.7.6a+dfsg/source/SoloBarcode.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloBarcode.h
Examining data/rna-star-2.7.6a+dfsg/source/SoloBarcode_extractBarcode.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloCommon.h
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature.h
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeatureTypes.h
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_addBAMtags.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_cellFiltering.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_collapseUMI.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_countCBgeneUMI.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_countSmartSeq.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_countVelocyto.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_outputResults.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_processRecords.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_quantTranscript.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_redistributeReadsByCB.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_statsOutput.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloFeature_sumThreads.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloRead.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloRead.h
Examining data/rna-star-2.7.6a+dfsg/source/SoloReadBarcode.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloReadBarcode.h
Examining data/rna-star-2.7.6a+dfsg/source/SoloReadBarcodeStats.h
Examining data/rna-star-2.7.6a+dfsg/source/SoloReadBarcode_getCBandUMI.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloReadFeature.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloReadFeature.h
Examining data/rna-star-2.7.6a+dfsg/source/SoloReadFeatureStats.h
Examining data/rna-star-2.7.6a+dfsg/source/SoloReadFeature_inputRecords.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloReadFeature_record.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SoloRead_record.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SpliceGraph.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SpliceGraph.h
Examining data/rna-star-2.7.6a+dfsg/source/SpliceGraph_findSuperTr.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SpliceGraph_swScoreSpliced.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SpliceGraph_swTraceBack.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Stats.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Stats.h
Examining data/rna-star-2.7.6a+dfsg/source/SuffixArrayFuns.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SuffixArrayFuns.h
Examining data/rna-star-2.7.6a+dfsg/source/SuperTranscriptome.cpp
Examining data/rna-star-2.7.6a+dfsg/source/SuperTranscriptome.h
Examining data/rna-star-2.7.6a+dfsg/source/Test.hpp
Examining data/rna-star-2.7.6a+dfsg/source/ThreadControl.cpp
Examining data/rna-star-2.7.6a+dfsg/source/ThreadControl.h
Examining data/rna-star-2.7.6a+dfsg/source/TimeFunctions.cpp
Examining data/rna-star-2.7.6a+dfsg/source/TimeFunctions.h
Examining data/rna-star-2.7.6a+dfsg/source/Transcript.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Transcript.h
