Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/staden-2.0.0+b11/Misc/FtoC.c
Examining data/staden-2.0.0+b11/Misc/FtoC.h
Examining data/staden-2.0.0+b11/Misc/array.c
Examining data/staden-2.0.0+b11/Misc/array.h
Examining data/staden-2.0.0+b11/Misc/array_arith.c
Examining data/staden-2.0.0+b11/Misc/array_arith.h
Examining data/staden-2.0.0+b11/Misc/bitmap.c
Examining data/staden-2.0.0+b11/Misc/bitmap.h
Examining data/staden-2.0.0+b11/Misc/crash.c
Examining data/staden-2.0.0+b11/Misc/date.c
Examining data/staden-2.0.0+b11/Misc/dstring.c
Examining data/staden-2.0.0+b11/Misc/dstring.h
Examining data/staden-2.0.0+b11/Misc/error.c
Examining data/staden-2.0.0+b11/Misc/error.h
Examining data/staden-2.0.0+b11/Misc/filenames.c
Examining data/staden-2.0.0+b11/Misc/files.c
Examining data/staden-2.0.0+b11/Misc/find.c
Examining data/staden-2.0.0+b11/Misc/getfile.c
Examining data/staden-2.0.0+b11/Misc/getfile.h
Examining data/staden-2.0.0+b11/Misc/locks.c
Examining data/staden-2.0.0+b11/Misc/locks.h
Examining data/staden-2.0.0+b11/Misc/misc.h
Examining data/staden-2.0.0+b11/Misc/os.h
Examining data/staden-2.0.0+b11/Misc/parse_db.c
Examining data/staden-2.0.0+b11/Misc/parse_db.h
Examining data/staden-2.0.0+b11/Misc/reg_exp.h
Examining data/staden-2.0.0+b11/Misc/shell.c
Examining data/staden-2.0.0+b11/Misc/spBiolims.h
Examining data/staden-2.0.0+b11/Misc/string_alloc.c
Examining data/staden-2.0.0+b11/Misc/string_alloc.h
Examining data/staden-2.0.0+b11/Misc/strings.c
Examining data/staden-2.0.0+b11/Misc/strtol64.c
Examining data/staden-2.0.0+b11/Misc/tree.h
Examining data/staden-2.0.0+b11/Misc/usleep-bsd.c
Examining data/staden-2.0.0+b11/Misc/usleep-gen.c
Examining data/staden-2.0.0+b11/Misc/usleep.c
Examining data/staden-2.0.0+b11/Misc/vlen.c
Examining data/staden-2.0.0+b11/Misc/vlen.h
Examining data/staden-2.0.0+b11/Misc/win_funcs.c
Examining data/staden-2.0.0+b11/Misc/win_funcs.h
Examining data/staden-2.0.0+b11/Misc/xalloc.c
Examining data/staden-2.0.0+b11/Misc/xalloc.h
Examining data/staden-2.0.0+b11/Misc/xerror.c
Examining data/staden-2.0.0+b11/Misc/xerror.h
Examining data/staden-2.0.0+b11/tk_utils/canvas_box.c
Examining data/staden-2.0.0+b11/tk_utils/canvas_box.h
Examining data/staden-2.0.0+b11/tk_utils/capture.h
Examining data/staden-2.0.0+b11/tk_utils/cli_arg.c
Examining data/staden-2.0.0+b11/tk_utils/cli_arg.h
Examining data/staden-2.0.0+b11/tk_utils/container.c
Examining data/staden-2.0.0+b11/tk_utils/container.h
Examining data/staden-2.0.0+b11/tk_utils/container_cmds.c
Examining data/staden-2.0.0+b11/tk_utils/container_ruler.c
Examining data/staden-2.0.0+b11/tk_utils/container_ruler.h
Examining data/staden-2.0.0+b11/tk_utils/element_canvas.c
Examining data/staden-2.0.0+b11/tk_utils/element_canvas.h
Examining data/staden-2.0.0+b11/tk_utils/init.c
Examining data/staden-2.0.0+b11/tk_utils/intrinsic_type.h
Examining data/staden-2.0.0+b11/tk_utils/matrix.c
Examining data/staden-2.0.0+b11/tk_utils/matrix.h
Examining data/staden-2.0.0+b11/tk_utils/misc.c
Examining data/staden-2.0.0+b11/tk_utils/postscript.c
Examining data/staden-2.0.0+b11/tk_utils/postscript.h
Examining data/staden-2.0.0+b11/tk_utils/restriction_enzyme_map.c
Examining data/staden-2.0.0+b11/tk_utils/restriction_enzyme_map.h
Examining data/staden-2.0.0+b11/tk_utils/ruler_tick.c
Examining data/staden-2.0.0+b11/tk_utils/ruler_tick.h
Examining data/staden-2.0.0+b11/tk_utils/sheet.c
Examining data/staden-2.0.0+b11/tk_utils/sheet.h
Examining data/staden-2.0.0+b11/tk_utils/split.c
Examining data/staden-2.0.0+b11/tk_utils/split.h
Examining data/staden-2.0.0+b11/tk_utils/stash.c
Examining data/staden-2.0.0+b11/tk_utils/tclAppInit.c
Examining data/staden-2.0.0+b11/tk_utils/tclCanvGraph.c
Examining data/staden-2.0.0+b11/tk_utils/tclCanvGraph.h
Examining data/staden-2.0.0+b11/tk_utils/tclExtdInt.h
Examining data/staden-2.0.0+b11/tk_utils/tclXkeylist.c
Examining data/staden-2.0.0+b11/tk_utils/tclXkeylist.h
Examining data/staden-2.0.0+b11/tk_utils/tclXutil.c
Examining data/staden-2.0.0+b11/tk_utils/tcl_debug.c
Examining data/staden-2.0.0+b11/tk_utils/tcl_io_lib.c
Examining data/staden-2.0.0+b11/tk_utils/tcl_io_lib.h
Examining data/staden-2.0.0+b11/tk_utils/tcl_utils.c
Examining data/staden-2.0.0+b11/tk_utils/tcl_utils.h
Examining data/staden-2.0.0+b11/tk_utils/text_output.c
Examining data/staden-2.0.0+b11/tk_utils/text_output.h
Examining data/staden-2.0.0+b11/tk_utils/tkAquaX.c
Examining data/staden-2.0.0+b11/tk_utils/tkCanvGraph.c
Examining data/staden-2.0.0+b11/tk_utils/tkCanvGraph.h
Examining data/staden-2.0.0+b11/tk_utils/tkMacX.c
Examining data/staden-2.0.0+b11/tk_utils/tkRaster.c
Examining data/staden-2.0.0+b11/tk_utils/tkRaster.h
Examining data/staden-2.0.0+b11/tk_utils/tkRasterBuiltIn.c
Examining data/staden-2.0.0+b11/tk_utils/tkRasterBuiltIn.h
Examining data/staden-2.0.0+b11/tk_utils/tkSheet.c
Examining data/staden-2.0.0+b11/tk_utils/tkSheet.h
Examining data/staden-2.0.0+b11/tk_utils/tkSheet_common.c
Examining data/staden-2.0.0+b11/tk_utils/tkSheet_common.h
Examining data/staden-2.0.0+b11/tk_utils/tkSheet_config.h
Examining data/staden-2.0.0+b11/tk_utils/tkSheet_struct.h
Examining data/staden-2.0.0+b11/tk_utils/tkTrace.c
Examining data/staden-2.0.0+b11/tk_utils/tkTrace.h
Examining data/staden-2.0.0+b11/tk_utils/tkTraceComp.c
Examining data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c
Examining data/staden-2.0.0+b11/tk_utils/tkTraceIO.c
Examining data/staden-2.0.0+b11/tk_utils/tkTraceIO.h
Examining data/staden-2.0.0+b11/tk_utils/tkWinX.c
Examining data/staden-2.0.0+b11/tk_utils/tkWinX.h
