Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/srf-0.1+dfsg/src/SRF_util.cc
Examining data/srf-0.1+dfsg/src/SRF_ReadSet.cc
Examining data/srf-0.1+dfsg/src/SRF_Container.cc
Examining data/srf-0.1+dfsg/src/SRF_File.cc
Examining data/srf-0.1+dfsg/src/SRF_Read.cc
Examining data/srf-0.1+dfsg/src/SRF_Ztr.cc
Examining data/srf-0.1+dfsg/test/testRead.cc
Examining data/srf-0.1+dfsg/test/testWrite.cc
Examining data/srf-0.1+dfsg/test/testWriteFastaq.cc
Examining data/srf-0.1+dfsg/test/testWriteSFF.cc
Examining data/srf-0.1+dfsg/srf_config.h
FINAL RESULTS:
data/srf-0.1+dfsg/src/SRF_util.cc:71:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( strPtr, str );
data/srf-0.1+dfsg/src/SRF_Container.cc:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4];
data/srf-0.1+dfsg/src/SRF_File.cc:27:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(filename, std::ios::in|std::ios::binary );
data/srf-0.1+dfsg/src/SRF_File.cc:31:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(filename, std::ios::out|std::ios::binary );
data/srf-0.1+dfsg/src/SRF_File.cc:35:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(filename, std::ios::in|std::ios::out|std::ios::binary );
data/srf-0.1+dfsg/src/SRF_ReadSet.cc:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cstr[sizeZtrHeaderBlob];
data/srf-0.1+dfsg/src/SRF_Ztr.cc:234:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ztr->chunk[ztr->nchunks-1], chunk, sizeof(*chunk));
data/srf-0.1+dfsg/src/SRF_util.cc:183:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[1024];
data/srf-0.1+dfsg/src/SRF_util.cc:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_CYCLES*20 +1];
data/srf-0.1+dfsg/src/SRF_util.cc:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_CYCLES*30 +1];
data/srf-0.1+dfsg/test/testWrite.cc:38:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile.open (argv[1], ifstream::in);
data/srf-0.1+dfsg/test/testWriteFastaq.cc:56:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fastaInput.open(argv[1], std::ios::in );
data/srf-0.1+dfsg/src/SRF_Container.cc:48:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read(tmp, 4);
data/srf-0.1+dfsg/src/SRF_Container.cc:57:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read( reinterpret_cast<char *>(&sizeContainerHeader), 4 );
data/srf-0.1+dfsg/src/SRF_Container.cc:67:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read ( &containerType, 1);
data/srf-0.1+dfsg/src/SRF_Container.cc:151:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeContainerHeader += strlen( formatVersionStr );
data/srf-0.1+dfsg/src/SRF_Container.cc:156:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeContainerHeader += strlen( baseCallerStr );
data/srf-0.1+dfsg/src/SRF_Container.cc:159:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeContainerHeader += strlen( baseCallerVersionStr );
data/srf-0.1+dfsg/src/SRF_Read.cc:56:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read ( &headerType, 1);
data/srf-0.1+dfsg/src/SRF_Read.cc:65:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read( reinterpret_cast<char *>(&blockSize), 4 );
data/srf-0.1+dfsg/src/SRF_Read.cc:68:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read ( &readFlags, 1);
data/srf-0.1+dfsg/src/SRF_Read.cc:80:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read( reinterpret_cast<char *>(blob), sizeZtrBlob );
data/srf-0.1+dfsg/src/SRF_Read.cc:124:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/srf-0.1+dfsg/src/SRF_Read.cc:138:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blockSize = 1 + 4 + 1 + strlen( shortIdStr ) + sizeZtr;
data/srf-0.1+dfsg/src/SRF_ReadSet.cc:46:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read ( &headerType, 1);
data/srf-0.1+dfsg/src/SRF_ReadSet.cc:54:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read( reinterpret_cast<char *>(&blockSize), 4 );
data/srf-0.1+dfsg/src/SRF_ReadSet.cc:57:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read ( &subBlockType, 1);
data/srf-0.1+dfsg/src/SRF_ReadSet.cc:73:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read( cstr, sizeZtrHeaderBlob);
data/srf-0.1+dfsg/src/SRF_ReadSet.cc:92:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
delete read;
data/srf-0.1+dfsg/src/SRF_ReadSet.cc:95:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/srf-0.1+dfsg/src/SRF_ReadSet.cc:158:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SRF_Read read( &(*stringListIterator), &(*ztrVecIterator) );
data/srf-0.1+dfsg/src/SRF_ReadSet.cc:159:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.write( file );
data/srf-0.1+dfsg/src/SRF_Ztr.cc:40:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztrStr.read( reinterpret_cast<char *>(h), sizeof(*h) );
data/srf-0.1+dfsg/src/SRF_Ztr.cc:69:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztrStr.read( reinterpret_cast<char *>(&bei4), 4 );
data/srf-0.1+dfsg/src/SRF_Ztr.cc:80:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztrStr.read( reinterpret_cast<char *>(&bei4), 4 );
data/srf-0.1+dfsg/src/SRF_Ztr.cc:93:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztrStr.read( reinterpret_cast<char *>(chunk->mdata), chunk->mdlength );
data/srf-0.1+dfsg/src/SRF_Ztr.cc:109:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztrStr.read( reinterpret_cast<char *>(&bei4), 4 );
data/srf-0.1+dfsg/src/SRF_Ztr.cc:227:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztrStr.read( reinterpret_cast<char *>(chunk->data), chunk->dlength );
data/srf-0.1+dfsg/src/SRF_util.cc:57:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( str );
data/srf-0.1+dfsg/src/SRF_util.cc:82:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input.read (&lenStr, 1);
data/srf-0.1+dfsg/src/SRF_util.cc:91:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input.read( str, len );
data/srf-0.1+dfsg/src/SRF_util.cc:283:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nbases = strlen(seq), i;
data/srf-0.1+dfsg/test/testWrite.cc:61:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztr = SRF_output_ztr( read );
data/srf-0.1+dfsg/test/testWrite.cc:69:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/srf-0.1+dfsg/test/testWriteFastaq.cc:110:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztr = SRF_output_ztr( read );
data/srf-0.1+dfsg/test/testWriteSFF.cc:72:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztr = SRF_output_ztr( read );
ANALYSIS SUMMARY:
Hits = 46
Lines analyzed = 1758 in approximately 0.05 seconds (36307 lines/second)
Physical Source Lines of Code (SLOC) = 1046
Hits@level = [0] 3 [1] 34 [2] 11 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 49 [1+] 46 [2+] 12 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 46.8451 [1+] 43.9771 [2+] 11.4723 [3+] 0.956023 [4+] 0.956023 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.