Examining data/rna-star-2.7.6a+dfsg/source/Transcript_alignScore.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Transcript_convertGenomeCigar.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Transcript_generateCigarP.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Transcript_transformGenome.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Transcript_variationAdjust.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Transcript_variationOutput.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Transcriptome.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Transcriptome.h
Examining data/rna-star-2.7.6a+dfsg/source/Transcriptome_classifyAlign.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Transcriptome_geneCountsAddAlign.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Transcriptome_geneFullAlignOverlap.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Transcriptome_quantAlign.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Variation.cpp
Examining data/rna-star-2.7.6a+dfsg/source/Variation.h
Examining data/rna-star-2.7.6a+dfsg/source/bamRemoveDuplicates.h
Examining data/rna-star-2.7.6a+dfsg/source/bamSortByCoordinate.cpp
Examining data/rna-star-2.7.6a+dfsg/source/bamSortByCoordinate.h
Examining data/rna-star-2.7.6a+dfsg/source/binarySearch2.cpp
Examining data/rna-star-2.7.6a+dfsg/source/binarySearch2.h
Examining data/rna-star-2.7.6a+dfsg/source/blocksOverlap.cpp
Examining data/rna-star-2.7.6a+dfsg/source/blocksOverlap.h
Examining data/rna-star-2.7.6a+dfsg/source/extendAlign.cpp
Examining data/rna-star-2.7.6a+dfsg/source/extendAlign.h
Examining data/rna-star-2.7.6a+dfsg/source/funCompareUintAndSuffixes.cpp
Examining data/rna-star-2.7.6a+dfsg/source/funCompareUintAndSuffixes.h
Examining data/rna-star-2.7.6a+dfsg/source/funCompareUintAndSuffixesMemcmp.cpp
Examining data/rna-star-2.7.6a+dfsg/source/funCompareUintAndSuffixesMemcmp.h
Examining data/rna-star-2.7.6a+dfsg/source/genomeGenerate.h
Examining data/rna-star-2.7.6a+dfsg/source/genomeParametersWrite.cpp
Examining data/rna-star-2.7.6a+dfsg/source/genomeParametersWrite.h
Examining data/rna-star-2.7.6a+dfsg/source/genomeSAindex.cpp
Examining data/rna-star-2.7.6a+dfsg/source/genomeSAindex.h
Examining data/rna-star-2.7.6a+dfsg/source/genomeScanFastaFiles.cpp
Examining data/rna-star-2.7.6a+dfsg/source/genomeScanFastaFiles.h
Examining data/rna-star-2.7.6a+dfsg/source/insertSeqSA.cpp
Examining data/rna-star-2.7.6a+dfsg/source/insertSeqSA.h
Examining data/rna-star-2.7.6a+dfsg/source/mapThreadsSpawn.cpp
Examining data/rna-star-2.7.6a+dfsg/source/mapThreadsSpawn.h
Examining data/rna-star-2.7.6a+dfsg/source/outputSJ.cpp
Examining data/rna-star-2.7.6a+dfsg/source/outputSJ.h
Examining data/rna-star-2.7.6a+dfsg/source/readLoad.cpp
Examining data/rna-star-2.7.6a+dfsg/source/readLoad.h
Examining data/rna-star-2.7.6a+dfsg/source/samHeaders.cpp
Examining data/rna-star-2.7.6a+dfsg/source/samHeaders.h
Examining data/rna-star-2.7.6a+dfsg/source/serviceFuns.cpp
Examining data/rna-star-2.7.6a+dfsg/source/signalFromBAM.cpp
Examining data/rna-star-2.7.6a+dfsg/source/sjAlignSplit.cpp
Examining data/rna-star-2.7.6a+dfsg/source/sjAlignSplit.h
Examining data/rna-star-2.7.6a+dfsg/source/sjdbBuildIndex.cpp
Examining data/rna-star-2.7.6a+dfsg/source/sjdbBuildIndex.h
Examining data/rna-star-2.7.6a+dfsg/source/sjdbInsertJunctions.cpp
Examining data/rna-star-2.7.6a+dfsg/source/sjdbInsertJunctions.h
Examining data/rna-star-2.7.6a+dfsg/source/sjdbLoadFromFiles.cpp
Examining data/rna-star-2.7.6a+dfsg/source/sjdbLoadFromFiles.h
Examining data/rna-star-2.7.6a+dfsg/source/sjdbLoadFromStream.cpp
Examining data/rna-star-2.7.6a+dfsg/source/sjdbLoadFromStream.h