Examining data/staden-2.0.0+b11/tk_utils/tk_defs.h
Examining data/staden-2.0.0+b11/tk_utils/trace_print.c
Examining data/staden-2.0.0+b11/tk_utils/trace_print.h
Examining data/staden-2.0.0+b11/tk_utils/user_defaults.c
Examining data/staden-2.0.0+b11/tk_utils/user_defaults.h
Examining data/staden-2.0.0+b11/tk_utils/capture.c
Examining data/staden-2.0.0+b11/text_utils/text_output.h
Examining data/staden-2.0.0+b11/text_utils/text_output_stubs.c
Examining data/staden-2.0.0+b11/text_utils/text_output_stubs2.c
Examining data/staden-2.0.0+b11/seq_utils/align.c
Examining data/staden-2.0.0+b11/seq_utils/align.h
Examining data/staden-2.0.0+b11/seq_utils/align_lib.c
Examining data/staden-2.0.0+b11/seq_utils/align_lib.h
Examining data/staden-2.0.0+b11/seq_utils/align_lib_old.c
Examining data/staden-2.0.0+b11/seq_utils/align_lib_old.h
Examining data/staden-2.0.0+b11/seq_utils/align_ss.c
Examining data/staden-2.0.0+b11/seq_utils/align_ss2.c
Examining data/staden-2.0.0+b11/seq_utils/align_sv.c
Examining data/staden-2.0.0+b11/seq_utils/base_comp.c
Examining data/staden-2.0.0+b11/seq_utils/base_comp.h
Examining data/staden-2.0.0+b11/seq_utils/dna_utils.c
Examining data/staden-2.0.0+b11/seq_utils/dna_utils.h
Examining data/staden-2.0.0+b11/seq_utils/edge.c
Examining data/staden-2.0.0+b11/seq_utils/edge.h
Examining data/staden-2.0.0+b11/seq_utils/filter_words.c
Examining data/staden-2.0.0+b11/seq_utils/filter_words.h
Examining data/staden-2.0.0+b11/seq_utils/genetic_code.c
Examining data/staden-2.0.0+b11/seq_utils/genetic_code.h
Examining data/staden-2.0.0+b11/seq_utils/genetic_code_old.c
Examining data/staden-2.0.0+b11/seq_utils/genetic_code_old.h
Examining data/staden-2.0.0+b11/seq_utils/open_reading_frames.c
Examining data/staden-2.0.0+b11/seq_utils/open_reading_frames.h
Examining data/staden-2.0.0+b11/seq_utils/read_matrix.c
Examining data/staden-2.0.0+b11/seq_utils/read_matrix.h
Examining data/staden-2.0.0+b11/seq_utils/renz_utils.c
Examining data/staden-2.0.0+b11/seq_utils/renz_utils.h
Examining data/staden-2.0.0+b11/seq_utils/scramble.c
Examining data/staden-2.0.0+b11/seq_utils/scramble.h
Examining data/staden-2.0.0+b11/seq_utils/search_utils.c
Examining data/staden-2.0.0+b11/seq_utils/search_utils.h
Examining data/staden-2.0.0+b11/seq_utils/sequence_formats.c
Examining data/staden-2.0.0+b11/seq_utils/sequence_formats.h
Examining data/staden-2.0.0+b11/mutlib/mutlib.h
Examining data/staden-2.0.0+b11/mutlib/pathutil.h
Examining data/staden-2.0.0+b11/mutlib/read_matrix.h
Examining data/staden-2.0.0+b11/mutlib/sp_align_lib.h
Examining data/staden-2.0.0+b11/mutlib/sp_alignment.h
Examining data/staden-2.0.0+b11/mutlib/sp_alignment_structs.h
Examining data/staden-2.0.0+b11/mutlib/sp_hash_lib.h
Examining data/staden-2.0.0+b11/mutlib/sp_matrix.h
Examining data/staden-2.0.0+b11/mutlib/staden.h
Examining data/staden-2.0.0+b11/mutlib/align.cpp
Examining data/staden-2.0.0+b11/mutlib/align.hpp
Examining data/staden-2.0.0+b11/mutlib/array.hpp
Examining data/staden-2.0.0+b11/mutlib/basecall.cpp
Examining data/staden-2.0.0+b11/mutlib/basecall.hpp
Examining data/staden-2.0.0+b11/mutlib/caller.cpp
Examining data/staden-2.0.0+b11/mutlib/caller.hpp
Examining data/staden-2.0.0+b11/mutlib/caller_base.cpp
Examining data/staden-2.0.0+b11/mutlib/caller_base.hpp
Examining data/staden-2.0.0+b11/mutlib/caller_level.cpp
Examining data/staden-2.0.0+b11/mutlib/caller_level.hpp
Examining data/staden-2.0.0+b11/mutlib/caller_snr.cpp
Examining data/staden-2.0.0+b11/mutlib/caller_snr.hpp
Examining data/staden-2.0.0+b11/mutlib/dnatable.cpp
Examining data/staden-2.0.0+b11/mutlib/dnatable.hpp
Examining data/staden-2.0.0+b11/mutlib/list.hpp
Examining data/staden-2.0.0+b11/mutlib/listitem.hpp
Examining data/staden-2.0.0+b11/mutlib/matrix.hpp
Examining data/staden-2.0.0+b11/mutlib/mutationtag.cpp
Examining data/staden-2.0.0+b11/mutlib/mutationtag.hpp
Examining data/staden-2.0.0+b11/mutlib/mutationtag_utils.cpp
Examining data/staden-2.0.0+b11/mutlib/mutationtag_utils.hpp
Examining data/staden-2.0.0+b11/mutlib/mutscan.cpp
Examining data/staden-2.0.0+b11/mutlib/mutscan.hpp
Examining data/staden-2.0.0+b11/mutlib/mutscan_analysis.cpp
Examining data/staden-2.0.0+b11/mutlib/mutscan_analysis.hpp
Examining data/staden-2.0.0+b11/mutlib/mutscan_helper.cpp
Examining data/staden-2.0.0+b11/mutlib/mutscan_parameters.cpp
Examining data/staden-2.0.0+b11/mutlib/mutscan_parameters.hpp
Examining data/staden-2.0.0+b11/mutlib/mutscan_preprocess.cpp
Examining data/staden-2.0.0+b11/mutlib/mutscan_preprocess.hpp
Examining data/staden-2.0.0+b11/mutlib/mutscan_validate.cpp
Examining data/staden-2.0.0+b11/mutlib/muttag.cpp
Examining data/staden-2.0.0+b11/mutlib/muttag.hpp
Examining data/staden-2.0.0+b11/mutlib/parameter.hpp
Examining data/staden-2.0.0+b11/mutlib/pathutil.cpp
Examining data/staden-2.0.0+b11/mutlib/peakcall.cpp
Examining data/staden-2.0.0+b11/mutlib/peakcall.hpp
Examining data/staden-2.0.0+b11/mutlib/read_matrix.cpp
Examining data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp
Examining data/staden-2.0.0+b11/mutlib/sp_alignment.cpp
Examining data/staden-2.0.0+b11/mutlib/sp_hash_lib.cpp
Examining data/staden-2.0.0+b11/mutlib/sp_matrix.cpp
Examining data/staden-2.0.0+b11/mutlib/stringlist.cpp
Examining data/staden-2.0.0+b11/mutlib/stringlist.hpp
Examining data/staden-2.0.0+b11/mutlib/tagarray.cpp
Examining data/staden-2.0.0+b11/mutlib/tagarray.hpp
Examining data/staden-2.0.0+b11/mutlib/trace.cpp
Examining data/staden-2.0.0+b11/mutlib/trace.hpp
Examining data/staden-2.0.0+b11/mutlib/tracealign.cpp
