Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AffineGap.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AffineGap.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AffineGapVectorized.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AffineGapVectorized.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerStats.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerStats.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignmentAdjuster.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignmentAdjuster.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignmentResult.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignmentResult.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ApproximateCounter.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ApproximateCounter.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/BigAlloc.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/BigAlloc.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/BufferedAsync.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/BufferedAsync.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ChimericPairedEndAligner.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ChimericPairedEndAligner.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/CommandProcessor.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/CommandProcessor.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Error.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Error.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/FileFormat.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/FixedSizeMap.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/FixedSizeSet.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/FixedSizeVector.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_Blob.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_Blob.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_map.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GzipDataWriter.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GzipDataWriter.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Histogram.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Histogram.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/IntersectingPairedEndAligner.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/IntersectingPairedEndAligner.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/LandauVishkin.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/LandauVishkin.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/MultiInputReadSupplier.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/MultiInputReadSupplier.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedEndAligner.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedReadMatcher.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ParallelTask.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ParallelTask.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/PriorityQueue.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ProbabilityDistance.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ProbabilityDistance.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadReader.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Seed.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Seed.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/SeedSequencer.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/SeedSequencer.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/SortedDataWriter.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/VariableSizeMap.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/VariableSizeVector.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/WindowsFileMapper.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/directions.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/exit.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/exit.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/mapq.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/mapq.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/options.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/stdafx.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/stdafx.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/targetver.h Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_map.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp Examining data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.h Examining data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp Examining data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/stdafx.cpp Examining data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/stdafx.h Examining data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/targetver.h Examining data/snap-aligner-1.0.0+dfsg/apps/SNAPCommand/SNAPCommand.cpp Examining data/snap-aligner-1.0.0+dfsg/apps/SNAPCommand/stdafx.cpp Examining data/snap-aligner-1.0.0+dfsg/apps/SNAPCommand/stdafx.h Examining data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp Examining data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/stdafx.cpp Examining data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/stdafx.h Examining data/snap-aligner-1.0.0+dfsg/apps/snap/Main.cpp Examining data/snap-aligner-1.0.0+dfsg/apps/snap/stdafx.cpp Examining data/snap-aligner-1.0.0+dfsg/apps/snap/stdafx.h Examining data/snap-aligner-1.0.0+dfsg/apps/wc/stdafx.cpp Examining data/snap-aligner-1.0.0+dfsg/apps/wc/stdafx.h Examining data/snap-aligner-1.0.0+dfsg/apps/wc/targetver.h Examining data/snap-aligner-1.0.0+dfsg/apps/wc/wc.cpp Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/exception.h Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/expect.h Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/hdfs.h Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/hdfs_test.h Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/jni_helper.h Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/native_mini_dfs.h Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/uthash.h Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/libhdfs/stdafx.cpp Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/libhdfs/stdafx.h Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/libhdfs/targetver.h Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/exception.c Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/hdfs.c Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/native_mini_dfs.c Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_read.c Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_threaded.c Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_write.c Examining data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_native_mini_dfs.c Examining data/snap-aligner-1.0.0+dfsg/tests/AffineGapTest.cpp Examining data/snap-aligner-1.0.0+dfsg/tests/AffineGapVectorizedTest.cpp Examining data/snap-aligner-1.0.0+dfsg/tests/EventTest.cpp Examining data/snap-aligner-1.0.0+dfsg/tests/LandauVishkinTest.cpp Examining data/snap-aligner-1.0.0+dfsg/tests/ProbabilityDistanceTest.cpp Examining data/snap-aligner-1.0.0+dfsg/tests/TestLib.cpp Examining data/snap-aligner-1.0.0+dfsg/tests/TestLib.h Examining data/snap-aligner-1.0.0+dfsg/tests/main.cpp FINAL RESULTS: data/snap-aligner-1.0.0+dfsg/SNAPLib/BigAlloc.cpp:337:5: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(buffer, "(RESERVE)", sizeof(buffer)); data/snap-aligner-1.0.0+dfsg/SNAPLib/BigAlloc.cpp:349:5: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(buffer, "(COMMIT)", sizeof(buffer)); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.h:55:16: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. virtual char *gets(char *buf, size_t count) = 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_Blob.cpp:95:25: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. char *GenericFile_Blob::gets(char *buf, size_t count) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_Blob.h:43:16: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. virtual char *gets(char *buf, size_t count); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.cpp:351:25: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. char *GenericFile_HDFS::gets(char *buf, size_t count) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.h:40:16: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. virtual char *gets(char *buf, size_t count); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.cpp:81:26: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. char *GenericFile_stdio::gets(char *buf, size_t count) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.h:35:16: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. virtual char *gets(char *buf, size_t count); data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:399:29: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. char *retval = (*file)->gets(linebuf, sizeof(linebuf)); data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:266:22: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. return file->gets(s, size); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:204:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(g_indexDirectory, options->indexDir); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:389:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer, percentageBuffer); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:416:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, percentageBuffer); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:454:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(internalScoreTag, argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:870:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newReadGroup, argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:875:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s, format, defaultReadGroup); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:912:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(indexFileName, options->outputFile.fileName); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1272:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)rg->value(), read->getReadGroup()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1541:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)rg->value(), read->getReadGroup()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1802:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)rg->value(), read->getReadGroup()); data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:45:15: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TRACE printf data/snap-aligner-1.0.0+dfsg/SNAPLib/BigAlloc.cpp:70:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, caller); data/snap-aligner-1.0.0+dfsg/SNAPLib/BigAlloc.cpp:139:13: [4] (access) SetThreadToken: If this call fails, the program could fail to drop heightened privileges (CWE-250). Make sure the return value is checked, and do not continue if a failure is reported. b = SetThreadToken(NULL, hThread); data/snap-aligner-1.0.0+dfsg/SNAPLib/ChimericPairedEndAligner.cpp:36:15: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TRACE printf data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1085:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullyQualifiedPipeName, "%s%s", prefix, pipeName); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2199:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullyQualifiedPipeName, "%s%s%s", pipeDirectory, pipeName, (serverSide == forInput) ? toServer : toClient); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2261:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pipe->pipeName, pipeName); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.h:49:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.h:49:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:53:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tempFileName, "%s%c%s%s", options->sortIntermediateDirectory, PATH_SEP, terminalComponent, tempExtension); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:58:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tempFileName, "%s%s", options->outputFile.fileName, tempExtension); data/snap-aligner-1.0.0+dfsg/SNAPLib/Error.cpp:56:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, bufferSize - 1, message, args); data/snap-aligner-1.0.0+dfsg/SNAPLib/Error.cpp:71:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, bufferSize - 1, message, args); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:110:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newStringCopy, newString); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:495:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(backpointerSpillFileName, "%s%c%s", directoryName, PATH_SEP, BACKPOINTER_TABLE_SPILL_FILE_NAME); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:587:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(halfBuiltHashTableSpillFileName, "%s%c%s.%d", directoryName, PATH_SEP, HALF_BUILT_HASH_TABLE_SPILL_FILE_NAME, i); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:665:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(halfBuiltHashTableSpillFileName, "%s%c%s.%d", directoryName, PATH_SEP, HALF_BUILT_HASH_TABLE_SPILL_FILE_NAME, whichHashTable); data/snap-aligner-1.0.0+dfsg/SNAPLib/ProbabilityDistance.cpp:7:15: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TRACE printf data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.cpp:111:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, i_fileName); data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.cpp:212:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName1, i_fileName1); data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.cpp:216:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName2, i_fileName2); data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp:45:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(internalScoreTag, i_internalScoreTag); data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp:660:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(internalScoreTag, i_internalScoreTag); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:340:33: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefixedName, "chr%s", contigName); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:491:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rgLines + rgLineOffsets[numRGLines - 1], rgSlot); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1185:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(commandLine,argv[i]); data/snap-aligner-1.0.0+dfsg/SNAPLib/SortedDataWriter.cpp:157:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(internalScoreTag, i_internalScoreTag); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/exception.h:127:50: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. const char *fmt, ... ) __attribute__((format(printf, 4, 5))); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/exception.h:144:50: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. const char *fmt, ... ) __attribute__((format(printf, 3, 4))); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/exception.h:170:50: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. const char *fmt, ... ) __attribute__((format(printf, 2, 3))); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/uthash.h:277:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0) data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/exception.c:124:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/exception.c:184:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:809:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (jvmPath, JVMPath); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:965:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (savePtr,token); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:971:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf ( optHadoopClassPath, data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:978:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf ( optHadoopClassPath, data/snap-aligner-1.0.0+dfsg/tests/EventTest.cpp:69:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "many started %d%s\n", threads, i_bind ? " bind" : ""); data/snap-aligner-1.0.0+dfsg/tests/EventTest.cpp:72:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "many proceeded %d%s\n", threads, i_bind ? " bind" : ""); data/snap-aligner-1.0.0+dfsg/tests/EventTest.cpp:113:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "single started %d%s\n", threads, i_bind ? " bind" : ""); data/snap-aligner-1.0.0+dfsg/tests/EventTest.cpp:117:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "single proceeded %d of %d%s\n", i, threads, i_bind ? " bind" : ""); data/snap-aligner-1.0.0+dfsg/tests/EventTest.cpp:120:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "single after proceeded %d of %d%s\n", i, threads, i_bind ? " bind" : ""); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:150:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(lock); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:158:5: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(lock); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:590:5: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(writeQueueLock); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:716:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(file->writeQueueLock); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:732:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(file->writeQueueLock); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:739:9: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(file->writeQueueLock); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.cpp:47:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(unsigned(time(NULL))); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:805:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *JVMPath = getenv("LIBHDFS_JVM_PATH"); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:870:25: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hdfs_hinstLib = LoadLibrary ( jvmPath ); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:931:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *hadoopClassPath = getenv("LIBHDFS_CLASSPATH"); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:982:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. hadoopJvmArgs = getenv("LIBHDFS_OPTS"); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:1000:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. hadoopJvmArgs = getenv("LIBHDFS_OPTS"); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_threaded.c:277:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tlhNumThreadsStr = getenv("TLH_NUM_THREADS"); data/snap-aligner-1.0.0+dfsg/SNAPLib/AffineGap.cpp:472:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cigarBuf, bamOps, bamBufUsed); data/snap-aligner-1.0.0+dfsg/SNAPLib/AffineGap.h:430:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backtraceAction[(MAX_READ_LENGTH + MAX_K)][MAX_READ_LENGTH][3]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AffineGap.h:489:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backtraceAction[(MAX_READ_LENGTH + MAX_K)][MAX_READ_LENGTH][3]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AffineGap.h:495:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char action[MAX_READ_LENGTH]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AffineGapVectorized.cpp:570:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cigarBuf, bamOps, bamBufUsed); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:125:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* outputFile = fopen("SNAPInstrumentation.txt", "w"); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:264:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). perfFile = fopen(options->perfFileName,"a"); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:380:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char percentageBuffer[percentageBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:382:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(percentageBuffer, " (%.02f%%)", pct); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:402:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char percentageBuffer[percentageBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:405:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(percentageBuffer, "%.02f%%", pct); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:407:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(percentageBuffer, "%d%%", (unsigned)((100.0 * pct) + .5)); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:437:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tooShort[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:438:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char single[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:439:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char multi[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:440:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unaligned[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:441:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numReads[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:442:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char readsPerSecond[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:443:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alignTimeString[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:445:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filtered[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:446:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extraAlignments[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:447:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pctPairs[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:448:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pctRead[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:449:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pctAlign[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:450:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pctWrite[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:451:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pctAg[strBufLen]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:306:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxDist = atoi(argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:318:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numSeedsFromCommandLine = atoi(argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:338:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minWeightToCheck = (unsigned)atoi(argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:349:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxHits = atoi(argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:367:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numThreads = atoi(argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:444:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sortMemory = atoi(argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:564:59: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxSecondaryAlignmentAdditionalEditDistance = atoi(argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:576:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxSecondaryAlignments = atoi(argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:607:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxSecondaryAlignmentsPerContig = atoi(argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:631:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). writeBufferSize = atoi(argv[n + 1]) * 1024 * 1024; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:668:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). matchReward = atoi(argv[n]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:680:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). subPenalty = atoi(argv[n]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:692:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gapOpenPenalty = atoi(argv[n]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:704:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gapExtendPenalty = atoi(argv[n]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:713:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minReadLength = atoi(argv[n]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:736:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copyToPtr, "@RG\t", 4); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:828:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newReadGroup, buffer + i + 1, idTagSize); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:908:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). extraSearchDepth = atoi(argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:945:54: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxScoreGapToPreferNonALTAlignment = atoi(argv[n + 1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.h:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char internalScoreTag[3]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignmentAdjuster.cpp:51:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarBuf[cigarBufLen + 1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignmentAdjuster.cpp:52:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dataBuffer[MAX_READ_LENGTH]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignmentAdjuster.cpp:84:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dataBuffer, read->getUnclippedData(), read->getUnclippedLength()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:197:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, header->text(), textHeaderSize); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:353:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i += sprintf(o_cigar + i, "%u", *cigar >> 4); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:913:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(indexFileName + len, ".bai"); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:976:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(refseq->name(), contigs[i].name, len); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1015:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *contigName[2] = {"*", "*"}; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1018:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *mateContigName[2] = {"*", "*"}; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1023:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[2][MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1024:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quality[2][MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1238:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->read_name(), read->getId(), qnameLen[whichRead]); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1240:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->cigar(), cigarBuf[whichRead], cigarOps[whichRead] * 4); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1243:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->qual(), quality[whichRead], fullLength[whichRead]); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1250:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->firstAux(), aux, auxLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1258:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(auxData->value(), aux + 5, auxLen - 5); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1280:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)bam->firstAux() + auxLen, context.defaultReadGroupAux, context.defaultReadGroupAuxLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1288:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)pg->value(), "SNAP"); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1392:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1393:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quality[MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1508:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->read_name(), read->getId(), qnameLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1510:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->cigar(), cigarBuf, cigarOps * 4); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1515:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->qual(), quality, fullLength); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1521:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->firstAux(), aux, auxLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1528:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(auxData->value(), aux + 5, auxLen - 5); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1547:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)bam->firstAux() + auxLen, context.defaultReadGroupAux, context.defaultReadGroupAuxLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1554:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*) pg->value(), "SNAP"); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1638:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1639:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quality[MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1768:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->read_name(), read->getId(), qnameLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1770:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->cigar(), cigarBuf, cigarOps * 4); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1775:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->qual(), quality, fullLength); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1781:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bam->firstAux(), aux, auxLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1789:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(auxData->value(), aux + 5, auxLen - 5); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1809:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)bam->firstAux() + auxLen, context.defaultReadGroupAux, context.defaultReadGroupAuxLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1816:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)pg->value(), "SNAP"); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:2368:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bestReadId[120]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:2986:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char readId[120]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:3173:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* index = fopen(indexFileName, "wb"); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:3174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[4] = {'B', 'A', 'I', 1}; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.h:213:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[2]; data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:311:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char genomeLocationBuffer[genomeLocationBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:806:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char genomeLocationBuffer[genomeLocationBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.h:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rcTranslationTable[256]; data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.h:399:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *reversedRead[NUM_DIRECTIONS]; data/snap-aligner-1.0.0+dfsg/SNAPLib/BigAlloc.cpp:335:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/snap-aligner-1.0.0+dfsg/SNAPLib/BigAlloc.cpp:347:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/snap-aligner-1.0.0+dfsg/SNAPLib/BufferedAsync.cpp:30:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). BufferedAsyncReader::open( data/snap-aligner-1.0.0+dfsg/SNAPLib/BufferedAsync.cpp:97:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, buffer[reading] + readOffset, first); data/snap-aligner-1.0.0+dfsg/SNAPLib/BufferedAsync.cpp:113:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*) data + first, buffer[reading], readOffset); data/snap-aligner-1.0.0+dfsg/SNAPLib/BufferedAsync.cpp:142:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). BufferedAsyncWriter::open( data/snap-aligner-1.0.0+dfsg/SNAPLib/BufferedAsync.cpp:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, data, bytes); data/snap-aligner-1.0.0+dfsg/SNAPLib/BufferedAsync.h:28:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(AsyncFile* file, size_t offset, size_t length, size_t bufferSize, bool async = false, void* buffer0 = NULL, void* buffer1 = NULL); data/snap-aligner-1.0.0+dfsg/SNAPLib/BufferedAsync.h:51:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(AsyncFile* file, size_t bufferSize, volatile _int64* sharedOffset = NULL); data/snap-aligner-1.0.0+dfsg/SNAPLib/CommandProcessor.cpp:108:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char commandBuffer[commandBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/CommandProcessor.cpp:121:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int argc = atoi(commandBuffer); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:62:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[20]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:63:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, ":%d", line); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:483:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static WindowsAsyncFile* open(const char* filename, bool write); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:568:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). WindowsAsyncFile::open( data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1470:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(fileName, O_RDONLY); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1507:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmode[3]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1509:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* file = fopen(filename, fmode); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1563:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(filename, write ? O_CREAT | O_RDWR : O_RDONLY, S_IRUSR | S_IWUSR); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1616:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static PosixAsyncFile* open(const char* filename, bool write); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1669:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). PosixAsyncFile::open( data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1673:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = ::open(filename, write ? O_CREAT | O_RDWR | O_TRUNC : O_RDONLY, write ? S_IRWXU | S_IRGRP : 0); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1852:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static OsxAsyncFile* open(const char* filename, bool write); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1903:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). OsxAsyncFile::open( data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1907:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = ::open(filename, write ? O_CREAT | O_RDWR | O_TRUNC : O_RDONLY, write ? S_IRWXU | S_IRGRP : 0); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2041:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fileName, O_RDONLY); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2176:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *pipeFile = fopen(fullyQualifiedPipeName, forInput ? "r" : "w"); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2375:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). AsyncFile* AsyncFile::open(const char* filename, bool write) data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2378:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return StdoutAsyncFile::open("-", true); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2381:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return WindowsAsyncFile::open(filename, write); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2384:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return PosixAsyncFile::open(filename, write); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2386:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return OsxAsyncFile::open(filename, write); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.h:402:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static AsyncFile* open(const char* filename, bool write); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp:258:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newHeaderBuffer, headerBuffer, headerBufferSize); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp:317:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(headerBuffer + validBytesInHeader, dataFromUnderlyingStore + offsetIntoBuffer, bytesToCopy); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp:881:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->buffer, overflowBuffer, overflowBytes); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp:931:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(overflowBuffer, info->buffer + bufferOffset + bytesRead - overflowBytes, overflowBytes); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp:1429:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newSpace, decompressed, copyOld); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp:1587:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(next->decompressed + overflowBytes - copy, old->decompressed + old->decompressedValid - copy, copy); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp:1746:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char result[100]; data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp:1747:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "not found"); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp:1751:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "compressed #%d @ %lld", i, (char*)p - e->compressed); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp:1755:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "decompressed #%d %lld", i, (char*) p - e->decompressed); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataReader.cpp:1759:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "extra #%d %lld", i, (char*) p - e->decompressed - extraBytes); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:485:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuffer, write->buffer, write->used); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:507:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuffer, write->buffer + bytesRead, batches[current].used); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:516:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(batches[current].buffer, write->buffer + bytesRead, batches[current].used); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:600:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = AsyncFile::open(filename, true); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:766:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). StdoutAsyncFile::open(const char *filename, bool write) data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.h:236:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static StdoutAsyncFile *open(const char *filename, bool write); data/snap-aligner-1.0.0+dfsg/SNAPLib/Error.cpp:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[bufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Error.cpp:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[bufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp:191:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fastaFile = fopen(fileName, "r"); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:476:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *file = fopen(filename,"wb"); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:554:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *fileNames[2] = {fileName0, fileName1}; data/snap-aligner-1.0.0+dfsg/SNAPLib/FixedSizeMap.h:216:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bloomFilter[bloomFilterSizeInChar]; data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.cpp:47:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile *GenericFile::open(const char *filename, Mode mode) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.cpp:57:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). retval = GenericFile_HDFS::open(filename, mode); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.cpp:63:37: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). retval = GenericFile_stdio::open(filename, mode); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.h:41:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static GenericFile *open(const char *fileName, Mode mode); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_Blob.cpp:32:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile_Blob::open(void *i_blob, size_t i_blobSize) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_Blob.cpp:45:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, base, bytesReturned); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_Blob.h:39:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static GenericFile_Blob *open(void *i_blob, size_t i_blobSize); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.cpp:61:37: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile_HDFS *GenericFile_HDFS::open(const char *filename, Mode mode) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.cpp:114:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[100]; data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.cpp:117:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf+i*3, "%02x:", (unsigned char) ptr[i]); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.cpp:284:50: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile_HDFS *localFile = GenericFile_HDFS::open(workQueue->getFile()->getFilename(), ReadOnly); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.cpp:340:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.h:36:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static GenericFile_HDFS *open(const char *filename, Mode mode); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_map.cpp:29:35: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile_map *GenericFile_map::open(const char *filename) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_map.h:32:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static GenericFile_map *open(const char *filename); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.cpp:38:39: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile_stdio *GenericFile_stdio::open(const char *filename, Mode mode) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.cpp:54:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). retval->_file = fopen(filename, fMode); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.cpp:64:39: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile_stdio *GenericFile_stdio::open(const char *filename) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.cpp:66:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(filename, ReadOnly); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.h:31:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static GenericFile_stdio *open(const char *filename, Mode mode); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.h:32:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static GenericFile_stdio *open(const char *filename); // no Mode means ReadOnly data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:66:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bases + nBases,data,len); data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:158:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *saveFile = fopen(fileName,"wb"); data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:362:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(contigsByName, contigs, nContigs * sizeof(Contig)); data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:388:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *file = GenericFile_map::open(filename); data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:390:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *file = GenericFile::open(filename, GenericFile::ReadOnly); data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:398:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[2000]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:625:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uintBuffer[uintBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:113:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newList, *list, sizeof(char *) * *length); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:155:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seedLen = atoi(argv[n+1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:173:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). locationSize = atoi(argv[n+1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:189:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxThreads = atoi(argv[n]+2); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:195:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chromosomePadding = atoi(argv[n] + 2); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:205:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). keySizeInBytes = atoi(argv[n+1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:244:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *inputFile = fopen(argv[n + 1], "r"); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:270:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *inputFile = fopen(argv[n + 1], "r"); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:396:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). histogramFile = fopen(histogramFileName, "w"); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:496:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). backpointerSpillFile = fopen(backpointerSpillFileName, "w+b"); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:652:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *tablesFile = fopen(filenameBuffer, "wb"); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:666:49: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile_stdio *file = GenericFile_stdio::open(halfBuiltHashTableSpillFileName); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:683:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)&value, values64 + (_int64)locationSize * i, locationSize); // assumes little endian data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:718:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(values64 + (_int64)locationSize * i, &newValue, locationSize); // Assumes little endian data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:807:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fOverflowTable = fopen(filenameBuffer, "wb"); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:842:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *indexFile = fopen(filenameBuffer,"w"); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1425:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&entryValue, entryPointer, locationSize); // Assumes little endian data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1428:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entryPointer, &locationAsInt64, locationSize); // Assumes little endian data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1439:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entryPointer, &entryValue, locationSize); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1447:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entryPointer, &entryValue, locationSize); // Assumes little endian data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1674:43: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile *indexFile = GenericFile::open(filenameBuffer, GenericFile::ReadOnly); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1684:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). indexFile = GenericFile::open(filenameBuffer, GenericFile::ReadOnly); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1694:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexFileBuf[1000]; data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1762:50: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile *overflowTableFile = GenericFile::open(filenameBuffer, GenericFile::ReadOnly); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1773:49: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). index->mappedOverflowTable = GenericFile_map::open(filenameBuffer); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1804:46: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile *fOverflowTable = GenericFile::open(filenameBuffer, GenericFile::ReadOnly); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1837:46: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GenericFile *hashTableFile = GenericFile::open(filenameBuffer, GenericFile::ReadOnly); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1855:42: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). index->mappedTables = GenericFile_map::open(filenameBuffer); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1860:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tablesFile = GenericFile::open(filenameBuffer, GenericFile::ReadOnly); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1875:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). blobFile = GenericFile_Blob::open(index->tablesBlob, hashTablesFileSize); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:2056:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *entry = (char *)hashTables[seed.getHighBases(hashTableKeySize)]->GetFirstValueForKey(lowBases); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:2067:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&entryByValue[0], entry, locationSize); // Works because we're litte-endian data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:2068:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&entryByValue[1], entry + locationSize, locationSize); // Again, required litte-endianness. data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:2090:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *entry = (char *)hashTables[seed.getHighBases(hashTableKeySize)]->GetFirstValueForKey(lowBases); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:2100:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&entryByValue, entry, locationSize); // Assumes little endian data/snap-aligner-1.0.0+dfsg/SNAPLib/GzipDataWriter.cpp:184:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(input + toUsed, buffer + i * chunkSize, sizes[i]); data/snap-aligner-1.0.0+dfsg/SNAPLib/GzipDataWriter.cpp:438:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, eof, sizeof(eof)); data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp:69:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(getEntry(i), &invalidValueValue, valueSizeInBytes); data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp:187:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *saveFile = fopen(saveFileName,"wb"); data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp:335:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)entry + i * valueSizeInBytes, &data[i], valueSizeInBytes); // Assumes little endian data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.h:130:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(values + i, entry + i * valueSizeInBytes, valueSizeInBytes); data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.h:161:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[1]; // Actual size of key determined by keySizeInBytes data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.h:181:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&value, (char *)entry + whichValue * valueSizeInBytes, valueSizeInBytes); // Assumes little-endian data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.h:197:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)entry + valueSizeInBytes * valueCount, &key, keySizeInBytes); data/snap-aligner-1.0.0+dfsg/SNAPLib/IntersectingPairedEndAligner.h:370:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *rcReadData[NUM_READS_PER_PAIR]; // the reverse complement of the data for each read data/snap-aligner-1.0.0+dfsg/SNAPLib/IntersectingPairedEndAligner.h:371:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *rcReadQuality[NUM_READS_PER_PAIR]; // the reversed quality strings for each read data/snap-aligner-1.0.0+dfsg/SNAPLib/IntersectingPairedEndAligner.h:377:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *reversedRead[NUM_READS_PER_PAIR][NUM_DIRECTIONS]; // The reversed data for each read for forward and RC. This is used in the backwards LV