Examining data/rna-star-2.7.6a+dfsg/source/sjdbPrepare.cpp
Examining data/rna-star-2.7.6a+dfsg/source/sjdbPrepare.h
Examining data/rna-star-2.7.6a+dfsg/source/soloInputFeatureUMI.cpp
Examining data/rna-star-2.7.6a+dfsg/source/soloInputFeatureUMI.h
Examining data/rna-star-2.7.6a+dfsg/source/sortSuffixesBucket.h
Examining data/rna-star-2.7.6a+dfsg/source/stitchAlignToTranscript.cpp
Examining data/rna-star-2.7.6a+dfsg/source/stitchAlignToTranscript.h
Examining data/rna-star-2.7.6a+dfsg/source/stitchGapIndel.cpp
Examining data/rna-star-2.7.6a+dfsg/source/stitchWindowAligns.cpp
Examining data/rna-star-2.7.6a+dfsg/source/stitchWindowAligns.h
Examining data/rna-star-2.7.6a+dfsg/source/streamFuns.cpp
Examining data/rna-star-2.7.6a+dfsg/source/streamFuns.h
Examining data/rna-star-2.7.6a+dfsg/source/stringSubstituteAll.cpp
Examining data/rna-star-2.7.6a+dfsg/source/stringSubstituteAll.h
Examining data/rna-star-2.7.6a+dfsg/source/sysRemoveDir.cpp
Examining data/rna-star-2.7.6a+dfsg/source/sysRemoveDir.h
Examining data/rna-star-2.7.6a+dfsg/source/twoPassRunPass1.cpp
Examining data/rna-star-2.7.6a+dfsg/source/twoPassRunPass1.h
Examining data/rna-star-2.7.6a+dfsg/source/bamRemoveDuplicates.cpp
Examining data/rna-star-2.7.6a+dfsg/source/bam_cat.c
Examining data/rna-star-2.7.6a+dfsg/source/signalFromBAM.h
Examining data/rna-star-2.7.6a+dfsg/source/BAMfunctions.cpp
Examining data/rna-star-2.7.6a+dfsg/source/STAR.cpp
Examining data/rna-star-2.7.6a+dfsg/source/bam_cat.h
Examining data/rna-star-2.7.6a+dfsg/source/IncludeDefine.h
Examining data/rna-star-2.7.6a+dfsg/source/Genome_genomeLoad.cpp
FINAL RESULTS:
data/rna-star-2.7.6a+dfsg/source/Parameters_openReadsFiles.cpp:77:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(readsCommandFileName.at(imate).c_str(),S_IXUSR | S_IRUSR | S_IWUSR);
data/rna-star-2.7.6a+dfsg/source/Parameters_openReadsFiles.cpp:52:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(("ls -lL " + readFilesNames[imate][ifile] + " > "+ outFileTmp+"/readFilesIn.info 2>&1").c_str());
data/rna-star-2.7.6a+dfsg/source/Parameters_openReadsFiles.cpp:92:21: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(readsCommandFileName.at(imate).c_str(), readsCommandFileName.at(imate).c_str(), (char*) NULL);
data/rna-star-2.7.6a+dfsg/source/Parameters_readSAMheader.cpp:32:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(com1.c_str());
data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk_processChunks.cpp:63:66: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
chunkInSizeBytesTotal[imate1] += sprintf(chunkIn[imate1] + chunkInSizeBytesTotal[imate1], "@%s", str1.c_str());
data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk_processChunks.cpp:80:62: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
chunkInSizeBytesTotal[imate1] += sprintf(chunkIn[imate1] + chunkInSizeBytesTotal[imate1], "%s\n%s\n+\n%s\n", str1.c_str(), seq1.c_str(), qual1.c_str());
data/rna-star-2.7.6a+dfsg/source/ReadAlign_alignBAM.cpp:521:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outBAMarray[imate]+recSize,readName+1);
data/rna-star-2.7.6a+dfsg/source/Parameters.h:201:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random;
data/rna-star-2.7.6a+dfsg/source/ReadAlign_multMapSelect.cpp:80:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (P.outMultimapperOrder.random || P.outSAMmultNmax != (uint) -1 ) {//bring the best alignment to the top of the list. TODO sort alignments by the score?