Examining data/staden-2.0.0+b11/mutlib/tracealign.hpp
Examining data/staden-2.0.0+b11/mutlib/tracealign_cache.cpp
Examining data/staden-2.0.0+b11/mutlib/tracealign_cache.hpp
Examining data/staden-2.0.0+b11/mutlib/tracealign_helper.cpp
Examining data/staden-2.0.0+b11/mutlib/tracealign_interpolate.cpp
Examining data/staden-2.0.0+b11/mutlib/tracealign_preprocess.cpp
Examining data/staden-2.0.0+b11/mutlib/tracealign_preprocess.hpp
Examining data/staden-2.0.0+b11/mutlib/tracealign_validate.cpp
Examining data/staden-2.0.0+b11/mutlib/tracediff.cpp
Examining data/staden-2.0.0+b11/mutlib/tracediff.hpp
Examining data/staden-2.0.0+b11/mutlib/tracediff_helper.cpp
Examining data/staden-2.0.0+b11/mutlib/tracediff_mutations.cpp
Examining data/staden-2.0.0+b11/mutlib/tracediff_parameters.cpp
Examining data/staden-2.0.0+b11/mutlib/tracediff_parameters.hpp
Examining data/staden-2.0.0+b11/mutlib/tracediff_validate.cpp
Examining data/staden-2.0.0+b11/mutlib/validate.cpp
Examining data/staden-2.0.0+b11/mutlib/validate.hpp
Examining data/staden-2.0.0+b11/abi/abiIO.c
Examining data/staden-2.0.0+b11/abi/abiIO.h
Examining data/staden-2.0.0+b11/abi/getABISampleName.c
Examining data/staden-2.0.0+b11/abi/getABIcomment.c
Examining data/staden-2.0.0+b11/abi/getABIdate.c
Examining data/staden-2.0.0+b11/abi/getABIfield.c
Examining data/staden-2.0.0+b11/alf/alfsplit.c
Examining data/staden-2.0.0+b11/g/bitmap_test.c
Examining data/staden-2.0.0+b11/g/freetree-io.h
Examining data/staden-2.0.0+b11/g/freetree.c
Examining data/staden-2.0.0+b11/g/freetree.h
Examining data/staden-2.0.0+b11/g/g-connect.c
Examining data/staden-2.0.0+b11/g/g-connect.h
Examining data/staden-2.0.0+b11/g/g-db.c
Examining data/staden-2.0.0+b11/g/g-db.h
Examining data/staden-2.0.0+b11/g/g-debug.c
Examining data/staden-2.0.0+b11/g/g-defs.h
Examining data/staden-2.0.0+b11/g/g-error.c
Examining data/staden-2.0.0+b11/g/g-error.h
Examining data/staden-2.0.0+b11/g/g-filedefs.h
Examining data/staden-2.0.0+b11/g/g-files.c
Examining data/staden-2.0.0+b11/g/g-files.h
Examining data/staden-2.0.0+b11/g/g-io.c
Examining data/staden-2.0.0+b11/g/g-io.h
Examining data/staden-2.0.0+b11/g/g-misc.h
Examining data/staden-2.0.0+b11/g/g-os.h
Examining data/staden-2.0.0+b11/g/g-request.c
Examining data/staden-2.0.0+b11/g/g-request.h
Examining data/staden-2.0.0+b11/g/g-struct.c
Examining data/staden-2.0.0+b11/g/g-struct.h
Examining data/staden-2.0.0+b11/primer3/src/boulder_input.c
Examining data/staden-2.0.0+b11/primer3/src/boulder_input.h
Examining data/staden-2.0.0+b11/primer3/src/dpal.c
Examining data/staden-2.0.0+b11/primer3/src/dpal.h
Examining data/staden-2.0.0+b11/primer3/src/format_output.c
Examining data/staden-2.0.0+b11/primer3/src/format_output.h
Examining data/staden-2.0.0+b11/primer3/src/ntdpal_main.c
Examining data/staden-2.0.0+b11/primer3/src/oligotm.c
Examining data/staden-2.0.0+b11/primer3/src/oligotm.h
Examining data/staden-2.0.0+b11/primer3/src/primer3.h
Examining data/staden-2.0.0+b11/primer3/src/primer3_lib.c
Examining data/staden-2.0.0+b11/primer3/src/primer3_main.c
Examining data/staden-2.0.0+b11/primer3/src/primer3_release.c
Examining data/staden-2.0.0+b11/primer3/src/primer3_release.h
Examining data/staden-2.0.0+b11/gap4/IO1.c
Examining data/staden-2.0.0+b11/gap4/IO1.h
Examining data/staden-2.0.0+b11/gap4/IO2.c
Examining data/staden-2.0.0+b11/gap4/IO2.h
Examining data/staden-2.0.0+b11/gap4/IO3.c
Examining data/staden-2.0.0+b11/gap4/QueueInterface.h
Examining data/staden-2.0.0+b11/gap4/SeqQueueTypes.h
Examining data/staden-2.0.0+b11/gap4/actf.c
Examining data/staden-2.0.0+b11/gap4/actf.h
Examining data/staden-2.0.0+b11/gap4/active_tags.c
Examining data/staden-2.0.0+b11/gap4/active_tags.h
Examining data/staden-2.0.0+b11/gap4/alter_rel.c
Examining data/staden-2.0.0+b11/gap4/alter_rel.h
Examining data/staden-2.0.0+b11/gap4/assemble_direct.c
Examining data/staden-2.0.0+b11/gap4/assemble_direct.h
Examining data/staden-2.0.0+b11/gap4/auto_assemble.c
Examining data/staden-2.0.0+b11/gap4/auto_assemble.h
Examining data/staden-2.0.0+b11/gap4/auto_break.c
Examining data/staden-2.0.0+b11/gap4/auto_break.h
Examining data/staden-2.0.0+b11/gap4/break_contig.c
Examining data/staden-2.0.0+b11/gap4/break_contig.h
Examining data/staden-2.0.0+b11/gap4/bubbl3.c
Examining data/staden-2.0.0+b11/gap4/check_assembly.c
Examining data/staden-2.0.0+b11/gap4/check_assembly.h
Examining data/staden-2.0.0+b11/gap4/clip.c
Examining data/staden-2.0.0+b11/gap4/clip.h
Examining data/staden-2.0.0+b11/gap4/clones.c
Examining data/staden-2.0.0+b11/gap4/clones.h
Examining data/staden-2.0.0+b11/gap4/complement.c
Examining data/staden-2.0.0+b11/gap4/complement.h
Examining data/staden-2.0.0+b11/gap4/confidence_graph.c
Examining data/staden-2.0.0+b11/gap4/confidence_graph.h
Examining data/staden-2.0.0+b11/gap4/consen.c
Examining data/staden-2.0.0+b11/gap4/consen.h
Examining data/staden-2.0.0+b11/gap4/consistency_canvas_box.c
Examining data/staden-2.0.0+b11/gap4/consistency_canvas_box.h
Examining data/staden-2.0.0+b11/gap4/consistency_display.c
Examining data/staden-2.0.0+b11/gap4/consistency_display.h
Examining data/staden-2.0.0+b11/gap4/contigEditor.c
Examining data/staden-2.0.0+b11/gap4/contigEditor.h
Examining data/staden-2.0.0+b11/gap4/contig_order.c
Examining data/staden-2.0.0+b11/gap4/contig_order.h
Examining data/staden-2.0.0+b11/gap4/contig_selector.c
Examining data/staden-2.0.0+b11/gap4/contig_selector.h
Examining data/staden-2.0.0+b11/gap4/copy_db.c
Examining data/staden-2.0.0+b11/gap4/copy_db.h
Examining data/staden-2.0.0+b11/gap4/copy_db_main.c
