Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/seqprep-1.3.2/stdaln.h
Examining data/seqprep-1.3.2/utils.c
Examining data/seqprep-1.3.2/utils.h
Examining data/seqprep-1.3.2/stdaln.c
Examining data/seqprep-1.3.2/SeqPrep.c
FINAL RESULTS:
data/seqprep-1.3.2/SeqPrep.c:128:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(forward_primer, DEF_FORWARD_PRIMER); //set default
data/seqprep-1.3.2/SeqPrep.c:131:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(reverse_primer, DEF_REVERSE_PRIMER); //set default
data/seqprep-1.3.2/SeqPrep.c:172:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( forward_fn, optarg );
data/seqprep-1.3.2/SeqPrep.c:176:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( reverse_fn, optarg );
data/seqprep-1.3.2/SeqPrep.c:180:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(forward_out_fn, optarg);
data/seqprep-1.3.2/SeqPrep.c:184:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(reverse_out_fn, optarg);
data/seqprep-1.3.2/SeqPrep.c:193:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(forward_discard_fn, optarg);
data/seqprep-1.3.2/SeqPrep.c:197:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(reverse_discard_fn, optarg);
data/seqprep-1.3.2/SeqPrep.c:214:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(forward_primer, optarg);
data/seqprep-1.3.2/SeqPrep.c:217:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(reverse_primer, optarg);
data/seqprep-1.3.2/SeqPrep.c:274:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( merged_out_fn, optarg );
data/seqprep-1.3.2/SeqPrep.c:287:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pretty_print_fn,optarg);
data/seqprep-1.3.2/SeqPrep.c:353:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(untrim_fseq,sqp->fseq);
data/seqprep-1.3.2/SeqPrep.c:354:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(untrim_fqual,sqp->fqual);
data/seqprep-1.3.2/SeqPrep.c:355:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(untrim_rseq,sqp->rseq);
data/seqprep-1.3.2/SeqPrep.c:356:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(untrim_rqual,sqp->rqual);
data/seqprep-1.3.2/SeqPrep.c:166:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while( (ich=getopt( argc, argv, "f:r:1:2:3:4:q:A:s:y:B:O:E:x:M:N:L:o:m:b:w:W:p:P:X:Q:t:e:Z:n:S6ghz" )) != -1 ) {
data/seqprep-1.3.2/SeqPrep.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char forward_fn[MAX_FN_LEN];
data/seqprep-1.3.2/SeqPrep.c:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reverse_fn[MAX_FN_LEN];
data/seqprep-1.3.2/SeqPrep.c:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char forward_out_fn[MAX_FN_LEN];
data/seqprep-1.3.2/SeqPrep.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reverse_out_fn[MAX_FN_LEN];
data/seqprep-1.3.2/SeqPrep.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char forward_discard_fn[MAX_FN_LEN];
data/seqprep-1.3.2/SeqPrep.c:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reverse_discard_fn[MAX_FN_LEN];
data/seqprep-1.3.2/SeqPrep.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char merged_out_fn[MAX_FN_LEN];
data/seqprep-1.3.2/SeqPrep.c:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char forward_primer[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/SeqPrep.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char forward_primer_dummy_qual[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/SeqPrep.c:130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reverse_primer[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/SeqPrep.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reverse_primer_dummy_qual[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/SeqPrep.c:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretty_print_fn[MAX_FN_LEN+1];
data/seqprep-1.3.2/SeqPrep.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char untrim_fseq[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/SeqPrep.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char untrim_fqual[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/SeqPrep.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char untrim_rseq[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/SeqPrep.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char untrim_rqual[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/SeqPrep.c:206:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qcut = atoi(optarg)+33;
data/seqprep-1.3.2/SeqPrep.c:209:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_read_len = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:220:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_ol_adapter = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:229:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aln_param_nt2nt.band_width = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:232:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aln_param_nt2nt.gap_open = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:235:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aln_param_nt2nt.gap_ext = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:238:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aln_param_nt2nt.gap_end = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:241:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
adapter_thresh = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:246:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aln_param_rd2rd.band_width = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:249:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aln_param_rd2rd.gap_open = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:252:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aln_param_rd2rd.gap_ext = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:255:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aln_param_rd2rd.gap_end = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:277:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_ol_reads = atoi(optarg);
data/seqprep-1.3.2/SeqPrep.c:290:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_pretty_print = atol(optarg);
data/seqprep-1.3.2/SeqPrep.c:459:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fseq[tmp_flen];
data/seqprep-1.3.2/SeqPrep.c:460:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rcseq[tmp_rclen];
data/seqprep-1.3.2/stdaln.c:33:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_nt16_table[256] = {
data/seqprep-1.3.2/stdaln.c:54:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_nt4_table[256] = {
data/seqprep-1.3.2/stdaln.c:75:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_aa_table[256] = {
data/seqprep-1.3.2/stdaln.c:97:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_trans_table_eu[66] = {
data/seqprep-1.3.2/utils.c:351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *forward_primer, char *forward_primer_dummy_qual,