data/rna-star-2.7.6a+dfsg/source/ReadAlign_multMapSelect.cpp:88:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (P.outMultimapperOrder.random) {//shuffle separately the best aligns, and the rest
data/rna-star-2.7.6a+dfsg/source/ReadAlign_multMapSelect.cpp:104:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
} else if (P.outMultimapperOrder.random || P.outSAMmultNmax != (uint) -1) {
data/rna-star-2.7.6a+dfsg/source/BAMbinSortByCoordinate.cpp:19:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bamInStream.open(bamInFile.c_str(),std::ios::binary | std::ios::ate);//open at the end to get file size
data/rna-star-2.7.6a+dfsg/source/BAMbinSortByCoordinate.cpp:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bam1[BAM_ATTR_MaxSize];//temp array
data/rna-star-2.7.6a+dfsg/source/BAMbinSortUnmapped.cpp:35:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bamInStream[it].open(bamInFile.at(it).c_str());//opean all files
data/rna-star-2.7.6a+dfsg/source/BAMbinSortUnmapped.cpp:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bam1[BAM_ATTR_MaxSize];//temp array
data/rna-star-2.7.6a+dfsg/source/BAMfunctions.cpp:126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attrArray+3,attr.c_str(),attr.size()+1);//copy string data including \0
data/rna-star-2.7.6a+dfsg/source/BAMfunctions.cpp:134:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attrArray+4+sizeof(int32),attr.data(),attr.size());//copy array data
data/rna-star-2.7.6a+dfsg/source/BAMfunctions.cpp:142:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attrArray+4+sizeof(int32),attr.data(),sizeof(int32)*attr.size());//copy array data
data/rna-star-2.7.6a+dfsg/source/BAMoutput.cpp:65:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bamArray+binBytes1, bamIn, bamSize);
data/rna-star-2.7.6a+dfsg/source/BAMoutput.cpp:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(binStart[iBin]+binBytes[iBin], bamIn, bamSize);
data/rna-star-2.7.6a+dfsg/source/BAMoutput.cpp:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(binStart[iBin]+binBytes[iBin], &iRead, sizeof(uint));
data/rna-star-2.7.6a+dfsg/source/BAMoutput.cpp:151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(binStartOld,binStart[0],binBytes[0]);
data/rna-star-2.7.6a+dfsg/source/BAMoutput.cpp:185:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
binStream[iBin]->open((bamDir +"/"+to_string(iBin)+".BySJout").c_str());
data/rna-star-2.7.6a+dfsg/source/ChimericAlign_chimericBAMoutput.cpp:95:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) (RA->outBAMoneAlign[ii]+RA->outBAMoneAlignNbytes[ii]), tagSA1.c_str(), tagSA1.size()+1);//copy string including \0 at the end
data/rna-star-2.7.6a+dfsg/source/GTF_superTranscript.cpp:251:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(G+chrStart[ii],vecSeq[ii].data(),vecSeq[ii].size());
data/rna-star-2.7.6a+dfsg/source/GTF_transcriptGeneSJ.cpp:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strandChar[3]={'.','+','-'};
data/rna-star-2.7.6a+dfsg/source/Genome.cpp:46:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream.open((pGe.gDir+ "/" +name).c_str(), ios::binary);
data/rna-star-2.7.6a+dfsg/source/Genome.cpp:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chrInChar[1000];
data/rna-star-2.7.6a+dfsg/source/Genome.cpp:163:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
chrStreamIn.open( (pGe.gDir+"/chrLength.txt").c_str() );
data/rna-star-2.7.6a+dfsg/source/Genome.cpp:177:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
chrStreamIn.open( (pGe.gDir+"/chrStart.txt").c_str() );
data/rna-star-2.7.6a+dfsg/source/Genome_transformGenome.cpp:71:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32 gt=atoi(&sample.at(ih*2)); //process genotype info in the form of 0|1, i.e. 0th char and 2nd char
data/rna-star-2.7.6a+dfsg/source/Genome_transformGenome.cpp:216:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Gnew+chrStart1[ichr], G+chrStart[ichr], chrLength[ichr]);
data/rna-star-2.7.6a+dfsg/source/Genome_transformGenome.cpp:231:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s0[seq[0].size()];
data/rna-star-2.7.6a+dfsg/source/Genome_transformGenome.cpp:237:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[seq[1].size()];