Examining data/staden-2.0.0+b11/gap4/cs-object.c
Examining data/staden-2.0.0+b11/gap4/cs-object.h
Examining data/staden-2.0.0+b11/gap4/dbcheck.c
Examining data/staden-2.0.0+b11/gap4/dbcheck.h
Examining data/staden-2.0.0+b11/gap4/dis_readings.c
Examining data/staden-2.0.0+b11/gap4/dis_readings.h
Examining data/staden-2.0.0+b11/gap4/do_fij.c
Examining data/staden-2.0.0+b11/gap4/dstrand.c
Examining data/staden-2.0.0+b11/gap4/dstrand.h
Examining data/staden-2.0.0+b11/gap4/edCommands.c
Examining data/staden-2.0.0+b11/gap4/edCommands.h
Examining data/staden-2.0.0+b11/gap4/edExtend.c
Examining data/staden-2.0.0+b11/gap4/edInterface.c
Examining data/staden-2.0.0+b11/gap4/edMutations.c
Examining data/staden-2.0.0+b11/gap4/edStructs.h
Examining data/staden-2.0.0+b11/gap4/edUtils.h
Examining data/staden-2.0.0+b11/gap4/edUtils2.c
Examining data/staden-2.0.0+b11/gap4/extend.h
Examining data/staden-2.0.0+b11/gap4/extract.c
Examining data/staden-2.0.0+b11/gap4/extract.h
Examining data/staden-2.0.0+b11/gap4/f2c.c
Examining data/staden-2.0.0+b11/gap4/f2c.h
Examining data/staden-2.0.0+b11/gap4/fij.c
Examining data/staden-2.0.0+b11/gap4/fij.h
Examining data/staden-2.0.0+b11/gap4/find_fragments.c
Examining data/staden-2.0.0+b11/gap4/find_fragments.h
Examining data/staden-2.0.0+b11/gap4/find_oligo.c
Examining data/staden-2.0.0+b11/gap4/find_oligo.h
Examining data/staden-2.0.0+b11/gap4/find_repeats.c
Examining data/staden-2.0.0+b11/gap4/find_repeats.h
Examining data/staden-2.0.0+b11/gap4/fort.h
Examining data/staden-2.0.0+b11/gap4/fortran.h
Examining data/staden-2.0.0+b11/gap4/gap-create.c
Examining data/staden-2.0.0+b11/gap4/gap-create.h
Examining data/staden-2.0.0+b11/gap4/gap-dbstruct.c
Examining data/staden-2.0.0+b11/gap4/gap-dbstruct.h
Examining data/staden-2.0.0+b11/gap4/gap-defaults.h
Examining data/staden-2.0.0+b11/gap4/gap-error.c
Examining data/staden-2.0.0+b11/gap4/gap-error.h
Examining data/staden-2.0.0+b11/gap4/gap-if.c
Examining data/staden-2.0.0+b11/gap4/gap-if.h
Examining data/staden-2.0.0+b11/gap4/gap-init.c
Examining data/staden-2.0.0+b11/gap4/gap-init.h
Examining data/staden-2.0.0+b11/gap4/gap-io.c
Examining data/staden-2.0.0+b11/gap4/gap-io.h
Examining data/staden-2.0.0+b11/gap4/gap-local.c
Examining data/staden-2.0.0+b11/gap4/gap-local.h
Examining data/staden-2.0.0+b11/gap4/gap-remote.c
Examining data/staden-2.0.0+b11/gap4/gap-remote.h
Examining data/staden-2.0.0+b11/gap4/gap-tcl.c
Examining data/staden-2.0.0+b11/gap4/gap-tcl.h
Examining data/staden-2.0.0+b11/gap4/gap-thrash.c
Examining data/staden-2.0.0+b11/gap4/gap-thrash2.c
Examining data/staden-2.0.0+b11/gap4/gap-thrash2bug.c
Examining data/staden-2.0.0+b11/gap4/gap-thrash3.c
Examining data/staden-2.0.0+b11/gap4/gap-thrash_main.c
Examining data/staden-2.0.0+b11/gap4/gap_array.c
Examining data/staden-2.0.0+b11/gap4/gap_array.h
Examining data/staden-2.0.0+b11/gap4/gap_canvas_box.c
Examining data/staden-2.0.0+b11/gap4/gap_canvas_box.h
Examining data/staden-2.0.0+b11/gap4/gap_cli_arg.c
Examining data/staden-2.0.0+b11/gap4/gap_cli_arg.h
Examining data/staden-2.0.0+b11/gap4/gap_globals.c
Examining data/staden-2.0.0+b11/gap4/gap_globals.h
Examining data/staden-2.0.0+b11/gap4/gap_hash.c
Examining data/staden-2.0.0+b11/gap4/gap_hash.h
Examining data/staden-2.0.0+b11/gap4/hash.c
Examining data/staden-2.0.0+b11/gap4/hash.h
Examining data/staden-2.0.0+b11/gap4/hash_lib.c
Examining data/staden-2.0.0+b11/gap4/hash_lib.h
Examining data/staden-2.0.0+b11/gap4/init.c
Examining data/staden-2.0.0+b11/gap4/io-reg.c
Examining data/staden-2.0.0+b11/gap4/io-reg.h
Examining data/staden-2.0.0+b11/gap4/io_handle.c
Examining data/staden-2.0.0+b11/gap4/io_handle.h
Examining data/staden-2.0.0+b11/gap4/io_utils.c
Examining data/staden-2.0.0+b11/gap4/io_utils.h
Examining data/staden-2.0.0+b11/gap4/join.c
Examining data/staden-2.0.0+b11/gap4/legacy_f2c.c
Examining data/staden-2.0.0+b11/gap4/list.c
Examining data/staden-2.0.0+b11/gap4/list.h
Examining data/staden-2.0.0+b11/gap4/list_proc.c
Examining data/staden-2.0.0+b11/gap4/list_proc.h
Examining data/staden-2.0.0+b11/gap4/mess.c
Examining data/staden-2.0.0+b11/gap4/newgap_cmds.c
Examining data/staden-2.0.0+b11/gap4/newgap_cmds.h
Examining data/staden-2.0.0+b11/gap4/newgap_structs.h
Examining data/staden-2.0.0+b11/gap4/notedb.c
Examining data/staden-2.0.0+b11/gap4/notedb.h
Examining data/staden-2.0.0+b11/gap4/notes.c
Examining data/staden-2.0.0+b11/gap4/notes.h
Examining data/staden-2.0.0+b11/gap4/oligo.c
Examining data/staden-2.0.0+b11/gap4/oligo.h
Examining data/staden-2.0.0+b11/gap4/oligo_sel.c
Examining data/staden-2.0.0+b11/gap4/oligo_sel.h
Examining data/staden-2.0.0+b11/gap4/parse_ft.c
Examining data/staden-2.0.0+b11/gap4/parse_ft.h
Examining data/staden-2.0.0+b11/gap4/plot_quality.c
Examining data/staden-2.0.0+b11/gap4/plot_quality.h
Examining data/staden-2.0.0+b11/gap4/preass.c
Examining data/staden-2.0.0+b11/gap4/preass.h
Examining data/staden-2.0.0+b11/gap4/primlib.c
Examining data/staden-2.0.0+b11/gap4/primlib.h
Examining data/staden-2.0.0+b11/gap4/probe.c
Examining data/staden-2.0.0+b11/gap4/probe.h
Examining data/staden-2.0.0+b11/gap4/qual.c
Examining data/staden-2.0.0+b11/gap4/qual.h
Examining data/staden-2.0.0+b11/gap4/qualIO.c
Examining data/staden-2.0.0+b11/gap4/qualIO.h
Examining data/staden-2.0.0+b11/gap4/qualP.h
Examining data/staden-2.0.0+b11/gap4/quality_plot.c
Examining data/staden-2.0.0+b11/gap4/quality_plot.h
Examining data/staden-2.0.0+b11/gap4/reactions.c
Examining data/staden-2.0.0+b11/gap4/reactions.h