data/seqprep-1.3.2/utils.c:351:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *forward_primer, char *forward_primer_dummy_qual,
data/seqprep-1.3.2/utils.c:353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *reverse_primer, char *reverse_primer_dummy_qual,
data/seqprep-1.3.2/utils.c:353:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *reverse_primer, char *reverse_primer_dummy_qual,
data/seqprep-1.3.2/utils.h:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fid[MAX_ID_LEN+1];
data/seqprep-1.3.2/utils.h:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fseq[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/utils.h:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqual[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/utils.h:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rid[MAX_ID_LEN+1];
data/seqprep-1.3.2/utils.h:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rseq[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/utils.h:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rqual[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/utils.h:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rc_rseq[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/utils.h:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rc_rqual[MAX_SEQ_LEN+1];
data/seqprep-1.3.2/utils.h:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char merged_seq[MAX_SEQ_LEN+MAX_SEQ_LEN+1];
data/seqprep-1.3.2/utils.h:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char merged_qual[MAX_SEQ_LEN+MAX_SEQ_LEN+1];
data/seqprep-1.3.2/utils.h:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *forward_primer, char *forward_primer_dummy_qual,
data/seqprep-1.3.2/utils.h:84:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *forward_primer, char *forward_primer_dummy_qual,
data/seqprep-1.3.2/utils.h:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *reverse_primer, char *reverse_primer_dummy_qual,
data/seqprep-1.3.2/utils.h:86:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *reverse_primer, char *reverse_primer_dummy_qual,
data/seqprep-1.3.2/SeqPrep.c:321:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int forward_primer_len = strlen(forward_primer);
data/seqprep-1.3.2/SeqPrep.c:322:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int reverse_primer_len = strlen(reverse_primer);
data/seqprep-1.3.2/SeqPrep.c:447:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sqp->rc_rseq,sqp->rseq,sqp->rlen+1); //move regular reads now trimmed into RC read's place
data/seqprep-1.3.2/SeqPrep.c:448:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sqp->rc_rqual,sqp->rqual,sqp->rlen+1);
data/seqprep-1.3.2/SeqPrep.c:510:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sqp->merged_seq) >= min_read_len && strlen(sqp->merged_qual) >= min_read_len){
data/seqprep-1.3.2/SeqPrep.c:510:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sqp->merged_seq) >= min_read_len && strlen(sqp->merged_qual) >= min_read_len){
data/seqprep-1.3.2/SeqPrep.c:545:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sqp->fseq) >= min_read_len &&
data/seqprep-1.3.2/SeqPrep.c:546:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sqp->fqual) >= min_read_len &&
data/seqprep-1.3.2/SeqPrep.c:547:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sqp->rseq) >= min_read_len &&
data/seqprep-1.3.2/SeqPrep.c:548:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sqp->rqual) >= min_read_len){
data/seqprep-1.3.2/SeqPrep.c:575:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sqp->merged_seq) >= min_read_len &&
data/seqprep-1.3.2/SeqPrep.c:576:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sqp->merged_qual) >= min_read_len){
data/seqprep-1.3.2/SeqPrep.c:592:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sqp->fseq) >= min_read_len &&
data/seqprep-1.3.2/SeqPrep.c:593:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sqp->fqual) >= min_read_len &&
data/seqprep-1.3.2/SeqPrep.c:594:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sqp->rseq) >= min_read_len &&
data/seqprep-1.3.2/SeqPrep.c:595:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sqp->rqual) >= min_read_len){
data/seqprep-1.3.2/SeqPrep.c:610:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sqp->fseq) >= min_read_len &&
data/seqprep-1.3.2/SeqPrep.c:611:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sqp->fqual) >= min_read_len &&
data/seqprep-1.3.2/SeqPrep.c:612:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sqp->rseq) >= min_read_len &&
data/seqprep-1.3.2/SeqPrep.c:613:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sqp->rqual) >= min_read_len){
data/seqprep-1.3.2/stdaln.c:774:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len1 < 0) len1 = strlen(seq1);
data/seqprep-1.3.2/stdaln.c:775:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len2 < 0) len2 = strlen(seq2);
data/seqprep-1.3.2/utils.c:147:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(aln->out1);
data/seqprep-1.3.2/utils.c:238:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sqp->rseq,sqp->rc_rseq,sqp->rlen+1);
data/seqprep-1.3.2/utils.c:239:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sqp->rqual,sqp->rc_rqual,sqp->rlen+1);
data/seqprep-1.3.2/utils.c:249:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(aln->out1);
data/seqprep-1.3.2/utils.c:441:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sqp->rc_rseq,sqp->rseq,sqp->rlen+1);
data/seqprep-1.3.2/utils.c:442:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sqp->rc_rqual,sqp->rqual,sqp->rlen+1);
data/seqprep-1.3.2/utils.c:542:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sqp->rseq,sqp->rc_rseq,ppos + sqp->flen+1); //move RC reads into reg place and reverse them
data/seqprep-1.3.2/utils.c:543:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sqp->rqual,sqp->rc_rqual,ppos + sqp->flen+1);
data/seqprep-1.3.2/utils.c:571:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sqp->rc_rseq,sqp->rseq,sqp->rlen+1);
data/seqprep-1.3.2/utils.c:572:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sqp->rc_rqual,sqp->rqual,sqp->rlen+1);
data/seqprep-1.3.2/utils.c:839:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(curr_sqp->rc_rseq,curr_sqp->rseq,curr_sqp->rlen+1);
data/seqprep-1.3.2/utils.c:840:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(curr_sqp->rc_rqual,curr_sqp->rqual,curr_sqp->rlen+1);
data/seqprep-1.3.2/utils.c:1082:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(mismatch > max_mismatch)
ANALYSIS SUMMARY:
Hits = 106
Lines analyzed = 3173 in approximately 0.15 seconds (21733 lines/second)
Physical Source Lines of Code (SLOC) = 2431
Hits@level = [0] 67 [1] 35 [2] 54 [3] 1 [4] 16 [5] 0
Hits@level+ = [0+] 173 [1+] 106 [2+] 71 [3+] 17 [4+] 16 [5+] 0
Hits/KSLOC@level+ = [0+] 71.1641 [1+] 43.6035 [2+] 29.2061 [3+] 6.99301 [4+] 6.58165 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.