data/rna-star-2.7.6a+dfsg/source/Genome_transformGenome.cpp:239:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Gnew+g1, s1, seq[1].size());
data/rna-star-2.7.6a+dfsg/source/OutSJ.cpp:52:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(isj1P,isjP,oneSJ.dataSize);
data/rna-star-2.7.6a+dfsg/source/Parameters.cpp:352:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inOut->logMain.open(outLogFileName.c_str());
data/rna-star-2.7.6a+dfsg/source/Parameters.cpp:370:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inOut->logStdOutFile.open((outFileNamePrefix + "Log.std.out").c_str());
data/rna-star-2.7.6a+dfsg/source/Parameters.cpp:567:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inOut->logProgress.open((outFileNamePrefix + "Log.progress.out").c_str());
data/rna-star-2.7.6a+dfsg/source/Parameters.cpp:655:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inOut->outSAMfile.open((outFileNamePrefix + "Aligned.out.sam").c_str());
data/rna-star-2.7.6a+dfsg/source/Parameters.cpp:837:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inOut->outUnmappedReadsStream[imate].open(ff.str().c_str());
data/rna-star-2.7.6a+dfsg/source/Parameters.cpp:1041:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inOut->outLocalChains.open((outFileNamePrefix + "LocalChains.out.tab").c_str());
data/rna-star-2.7.6a+dfsg/source/Parameters.cpp:1044:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(genomeNumToNT,"ACGTN");
data/rna-star-2.7.6a+dfsg/source/Parameters.h:49:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char genomeNumToNT[6];
data/rna-star-2.7.6a+dfsg/source/Parameters.h:86:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *clip3pAdapterSeqNum[MAX_N_MATES];//adapter sequence - numerical
data/rna-star-2.7.6a+dfsg/source/ParametersChimeric_initialize.cpp:41:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pP->inOut->outChimSAM.open((pP->outFileNamePrefix + "Chimeric.out.sam").c_str());
data/rna-star-2.7.6a+dfsg/source/ParametersChimeric_initialize.cpp:46:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pP->inOut->outChimJunction.open((pP->outFileNamePrefix + "Chimeric.out.junction").c_str());
data/rna-star-2.7.6a+dfsg/source/Parameters_openReadsFiles.cpp:14:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inOut->readIn[ii].open(rfName.c_str()); //try to open the Sequences file right away, exit if failed
data/rna-star-2.7.6a+dfsg/source/Parameters_openReadsFiles.cpp:43:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
readsCommandFile.open( readsCommandFileName.at(imate).c_str(), ios::in | ios::out);
data/rna-star-2.7.6a+dfsg/source/Parameters_openReadsFiles.cpp:82:23: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
pid_t PID=vfork();
data/rna-star-2.7.6a+dfsg/source/Parameters_openReadsFiles.cpp:100:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inOut->readIn[imate].open(readFilesInTmp.at(imate).c_str());
data/rna-star-2.7.6a+dfsg/source/Parameters_readSAMheader.cpp:33:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFifoIn.open(tmpFifo);
data/rna-star-2.7.6a+dfsg/source/ReadAlign.h:108:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummyChar[4096];
data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk.cpp:112:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstreamOut.open(fName1.c_str(),ios::out); //create empty file
data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk.cpp:114:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstreamOut.open(fName1.c_str(), ios::in | ios::out); //re-open the file in in/out mode
data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk_mapChunk.cpp:19:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
chunkOutBAMfile.open(chunkOutBAMfileName.c_str());
data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk_processChunks.cpp:61:66: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
chunkInSizeBytesTotal[imate1] += sprintf(chunkIn[imate1] + chunkInSizeBytesTotal[imate1], "@%llu", P.iReadAll);
data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk_processChunks.cpp:67:62: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