Examining data/staden-2.0.0+b11/gap4/reading_coverage.c
Examining data/staden-2.0.0+b11/gap4/reading_coverage.h
Examining data/staden-2.0.0+b11/gap4/readpair.c
Examining data/staden-2.0.0+b11/gap4/readpair.h
Examining data/staden-2.0.0+b11/gap4/readpair_coverage.c
Examining data/staden-2.0.0+b11/gap4/readpair_coverage.h
Examining data/staden-2.0.0+b11/gap4/restriction_enzymes.c
Examining data/staden-2.0.0+b11/gap4/restriction_enzymes.h
Examining data/staden-2.0.0+b11/gap4/ruler_display.c
Examining data/staden-2.0.0+b11/gap4/ruler_display.h
Examining data/staden-2.0.0+b11/gap4/searchUtils.c
Examining data/staden-2.0.0+b11/gap4/select.h
Examining data/staden-2.0.0+b11/gap4/seqInfo.c
Examining data/staden-2.0.0+b11/gap4/seqInfo.h
Examining data/staden-2.0.0+b11/gap4/show_relationships.c
Examining data/staden-2.0.0+b11/gap4/show_relationships.h
Examining data/staden-2.0.0+b11/gap4/shuffle_pads.c
Examining data/staden-2.0.0+b11/gap4/shuffle_pads.h
Examining data/staden-2.0.0+b11/gap4/stack_dump.c
Examining data/staden-2.0.0+b11/gap4/stack_dump.h
Examining data/staden-2.0.0+b11/gap4/stop_codon.c
Examining data/staden-2.0.0+b11/gap4/stop_codon.h
Examining data/staden-2.0.0+b11/gap4/strand_coverage.c
Examining data/staden-2.0.0+b11/gap4/strand_coverage.h
Examining data/staden-2.0.0+b11/gap4/tagDefs.h
Examining data/staden-2.0.0+b11/gap4/tagEditor.c
Examining data/staden-2.0.0+b11/gap4/tagU1.c
Examining data/staden-2.0.0+b11/gap4/tagU2.c
Examining data/staden-2.0.0+b11/gap4/tagUtils.h
Examining data/staden-2.0.0+b11/gap4/tagdb.c
Examining data/staden-2.0.0+b11/gap4/tagdb.h
Examining data/staden-2.0.0+b11/gap4/template.c
Examining data/staden-2.0.0+b11/gap4/template.h
Examining data/staden-2.0.0+b11/gap4/template_display.c
Examining data/staden-2.0.0+b11/gap4/template_display.h
Examining data/staden-2.0.0+b11/gap4/text-io-reg.c
Examining data/staden-2.0.0+b11/gap4/tk-io-reg.c
Examining data/staden-2.0.0+b11/gap4/tk-io-reg.h
Examining data/staden-2.0.0+b11/gap4/tkAppInit.c
Examining data/staden-2.0.0+b11/gap4/tkEdNames.c
Examining data/staden-2.0.0+b11/gap4/tkEdNames.h
Examining data/staden-2.0.0+b11/gap4/tkEdUtils.c
Examining data/staden-2.0.0+b11/gap4/tkEditor.c
Examining data/staden-2.0.0+b11/gap4/tkEditor.h
Examining data/staden-2.0.0+b11/gap4/tman_cons.c
Examining data/staden-2.0.0+b11/gap4/tman_diff.c
Examining data/staden-2.0.0+b11/gap4/tman_diff.h
Examining data/staden-2.0.0+b11/gap4/tman_display.c
Examining data/staden-2.0.0+b11/gap4/tman_display.h
Examining data/staden-2.0.0+b11/gap4/tman_interface.c
Examining data/staden-2.0.0+b11/gap4/tman_interface.h
Examining data/staden-2.0.0+b11/gap4/undo.c
Examining data/staden-2.0.0+b11/gap4/undo.h
Examining data/staden-2.0.0+b11/gap4/vseqs.c
Examining data/staden-2.0.0+b11/gap4/vseqs.h
Examining data/staden-2.0.0+b11/prefinish/delta_g.c
Examining data/staden-2.0.0+b11/prefinish/dist.c
Examining data/staden-2.0.0+b11/prefinish/dust.c
Examining data/staden-2.0.0+b11/prefinish/dust.h
Examining data/staden-2.0.0+b11/prefinish/finish.c
Examining data/staden-2.0.0+b11/prefinish/finish.h
Examining data/staden-2.0.0+b11/prefinish/finish_distributions.c
Examining data/staden-2.0.0+b11/prefinish/finish_filter.c
Examining data/staden-2.0.0+b11/prefinish/finish_filter.h
Examining data/staden-2.0.0+b11/prefinish/finish_hash.c
Examining data/staden-2.0.0+b11/prefinish/finish_hash.h
Examining data/staden-2.0.0+b11/prefinish/finish_long.c
Examining data/staden-2.0.0+b11/prefinish/finish_long.h
Examining data/staden-2.0.0+b11/prefinish/finish_main.c
Examining data/staden-2.0.0+b11/prefinish/finish_main.h
Examining data/staden-2.0.0+b11/prefinish/finish_pcr.c
Examining data/staden-2.0.0+b11/prefinish/finish_pcr.h
Examining data/staden-2.0.0+b11/prefinish/finish_reverse.c
Examining data/staden-2.0.0+b11/prefinish/finish_reverse.h
Examining data/staden-2.0.0+b11/prefinish/finish_utils.c
Examining data/staden-2.0.0+b11/prefinish/finish_utils.h
Examining data/staden-2.0.0+b11/prefinish/finish_walk.c
Examining data/staden-2.0.0+b11/prefinish/finish_walk.h
Examining data/staden-2.0.0+b11/prefinish/gap_cli_arg.c
Examining data/staden-2.0.0+b11/prefinish/gap_cli_arg.h
Examining data/staden-2.0.0+b11/prefinish/init.c
Examining data/staden-2.0.0+b11/prefinish/insert_size_dist.c
Examining data/staden-2.0.0+b11/prefinish/main.c
Examining data/staden-2.0.0+b11/prefinish/random.c
Examining data/staden-2.0.0+b11/prefinish/read_conf_dist.c
Examining data/staden-2.0.0+b11/prefinish/read_size_dist.c
Examining data/staden-2.0.0+b11/prefinish/test.c
Examining data/staden-2.0.0+b11/prefinish/testbak.c
Examining data/staden-2.0.0+b11/prefinish/tkMain.c
Examining data/staden-2.0.0+b11/haplo/haplo.h
Examining data/staden-2.0.0+b11/haplo/haplo_cons.c
Examining data/staden-2.0.0+b11/haplo/haplo_snps.c
Examining data/staden-2.0.0+b11/haplo/haplo_split.c
Examining data/staden-2.0.0+b11/haplo/haplo_tcl.c
Examining data/staden-2.0.0+b11/eba/conf.h
Examining data/staden-2.0.0+b11/eba/qual.c
Examining data/staden-2.0.0+b11/eba/conf.c
Examining data/staden-2.0.0+b11/init_exp/init_exp.c
Examining data/staden-2.0.0+b11/get_scf_field/get_scf_field.c
Examining data/staden-2.0.0+b11/spin/codon_content.c
Examining data/staden-2.0.0+b11/spin/codon_content.h
Examining data/staden-2.0.0+b11/spin/compare_spans.c
Examining data/staden-2.0.0+b11/spin/compare_spans.h
Examining data/staden-2.0.0+b11/spin/dinuc_freqs.c
Examining data/staden-2.0.0+b11/spin/dinuc_freqs.h
Examining data/staden-2.0.0+b11/spin/emboss_input_funcs.c
Examining data/staden-2.0.0+b11/spin/emboss_input_funcs.h