data/snap-aligner-1.0.0+dfsg/SNAPLib/IntersectingPairedEndAligner.h:388:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rcTranslationTable[256]; data/snap-aligner-1.0.0+dfsg/SNAPLib/LandauVishkin.cpp:568:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(text2, text, textLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/LandauVishkin.cpp:570:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pattern2, pattern, patternLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/LandauVishkin.cpp:633:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cigarBuf, bamOps, bamBufUsed); data/snap-aligner-1.0.0+dfsg/SNAPLib/LandauVishkin.h:423:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char A_space[(MAX_K + 1) * (2 * MAX_K + 1)]; data/snap-aligner-1.0.0+dfsg/SNAPLib/LandauVishkin.h:427:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backtraceAction[MAX_K+1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/LandauVishkin.h:502:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char A[MAX_K+1][2 * MAX_K + 1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/LandauVishkin.h:511:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backtraceAction[MAX_K+1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.cpp:289:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minSpacing = atoi(argv[n+1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.cpp:290:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxSpacing = atoi(argv[n+2]); data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.cpp:298:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). intersectingAlignerMaxHits = atoi(argv[n+1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.cpp:311:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxCandidatePoolSize = atoi(argv[n+1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.cpp:328:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxSeedsSingleEnd = atoi(argv[n+1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.cpp:334:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minScoreRealignment = atoi(argv[n+1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.cpp:340:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minScoreGapRealignmentALT = atoi(argv[n+1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.cpp:346:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minAGScoreImprovement = atoi(argv[n+1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.cpp:480:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p[0], reads[0]->getId(), n[0]); p[0][n[0]] = 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedAligner.cpp:481:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p[1], reads[1]->getId(), n[1]); p[1][n[1]] = 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedReadMatcher.cpp:212:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[200]; data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedReadMatcher.cpp:215:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, i->value->getId(), l); data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedReadMatcher.cpp:277:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, id, idLength); data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.cpp:44:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p[0], read0->getId(), n[0]); p[0][n[0]] = 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.cpp:45:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p[1], read1->getId(), n[1]); p[1][n[1]] = 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:278:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localBuffer, other.localBuffer, other.localBufferAllocationOffset); data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:448:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localBuffer + localBufferAllocationOffset, quality, unclippedLength); data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:730:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localBuffer[MAX_READ_LENGTH * 3]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:769:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[bufferSize+1]; // +1 for trailing null data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:776:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *frontClipping = atoi(buffer); data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:804:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *backClipping = atoi(buffer); data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:870:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(idBuffer,baseRead.getId(),baseRead.getIdLength()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:873:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dataBuffer,baseRead.getUnclippedData(),baseRead.getUnclippedLength()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:876:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qualityBuffer,baseRead.getUnclippedQuality(),baseRead.getUnclippedLength()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:888:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(auxBuffer, aux, auxLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:895:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ownBuffer[MAX_READ_LENGTH * 2 + 1000]; // internal buffer for copied data data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:280:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copyOut->reads, elements[largerOne]->reads, minReads * sizeof(Read)); data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char internalScoreTag[3]; data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp:122:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(writerBuffer, localBuffer + bytesWritten, bytesToWrite); data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp:687:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char internalScoreTag[3]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:179:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, buffer, headerSize); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:262:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lineBuffer, nextLineToProcess, c - nextLineToProcess); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:310:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuffer, contigName, contigNameBufferSize); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:338:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixedName[maxShortNameSize + 4]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:359:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_ref_locations, ref_locations, sizeof(GenomeLocation)* n_ref_slots); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:389:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuffer, rgSlot, rg_slot_size); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:407:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuffer, rgSlot, rg_slot_size); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:434:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuffer, rgSlot, rg_slot_size); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:452:41: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuffer, rgSlot, rg_slot_size); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:481:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newRGLines, rgLines, sizeof(char) * n_rg_slots * rg_slot_size); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:483:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newRGLineOffsets, rgLineOffsets, sizeof(size_t) * n_rg_slots); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:599:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[nSAMFields]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:612:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char contigNameBuffer[contigNameBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:643:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flagBuffer[flagBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:648:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(flagBuffer,field[FLAG],fieldLength[FLAG]); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:663:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned pnext = atoi(field[PNEXT]); // Relies on atoi() returning 0 for non-numeric fields (i.e., *) data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:665:129: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). read->init(field[QNAME],(unsigned)fieldLength[QNAME],field[SEQ],field[QUAL],(unsigned)fieldLength[SEQ], genomeLocation, atoi(field[MAPQ]), _flag, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:731:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *mapQ = atoi(field[MAPQ]); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:766:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(contigName,field[rfield],fieldLength[rfield]); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:794:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char posBuffer[posBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:799:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(posBuffer,field[posfield],fieldLength[posfield]); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1022:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char contigNameBuffer[contigNameBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1046:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char contigNameBuffer[contigNameBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1221:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header + bytesConsumed, p, (newline - p)); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1355:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, read->getUnclippedData(), read->getUnclippedLength()); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1356:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(quality, read->getUnclippedQuality(), read->getUnclippedLength()); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1667:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, read->getUnclippedData(), read->getUnclippedLength()); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1668:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(quality, read->getUnclippedQuality(), read->getUnclippedLength()); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1727:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarBuf[2][cigarBufSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1730:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarBufWithClipping[2][cigarBufWithClippingSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1733:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *contigName[2] = {"*", "*"}; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1736:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *mateContigName[2] = {"*", "*"}; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1739:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *cigar[2] = {"*", "*"}; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1743:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[2][MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1744:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quality[2][MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1878:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nmString[nmStringSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1918:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char internalScoreBuffer[internalScoreBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1938:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mqsString[nmStringSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1943:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char libraryString[libraryStringSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2030:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarBuf[cigarBufSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2033:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarBufWithClipping[cigarBufWithClippingSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2046:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2047:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quality[MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2103:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nmString[nmStringSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2143:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char internalScoreBuffer[internalScoreBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2220:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarBuf[cigarBufSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarBufWithClipping[cigarBufWithClippingSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2236:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quality[MAX_READ]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2306:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nmString[nmStringSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2347:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char internalScoreBuffer[internalScoreBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2679:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clipBefore[16] = {'\0'}; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2680:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clipAfter[16] = {'\0'}; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2681:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hardClipBefore[16] = {'\0'}; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2682:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hardClipAfter[16] = {'\0'}; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2769:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clipBefore[16] = { '\0' }; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2770:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clipAfter[16] = { '\0' }; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2771:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hardClipBefore[16] = { '\0' }; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2772:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hardClipAfter[16] = { '\0' }; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char contigNameBuffer[contigNameBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3213:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mateContigNameBuffer[mateContigNameBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3242:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flagBuffer[flagBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3247:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(flagBuffer, fields[SAMReader::FLAG], lengths[SAMReader::FLAG]); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3267:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mateQualBuffer[mateQualBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3275:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mateQualBuffer, mateQualValueStart, mateQualValueLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3285:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char libraryNameBuffer[libraryNameBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3293:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(libraryNameBuffer, libraryNameStart, libraryNameLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3343:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flagBuffer[flagBufferSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3348:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(flagBuffer, fields[SAMReader::FLAG], lengths[SAMReader::FLAG]); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3454:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char readId[120]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3631:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bestReadId[120]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3750:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + bufferUsed, currentBuffer + offsets[i].offset, recordSize); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3921:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(currentBuffer + offsets[0].offset, buffer, bufferUsed); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3937:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(currentBuffer + offsets[0].offset, buffer, bufferUsed); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3951:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(currentBuffer + offsets[0].offset, buffer, bufferUsed); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3976:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(currentBuffer + offsets[0].offset, buffer, bufferUsed); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:368:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarBuf[cigarBufSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:373:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cigarBuf, cigar, cigarLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:393:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarBuf[cigarBufSize]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:398:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cigarBuf, cigar, cigarLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/SortedDataWriter.cpp:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char internalScoreTag[3]; data/snap-aligner-1.0.0+dfsg/SNAPLib/SortedDataWriter.cpp:980:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(toBuffer + target, fromBuffer + i->offset, i->length); data/snap-aligner-1.0.0+dfsg/SNAPLib/SortedDataWriter.cpp:1146:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(writeBuffer, b->data, b->length); data/snap-aligner-1.0.0+dfsg/SNAPLib/SortedDataWriter.cpp:1277:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wbuffer, rbuffer, xfer); data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.h:15:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char complement[256]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.h:16:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char