chunkInSizeBytesTotal[imate1] += sprintf(chunkIn[imate1] + chunkInSizeBytesTotal[imate1], " %llu %c %i", P.iReadAll, passFilterIllumina, P.readFilesIndex);
data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk_processChunks.cpp:163:65: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
chunkInSizeBytesTotal[imate] += sprintf(chunkIn[imate] + chunkInSizeBytesTotal[imate], ">%llu", P.iReadAll);
data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk_processChunks.cpp:171:61: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
chunkInSizeBytesTotal[imate] += sprintf(chunkIn[imate] + chunkInSizeBytesTotal[imate], " %llu %c %i \n", P.iReadAll, 'N', P.readFilesIndex);
data/rna-star-2.7.6a+dfsg/source/ReadAlign_alignBAM.cpp:109:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attrOutArray[BAM_ATTR_MaxSize];
data/rna-star-2.7.6a+dfsg/source/ReadAlign_alignBAM.cpp:427:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqMate[DEF_readSeqLengthMax+1], qualMate[DEF_readSeqLengthMax+1];
data/rna-star-2.7.6a+dfsg/source/ReadAlign_alignBAM.cpp:525:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBAMarray[imate]+recSize,packedCIGAR, nCIGAR*sizeof(int32));
data/rna-star-2.7.6a+dfsg/source/ReadAlign_alignBAM.cpp:529:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBAMarray[imate]+recSize,seqMate,(seqMateLength+1)/2);
data/rna-star-2.7.6a+dfsg/source/ReadAlign_alignBAM.cpp:544:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBAMarray[imate]+recSize,attrOutArray,attrN);
data/rna-star-2.7.6a+dfsg/source/ReadAlign_outputSpliceGraphSAM.cpp:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqRev[DEF_readSeqLengthMax+1], qualRev[DEF_readSeqLengthMax+1];
data/rna-star-2.7.6a+dfsg/source/ReadAlign_outputTranscriptSAM.cpp:200:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqMate[DEF_readSeqLengthMax+1], qualMate[DEF_readSeqLengthMax+1];
data/rna-star-2.7.6a+dfsg/source/ReadAlign_waspMap.cpp:103:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Read1[ii],r.Read1[ii],Lread);//need to copy since it will be changed
data/rna-star-2.7.6a+dfsg/source/STAR.cpp:224:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
P.inOut->logFinal.open((P.outFileNamePrefix + "Log.final.out").c_str());
data/rna-star-2.7.6a+dfsg/source/SoloFeature_addBAMtags.cpp:15:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam1, bam0, size0);
data/rna-star-2.7.6a+dfsg/source/SoloFeature_countSmartSeq.cpp:122:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void*) (countCellGeneUMI.data() + countCellGeneUMIindex[icb]), (void*) vCellFeatureCount[icb].data(), vCellFeatureCount[icb].size()*countMatStride*sizeof(countCellGeneUMI[0]));
data/rna-star-2.7.6a+dfsg/source/TimeFunctions.cpp:6:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeChar[100];
data/rna-star-2.7.6a+dfsg/source/TimeFunctions.cpp:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeChar[100];
data/rna-star-2.7.6a+dfsg/source/Variation.cpp:54:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
} else if (altV.at( atoi(&sample.at(0)) ).at(0)==ref.at(0) && altV.at( atoi(&sample.at(2)) ).at(0)==ref.at(0)) {
data/rna-star-2.7.6a+dfsg/source/Variation.cpp:54:88: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
} else if (altV.at( atoi(&sample.at(0)) ).at(0)==ref.at(0) && altV.at( atoi(&sample.at(2)) ).at(0)==ref.at(0)) {
data/rna-star-2.7.6a+dfsg/source/Variation.cpp:60:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nt1[1]=convertNt01234( altV.at( atoi(&sample.at(0)) ).at(0) );
data/rna-star-2.7.6a+dfsg/source/Variation.cpp:61:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nt1[2]=convertNt01234( altV.at( atoi(&sample.at(2)) ).at(0) );
data/rna-star-2.7.6a+dfsg/source/bamRemoveDuplicates.cpp:49:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*) cout, (char*) (cig+1), n1*sizeof(uint32));//copy CIGAR starting from the 2nd operation
data/rna-star-2.7.6a+dfsg/source/bamRemoveDuplicates.cpp:52:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*) cout, (char*) cig, n*sizeof(uint32));//copy full CIGAR
data/rna-star-2.7.6a+dfsg/source/bamRemoveDuplicates.cpp:231:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*) aD1, (char*) aD, grN*sizeof(uint));