Examining data/staden-2.0.0+b11/spin/init.c
Examining data/staden-2.0.0+b11/spin/nip_base_comp.c
Examining data/staden-2.0.0+b11/spin/nip_base_comp.h
Examining data/staden-2.0.0+b11/spin/nip_canvas_box.c
Examining data/staden-2.0.0+b11/spin/nip_canvas_box.h
Examining data/staden-2.0.0+b11/spin/nip_cmds.c
Examining data/staden-2.0.0+b11/spin/nip_cmds.h
Examining data/staden-2.0.0+b11/spin/nip_gene_search.c
Examining data/staden-2.0.0+b11/spin/nip_gene_search.h
Examining data/staden-2.0.0+b11/spin/nip_globals.c
Examining data/staden-2.0.0+b11/spin/nip_globals.h
Examining data/staden-2.0.0+b11/spin/nip_raster.h
Examining data/staden-2.0.0+b11/spin/nip_restriction_enzymes.c
Examining data/staden-2.0.0+b11/spin/nip_restriction_enzymes.h
Examining data/staden-2.0.0+b11/spin/nip_results.h
Examining data/staden-2.0.0+b11/spin/nip_sendto.h
Examining data/staden-2.0.0+b11/spin/nip_splice_search.c
Examining data/staden-2.0.0+b11/spin/nip_splice_search.h
Examining data/staden-2.0.0+b11/spin/nip_stop_codon.c
Examining data/staden-2.0.0+b11/spin/nip_stop_codon.h
Examining data/staden-2.0.0+b11/spin/nip_string_search.c
Examining data/staden-2.0.0+b11/spin/nip_string_search.h
Examining data/staden-2.0.0+b11/spin/nip_structs.h
Examining data/staden-2.0.0+b11/spin/nip_trna_search.c
Examining data/staden-2.0.0+b11/spin/nip_trna_search.h
Examining data/staden-2.0.0+b11/spin/nip_wtmatrix_search.c
Examining data/staden-2.0.0+b11/spin/nip_wtmatrix_search.h
Examining data/staden-2.0.0+b11/spin/probs.c
Examining data/staden-2.0.0+b11/spin/probs.h
Examining data/staden-2.0.0+b11/spin/raster_cmds.c
Examining data/staden-2.0.0+b11/spin/raster_cmds.h
Examining data/staden-2.0.0+b11/spin/raster_globals.h
Examining data/staden-2.0.0+b11/spin/raster_structs.h
Examining data/staden-2.0.0+b11/spin/readpam.c
Examining data/staden-2.0.0+b11/spin/readpam.h
Examining data/staden-2.0.0+b11/spin/rescan_matches.c
Examining data/staden-2.0.0+b11/spin/rescan_matches.h
Examining data/staden-2.0.0+b11/spin/resource.h
Examining data/staden-2.0.0+b11/spin/seq_plot_funcs.c
Examining data/staden-2.0.0+b11/spin/seq_plot_funcs.h
Examining data/staden-2.0.0+b11/spin/seq_raster.c
Examining data/staden-2.0.0+b11/spin/seq_raster.h
Examining data/staden-2.0.0+b11/spin/seq_reg.c
Examining data/staden-2.0.0+b11/spin/seq_reg.h
Examining data/staden-2.0.0+b11/spin/seq_reg_cmds.c
Examining data/staden-2.0.0+b11/spin/seq_reg_structs.h
Examining data/staden-2.0.0+b11/spin/seq_results.c
Examining data/staden-2.0.0+b11/spin/seq_results.h
Examining data/staden-2.0.0+b11/spin/seq_sendto.c
Examining data/staden-2.0.0+b11/spin/seq_sendto.h
Examining data/staden-2.0.0+b11/spin/seqed.c
Examining data/staden-2.0.0+b11/spin/seqed.h
Examining data/staden-2.0.0+b11/spin/seqedInterface.c
Examining data/staden-2.0.0+b11/spin/seqedInterface.h
Examining data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.c
Examining data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.h
Examining data/staden-2.0.0+b11/spin/seqed_search.c
Examining data/staden-2.0.0+b11/spin/seqed_search.h
Examining data/staden-2.0.0+b11/spin/seqed_translate.c
Examining data/staden-2.0.0+b11/spin/seqed_translate.h
Examining data/staden-2.0.0+b11/spin/seqed_write.c
Examining data/staden-2.0.0+b11/spin/seqed_write.h
Examining data/staden-2.0.0+b11/spin/sequence_pair_display.c
Examining data/staden-2.0.0+b11/spin/sequence_pair_display.h
Examining data/staden-2.0.0+b11/spin/sequtils.c
Examining data/staden-2.0.0+b11/spin/sequtils.h
Examining data/staden-2.0.0+b11/spin/sequtils_cmds.h
Examining data/staden-2.0.0+b11/spin/sequtils_structs.h
Examining data/staden-2.0.0+b11/spin/sim.c
Examining data/staden-2.0.0+b11/spin/sim.h
Examining data/staden-2.0.0+b11/spin/sip_align.c
Examining data/staden-2.0.0+b11/spin/sip_align.h
Examining data/staden-2.0.0+b11/spin/sip_cmds.c
Examining data/staden-2.0.0+b11/spin/sip_cmds.h
Examining data/staden-2.0.0+b11/spin/sip_find_identity.c
Examining data/staden-2.0.0+b11/spin/sip_find_identity.h
Examining data/staden-2.0.0+b11/spin/sip_globals.c
Examining data/staden-2.0.0+b11/spin/sip_globals.h
Examining data/staden-2.0.0+b11/spin/sip_hash.c
Examining data/staden-2.0.0+b11/spin/sip_hash.h
Examining data/staden-2.0.0+b11/spin/sip_quick_scan.c
Examining data/staden-2.0.0+b11/spin/sip_quick_scan.h
Examining data/staden-2.0.0+b11/spin/sip_results.c
Examining data/staden-2.0.0+b11/spin/sip_results.h
Examining data/staden-2.0.0+b11/spin/sip_sendto.h
Examining data/staden-2.0.0+b11/spin/sip_sim.c
Examining data/staden-2.0.0+b11/spin/sip_sim.h
Examining data/staden-2.0.0+b11/spin/sip_similar_spans.c
Examining data/staden-2.0.0+b11/spin/sip_similar_spans.h
Examining data/staden-2.0.0+b11/spin/sip_structs.h
Examining data/staden-2.0.0+b11/spin/spin_globals.c
Examining data/staden-2.0.0+b11/spin/spin_globals.h
Examining data/staden-2.0.0+b11/spin/splice_search.c
Examining data/staden-2.0.0+b11/spin/splice_search.h
Examining data/staden-2.0.0+b11/spin/tkSeqed.c
Examining data/staden-2.0.0+b11/spin/tkSeqed.h
Examining data/staden-2.0.0+b11/spin/tkSeqedNames.c
Examining data/staden-2.0.0+b11/spin/tkSeqedNames.h
Examining data/staden-2.0.0+b11/spin/tkSeqedUtils.c
Examining data/staden-2.0.0+b11/spin/tkSeqedUtils.h
Examining data/staden-2.0.0+b11/spin/trna_search.c
Examining data/staden-2.0.0+b11/spin/trna_search.h
Examining data/staden-2.0.0+b11/vector_clip/vector_clip.c
Examining data/staden-2.0.0+b11/tracediff/staden.h
Examining data/staden-2.0.0+b11/tracediff/main.cpp
Examining data/staden-2.0.0+b11/screen_seq/screen_seq.c