isN[256]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.h:19:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valueBase[5]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.h:20:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char value4RC[256]; // reverse complement of 4 bases/byte data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.h:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char toUpperCaseDotToN[256]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.h:25:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packedBaseValue[256]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.h:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packedQualityMask[256]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.h:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packedValueBase[256]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.h:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packedValueBaseRC[256]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Tables.h:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarQualToSam[256]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:164:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempBuf[5]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:166:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tempBuf, ",%03lld", x % 1000); data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:169:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tempBuf, "%lld", x); data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:174:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outputBuffer + offset, tempBuf, strlen(tempBuf)); data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:234:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuffer, *buffer, offset); data/snap-aligner-1.0.0+dfsg/SNAPLib/VariableSizeVector.h:79:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entries, old, count * sizeof(V)); data/snap-aligner-1.0.0+dfsg/SNAPLib/VariableSizeVector.h:135:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&entries[count], other->entries, other->count * sizeof(V)); data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:135:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarForAligned[cigarBufLen]; data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:147:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idBuffer[10000]; // Hopefully big enough. I'm not worried about malicious input data here. data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:149:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(idBuffer,read->getId(),read->getIdLength()); data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:199:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char correctChromosomeName[1000]; data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:200:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(correctChromosomeName, idBuffer, chrNameLen); data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:266:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarA[cigarBufLen]; data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:267:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarB[cigarBufLen]; data/snap-aligner-1.0.0+dfsg/apps/SNAPCommand/SNAPCommand.cpp:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char argcBuffer[100]; data/snap-aligner-1.0.0+dfsg/apps/SNAPCommand/SNAPCommand.cpp:69:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(argcBuffer, "%d", argc - startingArg + 1); // +1 is for the command name, argv[0] data/snap-aligner-1.0.0+dfsg/apps/SNAPCommand/SNAPCommand.cpp:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputBuffer[outputBufferSize]; data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idBuffer[idBufferSize]; data/snap-aligner-1.0.0+dfsg/apps/wc/wc.cpp:50:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(inputFile->fileName, "rb"); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/exception.c:207:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/hdfs.c:569:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char suffix[64]; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:806:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char jvmPath [2000] = ""; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:811:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (jvmPath, "libjvm.so"); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:846:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t jvmPath[2000]; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:63:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[32]; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:267:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:321:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char permissions[10]; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:343:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char permissions[10]; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:457:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rdbuffer[32]; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_threaded.c:115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[256], tmp[256]; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_threaded.c:281:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlhNumThreads = atoi(tlhNumThreadsStr); data/snap-aligner-1.0.0+dfsg/tests/EventTest.cpp:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/snap-aligner-1.0.0+dfsg/tests/EventTest.cpp:112:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/snap-aligner-1.0.0+dfsg/tests/LandauVishkinTest.cpp:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigarBuf[1024]; data/snap-aligner-1.0.0+dfsg/tests/ProbabilityDistanceTest.cpp:22:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quality10[2] = {43, 0}; data/snap-aligner-1.0.0+dfsg/SNAPLib/AffineGap.cpp:483:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *o_cigarBufUsed = (int)strlen(cigarBuf) + 1; data/snap-aligner-1.0.0+dfsg/SNAPLib/AffineGapVectorized.cpp:581:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *o_cigarBufUsed = (int)strlen(cigarBuf) + 1; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:203:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_indexDirectory = new char [strlen(options->indexDir) + 1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:383:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(percentageBuffer) + strlen(buffer) >= bufferLen || desiredWidth >= bufferLen) { // >= accounts for terminating null data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:383:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(percentageBuffer) + strlen(buffer) >= bufferLen || desiredWidth >= bufferLen) { // >= accounts for terminating null data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:390:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (size_t x = strlen(buffer); x < desiredWidth; x++) { data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:391:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buffer, " "); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:410:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(percentageBuffer) + 1 > bufferLen) { data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:417:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (size_t x = strlen(buffer); x < desiredWidth; x++) { data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.cpp:418:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buffer, " "); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerContext.h:167:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual void writeRead(Read* read, SingleAlignmentResult* result) {} data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:449:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (n + 1 >= argc || strlen(argv[n + 1]) != 2 || argv[n + 1][0] < 'X' || argv[n + 1][0] > 'Z' || argv[n + 1][1] < 'A' || argv[n + 1][1] > 'Z') { data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:506:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int whichChar = 0; whichChar < strlen(argv[n]); whichChar++) { data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:730:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bool needsRG = strlen(argv[n+1]) < 5 || !(argv[n + 1][0] == '@' && argv[n + 1][1] == 'R' && argv[n + 1][2] == 'G' && argv[n + 1][3] == '\\' && argv[n + 1][4] == 't'); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:731:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const unsigned buflen = (unsigned)(strlen(argv[n + 1]) + 1 + (needsRG ? 4 : 0)); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:783:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int i = 0; NULL == defaultReadGroup && i < strlen(buffer); i++) { data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:869:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* newReadGroup = new char[strlen(argv[n + 1]) + 1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:874:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* s = new char[1 + strlen(defaultReadGroup) + strlen(format)]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:874:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* s = new char[1 + strlen(defaultReadGroup) + strlen(format)]; data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:914:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(argv[n]) >= 2 && '-' == argv[n][0] && 'C' == argv[n][1]) { data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:915:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[n]) != 4 || ('-' != argv[n][2] && '+' != argv[n][2]) || data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.cpp:966:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read* read, data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignerOptions.h:150:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool passFilter(Read* read, AlignmentResult result, bool tooShort, bool secondaryAlignment); data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignmentAdjuster.cpp:34:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). AlignmentAdjuster::AdjustAlignment(Read *read, SingleAlignmentResult *result) data/snap-aligner-1.0.0+dfsg/SNAPLib/AlignmentAdjuster.h:36:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void AdjustAlignment(Read *read, SingleAlignmentResult *result); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:607:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read, data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:638:65: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getReadFromLine(context.genome, buffer, buffer + bytes, read, alignmentResult, genomeLocation, data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:649:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rgFromAuxLen = strlen(rgFromAux); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:683:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read, data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:722:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (NULL != read) { data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:825:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t * spaceUsed, size_t qnameLen, Read * read, AlignmentResult result, data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:834:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t * spaceUsed, size_t qnameLen, Read * read, AlignmentResult result, data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:910:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->outputFile.fileName); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:970:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int)strlen(contigs[i].name) + 1; data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1185:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bamSize += 4 + strlen(read->getReadGroup()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1266:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((char*)bam->firstAux() + auxLen + 4 + strlen(read->getReadGroup()) > buffer + bufferSpace) { data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1328:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char*)lb->value(), read->getLibrary(), read->getLibraryLength()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1355:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read * read, data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1411:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qnameLen, read, result, genomeLocation, direction, secondaryAlignment, supplementaryAlignment, useM, data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1458:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bamSize += 4 + strlen(read->getReadGroup()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1536:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((char*)bam->firstAux() + auxLen + 4 + strlen(read->getReadGroup()) > buffer + bufferSpace) { data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1579:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char*)lb->value(), read->getLibrary(), read->getLibraryLength()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1601:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read * read, data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1657:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qnameLen, read, result, genomeLocation, direction, secondaryAlignment, supplementaryAlignment, useM, data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1717:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bamSize += 4 + strlen(read->getReadGroup()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1797:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((char*)bam->firstAux() + auxLen + 4 + strlen(read->getReadGroup()) > buffer + bufferSpace) { data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:1841:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char*)lb->value(), read->getLibrary(), read->getLibraryLength()); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:2061:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BAMAlignment* getNextRead(BAMAlignment* read, size_t* o_fileOffset = NULL); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:2377:42: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). void setBestReadId(const char* id) { strncpy(bestReadId, id, sizeof(bestReadId)); } data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:2431:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int i = 0; i < strlen(str); i++) data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.cpp:2987:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(readId, id, sizeof(readId)); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.h:278:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return val_type == STRING_VAL_TYPE ? strlen((const char*) value()) + 4 data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.h:412:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool getNextRead(Read *read, AlignmentResult *alignmentResult, GenomeLocation *genomeLocation, bool *isRC, unsigned *mapQ, data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.h:415:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return getNextRead(read,alignmentResult,genomeLocation,isRC,mapQ,flag,false,cigar); data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.h:464:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool getNextRead(Read *read, AlignmentResult *alignmentResult, data/snap-aligner-1.0.0+dfsg/SNAPLib/Bam.h:467:89: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void getReadFromLine(const Genome *genome, char *line, char *endOfBuffer, Read *read, AlignmentResult *alignmentResult, data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:421:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read[NUM_DIRECTIONS]; data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:422:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[FORWARD] = inputRead; data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:423:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[RC] = &reverseComplimentRead; data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:424:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[RC]->init(NULL, 0, rcReadData, rcReadQuality, readLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:473:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read, data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:491:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). finalizeSecondaryResults(read[FORWARD], primaryResult, nSecondaryResults, secondaryResults, maxSecondaryResults, maxEditDistanceForSecondaryResults, primaryResult->score); data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:519:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!Seed::DoesTextRepresentASeed(read[FORWARD]->getData() + nextSeedToTest, seedLen)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:523:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Seed seed(read[FORWARD]->getData() + nextSeedToTest, seedLen); data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:696:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read, data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:712:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). finalizeSecondaryResults(read[FORWARD], primaryResult, nSecondaryResults, secondaryResults, maxSecondaryResults, maxEditDistanceForSecondaryResults, primaryResult->score); data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:727:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read, data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:748:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). finalizeSecondaryResults(read[FORWARD], primaryResult, nSecondaryResults, secondaryResults, maxSecondaryResults, maxEditDistanceForSecondaryResults, primaryResult->score); data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:755:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read[NUM_DIRECTIONS], data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:960:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned readDataLength = read[elementToScore->direction]->getDataLength(); data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:969:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *readToScore = read[elementToScore->direction]; data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:1005:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[OppositeDirection(elementToScore->direction)]->getQuality() + readLen - seedOffset, seedOffset, limitLeft, &matchProb2, data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:1060:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[OppositeDirection(elementToScore->direction)]->getQuality() + readLen - seedOffset, data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:1073:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[OppositeDirection(elementToScore->direction)]->getQuality() + readLen - seedOffset, data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:1800:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read, data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:1825:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). alignmentAdjuster.AdjustAlignment(read, primaryResult); data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.cpp:1834:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). alignmentAdjuster.AdjustAlignment(read, &secondaryResults[i]); data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.h:77:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read, data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.h:343:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read[NUM_DIRECTIONS], data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.h:355:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read[NUM_DIRECTIONS], data/snap-aligner-1.0.0+dfsg/SNAPLib/BaseAligner.h:423:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read, data/snap-aligner-1.0.0+dfsg/SNAPLib/BigAlloc.cpp:69:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* buffer = (char*) malloc(strlen(caller) + 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/BigAlloc.cpp:336:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer, caller, sizeof(buffer)); data/snap-aligner-1.0.0+dfsg/SNAPLib/BigAlloc.cpp:348:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer, caller, sizeof(buffer)); data/snap-aligner-1.0.0+dfsg/SNAPLib/BufferedAsync.cpp:86:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BufferedAsyncReader::read( data/snap-aligner-1.0.0+dfsg/SNAPLib/BufferedAsync.h:31:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(void* data, size_t bytes); data/snap-aligner-1.0.0+dfsg/SNAPLib/ChimericPairedEndAligner.cpp:242:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read[NUM_READS_PER_PAIR] = {read0, read1}; data/snap-aligner-1.0.0+dfsg/SNAPLib/ChimericPairedEndAligner.cpp:259:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read[r]->getDataLength() < minReadLength) { data/snap-aligner-1.0.0+dfsg/SNAPLib/ChimericPairedEndAligner.cpp:285:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). singleAligner->AlignRead(read[r], &singleResult[r], &firstSingleALTResult[r], maxEditDistanceForSecondaryResults, data/snap-aligner-1.0.0+dfsg/SNAPLib/ChimericPairedEndAligner.cpp:324:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read[r]->getDataLength() < minReadLength) { data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:348:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _ASSERT(strlen(mode) == 1 && (*mode == 'r' || *mode == 'w' || *mode == 'a')); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1083:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fullyQualifiedPipeName = new char[strlen(prefix) + strlen(pipeName) + 1]; // +1 for null data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1083:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fullyQualifiedPipeName = new char[strlen(prefix) + strlen(pipeName) + 1]; // +1 for null data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1147:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!WriteFile(pipe->hPipe, stringToWrite, (DWORD)strlen(stringToWrite) + 1, &bytesWritten, NULL)) { // +1 sends terminating NULL data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1154:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bytesWritten != strlen(stringToWrite) + 1) { data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1155:91: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "WriteToNamedPipe: expected to write %lld bytes, actually wrote %d\n", strlen(stringToWrite) + 1, bytesWritten); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1158:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return bytesWritten == strlen(stringToWrite) + 1; data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1465:3: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(millis*1000); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1506:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _ASSERT(strlen(mode) == 1 && (*mode == 'r' || *mode == 'w' || *mode == 'a')); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:1997:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t n = ::read(file->fd, buffer, length); data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2197:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullyQualifiedPipeName = new char[strlen(pipeDirectory) + strlen(pipeName) + __max(strlen(toServer), strlen(toClient)) + 1]; // +1 for trailing null data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2197:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullyQualifiedPipeName = new char[strlen(pipeDirectory) + strlen(pipeName) + __max(strlen(toServer), strlen(toClient)) + 1]; // +1 for trailing null data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2197:85: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullyQualifiedPipeName = new char[strlen(pipeDirectory) + strlen(pipeName) + __max(strlen(toServer), strlen(toClient)) + 1]; // +1 for trailing null data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2197:103: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullyQualifiedPipeName = new char[strlen(pipeDirectory) + strlen(pipeName) + __max(strlen(toServer), strlen(toClient)) + 1]; // +1 for trailing null data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2260:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pipe->pipeName = new char[strlen(pipeName) + 1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/Compat.cpp:2349:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int size = (unsigned int)strlen(stringToWrite); data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:50:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->sortIntermediateDirectory) + 1 + strlen(terminalComponent) + strlen(tempExtension) + 1; // Last +1 for string terminating null data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:50:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->sortIntermediateDirectory) + 1 + strlen(terminalComponent) + strlen(tempExtension) + 1; // Last +1 for string terminating null data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:50:99: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->sortIntermediateDirectory) + 1 + strlen(terminalComponent) + strlen(tempExtension) + 1; // Last +1 for string terminating null data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:55:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->outputFile.fileName) + strlen(tempExtension) + 1; data/snap-aligner-1.0.0+dfsg/SNAPLib/DataWriter.cpp:55:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options->outputFile.fileName) + strlen(tempExtension) + 1; data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp:62:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (autoALT && ((strlen(contigName) > 4 && !_stricmp(contigName + strlen(contigName) - 4, "_alt")) || data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp:62:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (autoALT && ((strlen(contigName) > 4 && !_stricmp(contigName + strlen(contigName) - 4, "_alt")) || data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp:63:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(contigName) > 3 && (contigName[0] == 'H' || contigName[0] == 'h') && (contigName[1] == 'L' || contigName[1] == 'l') && (contigName[2] == 'A' || contigName[2] == 'a') && contigName[3] == '-'))) { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp:103:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(bases) + 1; data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp:105:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(line->bases, bases, size); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp:214:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fileSize += strlen(lineBuffer); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp:230:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int i = 0; i < strlen(pieceNameTerminatorCharacters); i++) { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp:259:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nameLength = strlen(lineBuffer + 1) + 1; data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp:262:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(currentContig->name, lineBuffer + 1, nameLength); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTA.cpp:279:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lineLen = strlen(lineBuffer); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:437:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read read; data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:438:79: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _int64 bytesForFirstRead = FASTQReader::getReadFromBuffer(buffer, bytes, &read, fileName, data, context); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:439:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength() - 2] != '/' || (read.getId()[read.getIdLength() - 1] != '1' && read.getId()[read.getIdLength() -1] != '2') ) { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:439:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength() - 2] != '/' || (read.getId()[read.getIdLength() - 1] != '1' && read.getId()[read.getIdLength() -1] != '2') ) { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:439:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength() - 2] != '/' || (read.getId()[read.getIdLength() - 1] != '1' && read.getId()[read.getIdLength() -1] != '2') ) { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:439:83: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength() - 2] != '/' || (read.getId()[read.getIdLength() - 1] != '1' && read.getId()[read.getIdLength() -1] != '2') ) { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:439:96: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength() - 2] != '/' || (read.getId()[read.getIdLength() - 1] != '1' && read.getId()[read.getIdLength() -1] != '2') ) { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:439:130: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength() - 2] != '/' || (read.getId()[read.getIdLength() - 1] != '1' && read.getId()[read.getIdLength() -1] != '2') ) { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:439:143: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength() - 2] != '/' || (read.getId()[read.getIdLength() - 1] != '1' && read.getId()[read.getIdLength() -1] != '2') ) { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:440:157: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). WriteErrorMessage("PairedInterleavedFASTQReader: read ID doesn't appear to end with /1 or /2, you can't use this as a paired FASTQ file: '%.*s'\n", read.getIdLength(), read.getId()); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:440:177: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). WriteErrorMessage("PairedInterleavedFASTQReader: read ID doesn't appear to end with /1 or /2, you can't use this as a paired FASTQ file: '%.*s'\n", read.getIdLength(), read.getId()); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:444:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getId()[read.getIdLength()-1] == '2') { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:444:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getId()[read.getIdLength()-1] == '2') { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:460:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FASTQReader::getReadFromBuffer(buffer, bytes, &read, fileName, data, context); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:461:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength()-2] != '/' || read.getId()[read.getIdLength()-1] != '1') { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:461:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength()-2] != '/' || read.getId()[read.getIdLength()-1] != '1') { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:461:52: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength()-2] != '/' || read.getId()[read.getIdLength()-1] != '1') { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:461:84: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength()-2] != '/' || read.getId()[read.getIdLength()-1] != '1') { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:461:97: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.getIdLength() < 2 || read.getId()[read.getIdLength()-2] != '/' || read.getId()[read.getIdLength()-1] != '1') { data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:462:138: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). WriteErrorMessage("PairedInterleavedFASTQReader: first read of pair doesn't appear to have an ID that ends in /1: '%.*s'\n", read.getIdLength(), read.getId()); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:462:158: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). WriteErrorMessage("PairedInterleavedFASTQReader: first read of pair doesn't appear to have an ID that ends in /1: '%.*s'\n", read.getIdLength(), read.getId()); data/snap-aligner-1.0.0+dfsg/SNAPLib/FASTQ.cpp:485:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FASTQWriter::writeRead(Read *read) data/snap-aligner-1.0.0+dfsg/SNAPLib/FileFormat.h:103:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t * spaceUsed, size_t qnameLen, Read * read, AlignmentResult result, data/snap-aligner-1.0.0+dfsg/SNAPLib/FileFormat.h:112:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t * spaceUsed, size_t qnameLen, Read * read, AlignmentResult result, data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.cpp:55:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (0 == strncmp(filename, HDFS_PREFIX, strlen(HDFS_PREFIX))) { data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.cpp:85:29: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (--count > 0 && (c = getchar()) != EOF) { data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.cpp:104:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (0 == read(buffer, ioSize)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.h:45:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual size_t read(void *ptr, size_t count) = 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile.h:50:17: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual int getchar() = 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_Blob.cpp:40:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). GenericFile_Blob::read(void *ptr, size_t count) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_Blob.cpp:83:19: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). GenericFile_Blob::getchar() data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_Blob.h:41:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual size_t read(void *ptr, size_t count); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_Blob.h:42:14: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual int getchar(); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.cpp:321:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t GenericFile_HDFS::read(void *ptr, size_t count) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.cpp:338:23: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int GenericFile_HDFS::getchar() data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.cpp:342:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (1 == read(buf, sizeof(buf))) { data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.h:38:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual size_t read(void *ptr, size_t count); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_HDFS.h:39:14: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual int getchar(); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.cpp:69:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t GenericFile_stdio::read(void *ptr, size_t count) data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.cpp:76:24: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int GenericFile_stdio::getchar() data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.cpp:78:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return fgetc(_file); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.h:33:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual size_t read(void *ptr, size_t count); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenericFile_stdio.h:34:14: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual int getchar(); data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:73:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addData(data, strlen(data)); data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:99:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(contigName) + 1; data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:103:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(contigs[nContigs].name,contigName,len); data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:168:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int n = 0; n < strlen(contigs[i].name); n++){ data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:304:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). contigSize = strlen(contigNameBuffer + n) - 1; //don't include the final \n data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:327:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readSize = loadFile->read(genome->bases, length); data/snap-aligner-1.0.0+dfsg/SNAPLib/Genome.cpp:622:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t usedSize = strlen(buffer); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:109:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *newStringCopy = new char[strlen(newString) + 1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:381:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ContigForInvalidGenomeLocation.nameLength = (int)strlen(ContigForInvalidGenomeLocation.name); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:408:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filenameBufferSize = (int)(strlen(directoryName) + 1 + __max(strlen(GenomeIndexFileName), __max(strlen(OverflowTableFileName), __max(strlen(GenomeIndexHashFileName), strlen(GenomeFileName)))) + 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:408:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filenameBufferSize = (int)(strlen(directoryName) + 1 + __max(strlen(GenomeIndexFileName), __max(strlen(OverflowTableFileName), __max(strlen(GenomeIndexHashFileName), strlen(GenomeFileName)))) + 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:408:105: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filenameBufferSize = (int)(strlen(directoryName) + 1 + __max(strlen(GenomeIndexFileName), __max(strlen(OverflowTableFileName), __max(strlen(GenomeIndexHashFileName), strlen(GenomeFileName)))) + 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:408:142: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filenameBufferSize = (int)(strlen(directoryName) + 1 + __max(strlen(GenomeIndexFileName), __max(strlen(OverflowTableFileName), __max(strlen(GenomeIndexHashFileName), strlen(GenomeFileName)))) + 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:408:175: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filenameBufferSize = (int)(strlen(directoryName) + 1 + __max(strlen(GenomeIndexFileName), __max(strlen(OverflowTableFileName), __max(strlen(GenomeIndexHashFileName), strlen(GenomeFileName)))) + 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:494:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). backpointerSpillFileName = new char[strlen(directoryName) + 1 + strlen(BACKPOINTER_TABLE_SPILL_FILE_NAME) + 1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:494:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). backpointerSpillFileName = new char[strlen(directoryName) + 1 + strlen(BACKPOINTER_TABLE_SPILL_FILE_NAME) + 1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:584:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). halfBuiltHashTableSpillFileName = new char[strlen(directoryName) + 1 + strlen(HALF_BUILT_HASH_TABLE_SPILL_FILE_NAME) + 20]; // +20 is for the number and trailing null data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:584:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). halfBuiltHashTableSpillFileName = new char[strlen(directoryName) + 1 + strlen(HALF_BUILT_HASH_TABLE_SPILL_FILE_NAME) + 20]; // +20 is for the number and trailing null data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1669:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filenameBufferSize = (int)(strlen(directoryName) + 1 + __max(strlen(GenomeIndexFileName), __max(strlen(OverflowTableFileName), __max(strlen(GenomeIndexHashFileName), strlen(GenomeFileName)))) + 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1669:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filenameBufferSize = (int)(strlen(directoryName) + 1 + __max(strlen(GenomeIndexFileName), __max(strlen(OverflowTableFileName), __max(strlen(GenomeIndexHashFileName), strlen(GenomeFileName)))) + 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1669:105: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filenameBufferSize = (int)(strlen(directoryName) + 1 + __max(strlen(GenomeIndexFileName), __max(strlen(OverflowTableFileName), __max(strlen(GenomeIndexHashFileName), strlen(GenomeFileName)))) + 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1669:142: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filenameBufferSize = (int)(strlen(directoryName) + 1 + __max(strlen(GenomeIndexFileName), __max(strlen(OverflowTableFileName), __max(strlen(GenomeIndexHashFileName), strlen(GenomeFileName)))) + 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1669:175: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filenameBufferSize = (int)(strlen(directoryName) + 1 + __max(strlen(GenomeIndexFileName), __max(strlen(OverflowTableFileName), __max(strlen(GenomeIndexHashFileName), strlen(GenomeFileName)))) + 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1695:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t indexFileSize = indexFile->read(indexFileBuf, sizeof(indexFileBuf) - 1); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1813:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t amountRead = fOverflowTable->read(tableAsCharStar, overflowTableSizeInBytes); data/snap-aligner-1.0.0+dfsg/SNAPLib/GenomeIndex.cpp:1867:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t amountRead = tablesFile->read(index->tablesBlob, hashTablesFileSize); data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp:92:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). loadFile->read(table->Table, table->tableSize * table->elementSize); data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp:103:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (sizeof(magic) != loadFile->read(&fileMagic, sizeof(magic))) { data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp:113:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (sizeof(table->tableSize) != loadFile->read(&table->tableSize, sizeof(table->tableSize))) { data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp:118:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (sizeof(table->usedElementCount) != loadFile->read(&table->usedElementCount, sizeof(table->usedElementCount))) { data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp:123:52: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (sizeof(table->keySizeInBytes) != loadFile->read(&table->keySizeInBytes, sizeof(table->keySizeInBytes))) { data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp:133:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (sizeof(table->valueSizeInBytes) != loadFile->read(&table->valueSizeInBytes, sizeof(table->valueSizeInBytes))) { data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp:148:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (sizeof(table->valueCount) != loadFile->read(&table->valueCount, sizeof(table->valueCount))) { data/snap-aligner-1.0.0+dfsg/SNAPLib/HashTable.cpp:160:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (table->valueSizeInBytes != loadFile->read(&table->invalidValueValue, table->valueSizeInBytes)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/LandauVishkin.cpp:643:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *o_cigarBufUsed = (int)strlen(cigarBuf) + 1; data/snap-aligner-1.0.0+dfsg/SNAPLib/MultiInputReadSupplier.cpp:64:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read; data/snap-aligner-1.0.0+dfsg/SNAPLib/MultiInputReadSupplier.cpp:70:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/snap-aligner-1.0.0+dfsg/SNAPLib/MultiInputReadSupplier.cpp:74:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != NULL) { data/snap-aligner-1.0.0+dfsg/SNAPLib/MultiInputReadSupplier.cpp:79:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/snap-aligner-1.0.0+dfsg/SNAPLib/MultiInputReadSupplier.cpp:82:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). active->firstReadInNextBatch = read; data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedReadMatcher.cpp:69:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void freeOverflowRead(ReadWithOwnMemory* read); data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedReadMatcher.cpp:175:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ReadWithOwnMemory* read) data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedReadMatcher.cpp:180:91: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (InterlockedCompareExchangePointerAndReturnOldValue((void*volatile*)&freeList, read, head) == head) { data/snap-aligner-1.0.0+dfsg/SNAPLib/PairedReadMatcher.cpp:317:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s2); data/snap-aligner-1.0.0+dfsg/SNAPLib/ProbabilityDistance.cpp:55:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char *read, data/snap-aligner-1.0.0+dfsg/SNAPLib/ProbabilityDistance.cpp:91:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). double thisBaseProb = (read[r-1] == reference[r-1+s]) ? matchLogProb[quality[r-1]] : mismatchLogProb[quality[r-1]]; data/snap-aligner-1.0.0+dfsg/SNAPLib/ProbabilityDistance.h:22:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char *read, data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.cpp:110:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fileName = new char[strlen(i_fileName) + 1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.cpp:162:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (underlyingReader->getNextRead(&read)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.cpp:163:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return &read; data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.cpp:171:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!underlyingReader->getNextRead(&read)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.cpp:174:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return &read; data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.cpp:211:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fileName1 = new char[strlen(i_fileName1) + 1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.cpp:215:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fileName2 = new char[strlen(i_fileName2) + 1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.h:60:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). splitter(i_splitter), underlyingReader(i_underlyingReader), read() {} data/snap-aligner-1.0.0+dfsg/SNAPLib/RangeSplitter.h:75:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read read; data/snap-aligner-1.0.0+dfsg/SNAPLib/Read.h:196:65: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool writeReads(const ReaderContext& context, Read *read, SingleAlignmentResult *results, _int64 nResults, bool firstIsPrimary, bool useAffineGap = false) = 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadReader.cpp:40:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool getNextRead(Read *read, AlignmentResult *alignmentResult, unsigned *genomeLocation, bool *isRC, unsigned *mapQ, data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:492:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). done = ! reader->getNextRead(read); data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:500:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read->getBatch() != read[-1].getBatch() && element->batches.search(read->getBatch()) == element->batches.end()); data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:508:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). firstReadForNextElement[0] = *read; data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:518:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[0] = firstReadForNextElement[0]; data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:519:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[1] = firstReadForNextElement[1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:521:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). element->batches.push_back(read[0].getBatch()); data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:522:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read[1].getBatch() != read[0].getBatch()) { data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:522:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read[1].getBatch() != read[0].getBatch()) { data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:523:52: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). element->batches.push_back(read[1].getBatch()); data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:527:60: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). done = !pairedReader->getNextReadPair(&read[0], &read[1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:527:70: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). done = !pairedReader->getNextReadPair(&read[0], &read[1]); data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:531:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). DataBatch b[2] = {read[0].getBatch(), read[1].getBatch()}; data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:531:59: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). DataBatch b[2] = {read[0].getBatch(), read[1].getBatch()}; data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:533:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). {(element->totalReads == 0 || read[-2].getBatch() != b[0]) && data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:535:70: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b[0] != b[1] && (element->totalReads == 0 || read[-1].getBatch() != b[1]) && data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:545:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). firstReadForNextElement[0] = read[0]; data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadSupplierQueue.cpp:546:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). firstReadForNextElement[1] = read[1]; data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp:41:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(i_internalScoreTag) != 2) { data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp:58:65: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool writeReads(const ReaderContext& context, Read *read, SingleAlignmentResult *results, _int64 nResults, bool firstIsPrimary, bool useAffineGap = false); data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp:165:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read, data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp:225:133: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (!format->writeRead(context, &agc, buffer + used, size - used, &usedBuffer[whichResult], read->getIdLength(), read, results[whichResult].status, data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp:268:133: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (!format->writeRead(context, &lvc, buffer + used, size - used, &usedBuffer[whichResult], read->getIdLength(), read, results[whichResult].status, data/snap-aligner-1.0.0+dfsg/SNAPLib/ReadWriter.cpp:656:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(i_internalScoreTag) != 2) { data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:329:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(contigName) < 3 || contigName[0] != 'c' || contigName[1] != 'h' || contigName[2] != 'r' || !genome->getLocationOfContig(contigName + 3, &contigBase)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:333:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(contigName) != 4 || contigName[0] != 'c' || contigName[1] != 'h' || contigName[2] != 'r' || contigName[3] != 'M' || !genome->getLocationOfContig("MT", &contigBase)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:339:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(contigName) <= maxShortNameSize) { data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:490:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rgLineOffsets[numRGLines] = rgLineOffsets[numRGLines - 1] + strlen(rgSlot); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:585:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:655:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (NULL != read) { data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:866:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:900:64: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getReadFromLine(context.genome, buffer,buffer + bytes, read, alignmentResult, genomeLocation, direction, mapQ, &lineLength, flag, cigar, clipping, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1080:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* buffer = new char[strlen(options->rgLineContents) * 3]; // can't expend > 2x data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1180:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). commandLineSize += strlen(argv[i]) + 1; // +1 is either a space or the terminating null data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1187:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(commandLine," "); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1288:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read * read, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1451:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read * read, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:1594:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read * read, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2004:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read * read, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2062:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qnameLen, read, result, genomeLocation, direction, secondaryAlignment, supplementaryAlignment, useM, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2194:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read * read, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:2252:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qnameLen, read, result, genomeLocation, direction, secondaryAlignment, supplementaryAlignment, useM, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3158:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int i = 0; i < strlen(str); i++) data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3455:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(readId, id, sizeof(readId)); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.cpp:3640:42: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). void setBestReadId(const char* id) { strncpy(bestReadId, id, sizeof(bestReadId)); } data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:66:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool getNextRead(Read *read, AlignmentResult *alignmentResult, GenomeLocation *genomeLocation, Direction *direction, unsigned *mapQ, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:69:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return getNextRead(read, alignmentResult, genomeLocation, direction, mapQ, flag, false, cigar); data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:130:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool getNextRead(Read *read, AlignmentResult *alignmentResult, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:133:96: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static void getReadFromLine(const Genome *genome, char *line, char *endOfBuffer, Read *read, AlignmentResult *alignmentResult, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:185:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t * spaceUsed, size_t qnameLen, Read * read, AlignmentResult result, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:195:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t * spaceUsed, size_t qnameLen, Read * read, AlignmentResult result, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:272:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read * read, data/snap-aligner-1.0.0+dfsg/SNAPLib/SAM.h:293:64: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fillMateInfo(const Genome * genome, int& flags, Read * read, GenomeLocation genomeLocation, Direction direction, const char*& contigName, data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:80:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read; data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:92:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (options->passFilter(read, NotFound, read->getDataLength() < minReadLength || read->countOfNs() > maxDist, false)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:95:59: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readWriter->writeReads(readerContext, read, &result, 1, true); data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:100:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). extension->writeRead(read, &result); data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:166:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read; data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:188:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!options->passFilter(read, NotFound, true, false)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:202:59: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readWriter->writeReads(readerContext, read, &result, 1, true, useAffineGap); data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:222:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (!aligner->AlignRead(read, alignmentResults, &firstALTResult, maxSecondaryAlignmentAdditionalEditDistance, alignmentResultBufferCount - 1, &nSecondaryResults, maxSecondaryAlignments, alignmentResults + 1)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:261:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!options->passFilter(read, alignmentResults[i].status, false, i != 0 || !containsPrimary)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:279:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readWriter->writeReads(readerContext, read, alignmentResults, nSecondaryResults + 1, containsPrimary, useAffineGap); data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:281:90: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (altAwareness && firstALTResult.status != NotFound && options->passFilter(read, firstALTResult.status, false, false)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:282:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readWriter->writeReads(readerContext, read, &firstALTResult, 1, false, useAffineGap); data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:292:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). updateStats(stats, read, alignmentResults[0].status, alignmentResults[0].score, alignmentResults[0].mapq); data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.cpp:314:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read* read, data/snap-aligner-1.0.0+dfsg/SNAPLib/SingleAligner.h:54:57: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual void updateStats(AlignerStats* stats, Read* read, AlignmentResult result, int score, int mapq); data/snap-aligner-1.0.0+dfsg/SNAPLib/SortedDataWriter.cpp:153:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(i_internalScoreTag) != 2) { // This should never happen, since the command line parser should catch it first. Still, since we're about to strcpy into a fixed-length buffer, safety first. data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:167:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _ASSERT(strlen(tempBuf) == 4); data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:172:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _ASSERT(offset >= strlen(tempBuf)); data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:173:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset -= strlen(tempBuf); data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:174:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(outputBuffer + offset, tempBuf, strlen(tempBuf)); data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:178:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (size_t i = strlen(outputBuffer); i < desiredLength; i++) { data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:179:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(outputBuffer, " "); data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.cpp:215:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int)strlen(*buffer); data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.h:72:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) < strlen(pattern)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.h:72:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) < strlen(pattern)) { data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.h:76:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return _stricmp(str + (strlen(str) - strlen(pattern)), pattern) == 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.h:76:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return _stricmp(str + (strlen(str) - strlen(pattern)), pattern) == 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.h:78:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strcmp(str + (strlen(str) - strlen(pattern)), pattern) == 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.h:78:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strcmp(str + (strlen(str) - strlen(pattern)), pattern) == 0; data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.h:135:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tins ? tins + strlen(t) : NULL; data/snap-aligner-1.0.0+dfsg/SNAPLib/Util.h:146:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = (int) strlen(bases != NULL ? bases : rc); data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:99:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read; data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:217:191: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr,"Unable to parse read ID '%s', perhaps this isn't simulated data. contiglen = %d, contigName = '%s', contig offset = %u, genome offset = %u\n", idBuffer, strlen(contig->name), contig->name, contig->beginningOffset, genomeLocation); data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:345:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t filenameLen = strlen(argv[1]) + 1 + strlen(genomeSuffix) + 1; data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:345:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t filenameLen = strlen(argv[1]) + 1 + strlen(genomeSuffix) + 1; data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:346:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fileName = new char[strlen(argv[1]) + 1 + strlen(genomeSuffix) + 1]; data/snap-aligner-1.0.0+dfsg/apps/ComputeROC/ComputeROC.cpp:346:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fileName = new char[strlen(argv[1]) + 1 + strlen(genomeSuffix) + 1]; data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:73:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read; data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:76:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fastqWriter[0]->writeRead(read); data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:92:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Read *read[NUM_READS_PER_PAIR]; data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:99:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (readSupplier->getNextReadPair(&read[0], &read[1])) { data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:99:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (readSupplier->getNextReadPair(&read[0], &read[1])) { data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:105:58: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). snprintf(idBuffer, idBufferSize-1,"%.*s/%d", read[i]->getIdLength(), read[i]->getId(), i+1); data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:105:82: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). snprintf(idBuffer, idBufferSize-1,"%.*s/%d", read[i]->getIdLength(), read[i]->getId(), i+1); data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:107:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). local.init(idBuffer, (unsigned)strlen(idBuffer),read[i]->getUnclippedData(), read[i]->getUnclippedQuality(), read[i]->getUnclippedLength(), data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:107:61: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). local.init(idBuffer, (unsigned)strlen(idBuffer),read[i]->getUnclippedData(), read[i]->getUnclippedQuality(), read[i]->getUnclippedLength(), data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:107:90: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). local.init(idBuffer, (unsigned)strlen(idBuffer),read[i]->getUnclippedData(), read[i]->getUnclippedQuality(), read[i]->getUnclippedLength(), data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:107:122: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). local.init(idBuffer, (unsigned)strlen(idBuffer),read[i]->getUnclippedData(), read[i]->getUnclippedQuality(), read[i]->getUnclippedLength(), data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:125:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t filenameLen = strlen(argv[1]) + 1 + strlen(genomeSuffix) + 1; data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:125:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t filenameLen = strlen(argv[1]) + 1 + strlen(genomeSuffix) + 1; data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:126:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fileName = new char[strlen(argv[1]) + 1 + strlen(genomeSuffix) + 1]; data/snap-aligner-1.0.0+dfsg/apps/ToFASTQ/ToFASTQ.cpp:126:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fileName = new char[strlen(argv[1]) + 1 + strlen(genomeSuffix) + 1]; data/snap-aligner-1.0.0+dfsg/apps/wc/wc.cpp:180:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (size_t j = 1; j < strlen(argv[i]); j++) { data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/uthash.h:253:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_FIND(hh,head,findstr,strlen(findstr),out) data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/uthash.h:255:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD(hh,head,strfield,strlen(add->strfield),add) data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/inc/uthash.h:257:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_REPLACE(hh,head,strfield,strlen(add->strfield),add,replaced) data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/hdfs.c:584:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(lastColon + 1))) { data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/hdfs.c:593:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uriLen = strlen(scheme) + strlen(bld->nn) + strlen(suffix); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/hdfs.c:593:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uriLen = strlen(scheme) + strlen(bld->nn) + strlen(suffix); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/hdfs.c:593:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uriLen = strlen(scheme) + strlen(bld->nn) + strlen(suffix); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:238:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR ( hh, hdfs_HashTls, item->key, strlen(item->key), item ); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:949:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). optHadoopClassPathLen = strlen(hadoopClassPath) + data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:950:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(hadoopClassPathVMArg) + 1; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:961:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cnt = strlen (str); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:966:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(savePtr) == cnt) break; data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/jni_helper.c:967:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (savePtr,"/"); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:56:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rtr, perm, 3); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:107:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hdfsWrite(fs, writeFile, (void*)fileContents, strlen(fileContents)+1); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:109:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (num_written_bytes != strlen(fileContents) + 1) { data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:111:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)(strlen(fileContents) + 1), (int)num_written_bytes); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:202:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(fileContents, buffer, strlen(fileContents)) != 0) { data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:226:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset(buffer, 0, strlen(fileContents + 1)); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:245:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fileContents) + 1); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:468:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_written_bytes = hdfsWrite(fs, writeFile, (void*)buffer, strlen(buffer)); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:490:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_written_bytes = hdfsWrite(fs, writeFile, (void*)buffer, strlen(buffer) + 1); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:503:85: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "fileinfo->mSize: == total %s\n", ((result = (finfo->mSize == strlen("Hello, World") + 1)) ? "Success!" : "Failed!")); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_ops.c:555:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_written_bytes = hdfsWrite(fs, writeFile, (void*)buffer, strlen(buffer)+1); data/snap-aligner-1.0.0+dfsg/import/pdclibhdfs/src/test_libhdfs_threaded.c:141:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). expected = strlen(prefix); data/snap-aligner-1.0.0+dfsg/tests/AffineGapVectorizedTest.cpp:23:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* quality = new char[strlen(text) + 1]; data/snap-aligner-1.0.0+dfsg/tests/AffineGapVectorizedTest.cpp:24:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int i = 0; i < strlen(text); i++) { data/snap-aligner-1.0.0+dfsg/tests/AffineGapVectorizedTest.cpp:27:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). quality[strlen(text)] = '\0'; data/snap-aligner-1.0.0+dfsg/tests/TestLib.cpp:23:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(prevFixture) != 0) { ANALYSIS SUMMARY: Hits = 821 Lines analyzed = 58303 in approximately 1.45 seconds (40247 lines/second) Physical Source Lines of Code (SLOC) = 41788 Hits@level = [0] 474 [1] 356 [2] 389 [3] 13 [4] 52 [5] 11 Hits@level+ = [0+] 1295 [1+] 821 [2+] 465 [3+] 76 [4+] 63 [5+] 11 Hits/KSLOC@level+ = [0+] 30.9898 [1+] 19.6468 [2+] 11.1276 [3+] 1.8187 [4+] 1.50761 [5+] 0.263233 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.