data/rna-star-2.7.6a+dfsg/source/bam_cat.c:112:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ebuf,ebuf+len,diff);
data/rna-star-2.7.6a+dfsg/source/bam_cat.c:113:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ebuf+diff,buf,len);
data/rna-star-2.7.6a+dfsg/source/bam_cat.c:117:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ebuf,buf+len,es);
data/rna-star-2.7.6a+dfsg/source/genomeScanFastaFiles.cpp:16:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileIn.open(mapGen.pGe.gFastaFiles.at(ii).c_str());
data/rna-star-2.7.6a+dfsg/source/insertSeqSA.cpp:65:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq1[0], G1, nG1);
data/rna-star-2.7.6a+dfsg/source/outputSJ.cpp:68:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(allSJ.data+allSJ.N*oneSJ.dataSize,sjChunks[icOut],oneSJ.dataSize);
data/rna-star-2.7.6a+dfsg/source/sjdbBuildIndex.cpp:293:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(G+mapGen.chrStart[mapGen.nChrReal],Gsj, nGsj);
data/rna-star-2.7.6a+dfsg/source/sjdbPrepare.cpp:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strandChar[3]={'.','+','-'};
data/rna-star-2.7.6a+dfsg/source/sjdbPrepare.cpp:211:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Gsj+sjGstart,G+mapGen.sjDstart[ii],mapGen.sjdbOverhang);//sjdbStart contains 1-based intron loci
data/rna-star-2.7.6a+dfsg/source/sjdbPrepare.cpp:212:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Gsj+sjGstart+mapGen.sjdbOverhang,G+mapGen.sjAstart[ii],mapGen.sjdbOverhang);//sjdbStart contains 1-based intron loci
data/rna-star-2.7.6a+dfsg/source/BAMbinSortByCoordinate.cpp:23:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bamInStream.read(bamIn+bamInBytes,s1);//read the whole file
data/rna-star-2.7.6a+dfsg/source/BAMbinSortUnmapped.cpp:37:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bamInStream[it].read(bamIn[it],sizeof(int32));//read BAM record size
data/rna-star-2.7.6a+dfsg/source/BAMbinSortUnmapped.cpp:40:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bamInStream[it].read(bamIn[it]+sizeof(int32),bamSize.at(it)-sizeof(int32)+sizeof(uint64));//read the rest of the record, including last uint = iRead
data/rna-star-2.7.6a+dfsg/source/BAMbinSortUnmapped.cpp:63:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bamInStream[it].read(bamIn[it],sizeof(int32));//read record size
data/rna-star-2.7.6a+dfsg/source/BAMbinSortUnmapped.cpp:66:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bamInStream[it].read(bamIn[it]+sizeof(int32),bamSize.at(it)-sizeof(int32)+sizeof(uint));//read the rest of the record, including
data/rna-star-2.7.6a+dfsg/source/ReadAlignChunk_processChunks.cpp:166:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunkInSizeBytesTotal[imate] += strlen(chunkIn[imate] + chunkInSizeBytesTotal[imate]);
data/rna-star-2.7.6a+dfsg/source/ReadAlign_alignBAM.cpp:476:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|( MAPQ<<8 ) | ( strlen(readName) ) ); //note:read length includes 0-char
data/rna-star-2.7.6a+dfsg/source/ReadAlign_alignBAM.cpp:478:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pBAM[3]=( reg2bin(-1,0) << 16 | strlen(readName) );//4680=reg2bin(-1,0)
data/rna-star-2.7.6a+dfsg/source/ReadAlign_alignBAM.cpp:522:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
recSize+=strlen(readName);
data/rna-star-2.7.6a+dfsg/source/readLoad.cpp:14:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(readName)>=DEF_readNameLengthMax-1) {
data/rna-star-2.7.6a+dfsg/source/streamFuns.cpp:42:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
S.read(A+C,fstream_Chunk_Max);
data/rna-star-2.7.6a+dfsg/source/streamFuns.cpp:46:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
S.read(A+C,N%fstream_Chunk_Max);
ANALYSIS SUMMARY:
Hits = 102
Lines analyzed = 24085 in approximately 0.73 seconds (32801 lines/second)
Physical Source Lines of Code (SLOC) = 18331
Hits@level = [0] 5 [1] 12 [2] 79 [3] 4 [4] 6 [5] 1
Hits@level+ = [0+] 107 [1+] 102 [2+] 90 [3+] 11 [4+] 7 [5+] 1
Hits/KSLOC@level+ = [0+] 5.83711 [1+] 5.56434 [2+] 4.90972 [3+] 0.600076 [4+] 0.381867 [5+] 0.0545524
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.