Examining data/staden-2.0.0+b11/qclip/consen.c
Examining data/staden-2.0.0+b11/qclip/consen.h
Examining data/staden-2.0.0+b11/qclip/qclip.c
Examining data/staden-2.0.0+b11/qclip/seqInfo.c
Examining data/staden-2.0.0+b11/qclip/seqInfo.h
Examining data/staden-2.0.0+b11/polyA_clip/polyA_clip.c
Examining data/staden-2.0.0+b11/polyA_clip/seqInfo.c
Examining data/staden-2.0.0+b11/polyA_clip/seqInfo.h
Examining data/staden-2.0.0+b11/stops/stops.c
Examining data/staden-2.0.0+b11/make_weights/make_weights.c
Examining data/staden-2.0.0+b11/find_renz/find_renz.c
Examining data/staden-2.0.0+b11/copy_reads/copy_reads.c
Examining data/staden-2.0.0+b11/copy_reads/copy_reads.h
Examining data/staden-2.0.0+b11/copy_reads/copy_reads_globals.c
Examining data/staden-2.0.0+b11/copy_reads/copy_reads_globals.h
Examining data/staden-2.0.0+b11/hetins/hetins.c
Examining data/staden-2.0.0+b11/mutscan/pathutil.h
Examining data/staden-2.0.0+b11/mutscan/staden.h
Examining data/staden-2.0.0+b11/mutscan/main.cpp
Examining data/staden-2.0.0+b11/mutscan/pathutil.cpp
Examining data/staden-2.0.0+b11/mutscan/stringlist.cpp
Examining data/staden-2.0.0+b11/mutscan/stringlist.hpp
Examining data/staden-2.0.0+b11/convert/bapDB.c
Examining data/staden-2.0.0+b11/convert/bapDB.h
Examining data/staden-2.0.0+b11/convert/bapIO.c
Examining data/staden-2.0.0+b11/convert/bapIO.h
Examining data/staden-2.0.0+b11/convert/dapDB.c
Examining data/staden-2.0.0+b11/convert/dapDB.h
Examining data/staden-2.0.0+b11/convert/dapIO.c
Examining data/staden-2.0.0+b11/convert/dapIO.h
Examining data/staden-2.0.0+b11/convert/flat_sd.c
Examining data/staden-2.0.0+b11/convert/flat_sd.h
Examining data/staden-2.0.0+b11/convert/gapDB.c
Examining data/staden-2.0.0+b11/convert/gapDB.h
Examining data/staden-2.0.0+b11/convert/list.c
Examining data/staden-2.0.0+b11/convert/list.h
Examining data/staden-2.0.0+b11/convert/main.c
Examining data/staden-2.0.0+b11/convert/newtypes.h
Examining data/staden-2.0.0+b11/convert/process.c
Examining data/staden-2.0.0+b11/convert/process.h
Examining data/staden-2.0.0+b11/convert/sap2dap.c
Examining data/staden-2.0.0+b11/gap5/ace.c
Examining data/staden-2.0.0+b11/gap5/ace.h
Examining data/staden-2.0.0+b11/gap5/actf.c
Examining data/staden-2.0.0+b11/gap5/actf.h
Examining data/staden-2.0.0+b11/gap5/active_tags.c
Examining data/staden-2.0.0+b11/gap5/active_tags.h
Examining data/staden-2.0.0+b11/gap5/afg.c
Examining data/staden-2.0.0+b11/gap5/afg.h
Examining data/staden-2.0.0+b11/gap5/auto_break.c
Examining data/staden-2.0.0+b11/gap5/auto_break.h
Examining data/staden-2.0.0+b11/gap5/b+tree2.c
Examining data/staden-2.0.0+b11/gap5/b+tree2.h
Examining data/staden-2.0.0+b11/gap5/baf.c
Examining data/staden-2.0.0+b11/gap5/baf.h
Examining data/staden-2.0.0+b11/gap5/break_contig.c
Examining data/staden-2.0.0+b11/gap5/break_contig.h
Examining data/staden-2.0.0+b11/gap5/caf.c
Examining data/staden-2.0.0+b11/gap5/caf.h
Examining data/staden-2.0.0+b11/gap5/check_assembly.c
Examining data/staden-2.0.0+b11/gap5/check_assembly.h
Examining data/staden-2.0.0+b11/gap5/consen.c
Examining data/staden-2.0.0+b11/gap5/consen.h
Examining data/staden-2.0.0+b11/gap5/consensus.c
Examining data/staden-2.0.0+b11/gap5/consensus.h
Examining data/staden-2.0.0+b11/gap5/contig_extend.c
Examining data/staden-2.0.0+b11/gap5/contig_extend.h
Examining data/staden-2.0.0+b11/gap5/contig_selector.c
Examining data/staden-2.0.0+b11/gap5/contig_selector.h
Examining data/staden-2.0.0+b11/gap5/cs-object.c
Examining data/staden-2.0.0+b11/gap5/cs-object.h
Examining data/staden-2.0.0+b11/gap5/depad_seq_tree.c
Examining data/staden-2.0.0+b11/gap5/depad_seq_tree.h
Examining data/staden-2.0.0+b11/gap5/depth_track.c
Examining data/staden-2.0.0+b11/gap5/depth_track.h
Examining data/staden-2.0.0+b11/gap5/dis_readings.c
Examining data/staden-2.0.0+b11/gap5/dis_readings.h
Examining data/staden-2.0.0+b11/gap5/do_fij.c
Examining data/staden-2.0.0+b11/gap5/editor_join.c
Examining data/staden-2.0.0+b11/gap5/editor_join.h
Examining data/staden-2.0.0+b11/gap5/editor_oligo.c
Examining data/staden-2.0.0+b11/gap5/editor_oligo.h
Examining data/staden-2.0.0+b11/gap5/editor_search.c
Examining data/staden-2.0.0+b11/gap5/editor_view.c
Examining data/staden-2.0.0+b11/gap5/editor_view.h
Examining data/staden-2.0.0+b11/gap5/export_contigs.h
Examining data/staden-2.0.0+b11/gap5/export_snps.c
Examining data/staden-2.0.0+b11/gap5/export_snps.h
Examining data/staden-2.0.0+b11/gap5/extract.h
Examining data/staden-2.0.0+b11/gap5/fasta.c
Examining data/staden-2.0.0+b11/gap5/fasta.h
Examining data/staden-2.0.0+b11/gap5/fij.c
Examining data/staden-2.0.0+b11/gap5/fij.h
Examining data/staden-2.0.0+b11/gap5/find_haplotypes.0.c
Examining data/staden-2.0.0+b11/gap5/find_haplotypes.c
Examining data/staden-2.0.0+b11/gap5/find_haplotypes.h
Examining data/staden-2.0.0+b11/gap5/find_oligo.c
Examining data/staden-2.0.0+b11/gap5/find_oligo.h
Examining data/staden-2.0.0+b11/gap5/find_repeats.c
Examining data/staden-2.0.0+b11/gap5/find_repeats.h
Examining data/staden-2.0.0+b11/gap5/g-alloc.c
Examining data/staden-2.0.0+b11/gap5/g-alloc.h
Examining data/staden-2.0.0+b11/gap5/g-connect.c
Examining data/staden-2.0.0+b11/gap5/g-connect.h
Examining data/staden-2.0.0+b11/gap5/g-db.c
Examining data/staden-2.0.0+b11/gap5/g-db.h
Examining data/staden-2.0.0+b11/gap5/g-defs.h
Examining data/staden-2.0.0+b11/gap5/g-error.c
Examining data/staden-2.0.0+b11/gap5/g-error.h
Examining data/staden-2.0.0+b11/gap5/g-filedefs.h
Examining data/staden-2.0.0+b11/gap5/g-files.c
Examining data/staden-2.0.0+b11/gap5/g-files.h
Examining data/staden-2.0.0+b11/gap5/g-io.c
Examining data/staden-2.0.0+b11/gap5/g-io.h
Examining data/staden-2.0.0+b11/gap5/g-misc.h
Examining data/staden-2.0.0+b11/gap5/g-os.h
Examining data/staden-2.0.0+b11/gap5/g-request.c
Examining data/staden-2.0.0+b11/gap5/g-request.h
Examining data/staden-2.0.0+b11/gap5/g-struct.c
Examining data/staden-2.0.0+b11/gap5/g-struct.h
Examining data/staden-2.0.0+b11/gap5/g.h
Examining data/staden-2.0.0+b11/gap5/gap-error.c
Examining data/staden-2.0.0+b11/gap5/gap-error.h
Examining data/staden-2.0.0+b11/gap5/gap-if.h
Examining data/staden-2.0.0+b11/gap5/gap-tcl.h
Examining data/staden-2.0.0+b11/gap5/gap4_compat.c
Examining data/staden-2.0.0+b11/gap5/gap4_compat.h
Examining data/staden-2.0.0+b11/gap5/gap_canvas_box.c
Examining data/staden-2.0.0+b11/gap5/gap_canvas_box.h
Examining data/staden-2.0.0+b11/gap5/gap_cli_arg.c
Examining data/staden-2.0.0+b11/gap5/gap_cli_arg.h
Examining data/staden-2.0.0+b11/gap5/gap_globals.c
Examining data/staden-2.0.0+b11/gap5/gap_globals.h
Examining data/staden-2.0.0+b11/gap5/gap_hash.c
Examining data/staden-2.0.0+b11/gap5/gap_hash.h
Examining data/staden-2.0.0+b11/gap5/gap_range.c
Examining data/staden-2.0.0+b11/gap5/gap_range.h
Examining data/staden-2.0.0+b11/gap5/hache_table.c
Examining data/staden-2.0.0+b11/gap5/hache_table.h
Examining data/staden-2.0.0+b11/gap5/hash_lib.c
Examining data/staden-2.0.0+b11/gap5/hash_lib.h
Examining data/staden-2.0.0+b11/gap5/import_gff.c
Examining data/staden-2.0.0+b11/gap5/import_gff.h
Examining data/staden-2.0.0+b11/gap5/init.c
Examining data/staden-2.0.0+b11/gap5/interval_tree.c
Examining data/staden-2.0.0+b11/gap5/interval_tree.h
Examining data/staden-2.0.0+b11/gap5/io_handle.h
Examining data/staden-2.0.0+b11/gap5/io_utils.h
Examining data/staden-2.0.0+b11/gap5/list.h
Examining data/staden-2.0.0+b11/gap5/list_proc.c
Examining data/staden-2.0.0+b11/gap5/list_proc.h
Examining data/staden-2.0.0+b11/gap5/maq.c
Examining data/staden-2.0.0+b11/gap5/maq.h
Examining data/staden-2.0.0+b11/gap5/maqmap.c
Examining data/staden-2.0.0+b11/gap5/maqmap.h
Examining data/staden-2.0.0+b11/gap5/mkdefs.c
Examining data/staden-2.0.0+b11/gap5/newgap5_cmds.c
Examining data/staden-2.0.0+b11/gap5/newgap_cmds.h
Examining data/staden-2.0.0+b11/gap5/newgap_structs.h
Examining data/staden-2.0.0+b11/gap5/notedb.c
Examining data/staden-2.0.0+b11/gap5/notedb.h
Examining data/staden-2.0.0+b11/gap5/primlib.c
Examining data/staden-2.0.0+b11/gap5/primlib.h
Examining data/staden-2.0.0+b11/gap5/qual.c
Examining data/staden-2.0.0+b11/gap5/qual.h
Examining data/staden-2.0.0+b11/gap5/qualIO.c
Examining data/staden-2.0.0+b11/gap5/qualIO.h
Examining data/staden-2.0.0+b11/gap5/qualP.h
Examining data/staden-2.0.0+b11/gap5/quality_plot.c
Examining data/staden-2.0.0+b11/gap5/quality_plot.h
Examining data/staden-2.0.0+b11/gap5/read_depth.c
Examining data/staden-2.0.0+b11/gap5/read_depth.h
Examining data/staden-2.0.0+b11/gap5/readpair.c
Examining data/staden-2.0.0+b11/gap5/readpair.h
Examining data/staden-2.0.0+b11/gap5/restriction_enzymes.c
Examining data/staden-2.0.0+b11/gap5/restriction_enzymes.h
Examining data/staden-2.0.0+b11/gap5/sam_index.h
Examining data/staden-2.0.0+b11/gap5/sam_pileup.c
Examining data/staden-2.0.0+b11/gap5/sam_pileup.h
Examining data/staden-2.0.0+b11/gap5/shuffle_pads.c
Examining data/staden-2.0.0+b11/gap5/shuffle_pads.h
Examining data/staden-2.0.0+b11/gap5/stack_dump.c
Examining data/staden-2.0.0+b11/gap5/stack_dump.h
Examining data/staden-2.0.0+b11/gap5/str_finder.c
Examining data/staden-2.0.0+b11/gap5/str_finder.h
Examining data/staden-2.0.0+b11/gap5/tag_plot.c
Examining data/staden-2.0.0+b11/gap5/tag_plot.h
Examining data/staden-2.0.0+b11/gap5/tagdb.c
Examining data/staden-2.0.0+b11/gap5/tagdb.h
Examining data/staden-2.0.0+b11/gap5/template_display.c
Examining data/staden-2.0.0+b11/gap5/template_display.h
Examining data/staden-2.0.0+b11/gap5/template_draw.c
Examining data/staden-2.0.0+b11/gap5/template_draw.h
Examining data/staden-2.0.0+b11/gap5/tg_anno.c
Examining data/staden-2.0.0+b11/gap5/tg_anno.h
Examining data/staden-2.0.0+b11/gap5/tg_bin.c
Examining data/staden-2.0.0+b11/gap5/tg_bin.h
Examining data/staden-2.0.0+b11/gap5/tg_cache.c
Examining data/staden-2.0.0+b11/gap5/tg_cache_item.h
Examining data/staden-2.0.0+b11/gap5/tg_check.c
Examining data/staden-2.0.0+b11/gap5/tg_check.h
Examining data/staden-2.0.0+b11/gap5/tg_contig.c
Examining data/staden-2.0.0+b11/gap5/tg_contig.h
Examining data/staden-2.0.0+b11/gap5/tg_gio.c
Examining data/staden-2.0.0+b11/gap5/tg_gio.h
Examining data/staden-2.0.0+b11/gap5/tg_iface.h
Examining data/staden-2.0.0+b11/gap5/tg_iface_g.h
Examining data/staden-2.0.0+b11/gap5/tg_index.h
Examining data/staden-2.0.0+b11/gap5/tg_index_common.c
Examining data/staden-2.0.0+b11/gap5/tg_index_common.h
Examining data/staden-2.0.0+b11/gap5/tg_library.c
Examining data/staden-2.0.0+b11/gap5/tg_library.h
Examining data/staden-2.0.0+b11/gap5/tg_register.c
Examining data/staden-2.0.0+b11/gap5/tg_register.h
Examining data/staden-2.0.0+b11/gap5/tg_scaffold.c
Examining data/staden-2.0.0+b11/gap5/tg_scaffold.h
Examining data/staden-2.0.0+b11/gap5/tg_sequence.c
Examining data/staden-2.0.0+b11/gap5/tg_sequence.h
Examining data/staden-2.0.0+b11/gap5/tg_struct.h
Examining data/staden-2.0.0+b11/gap5/tg_tcl.c
Examining data/staden-2.0.0+b11/gap5/tg_tcl.h
Examining data/staden-2.0.0+b11/gap5/tg_track.c
Examining data/staden-2.0.0+b11/gap5/tg_track.h
Examining data/staden-2.0.0+b11/gap5/tg_tracks.c
Examining data/staden-2.0.0+b11/gap5/tg_tracks.h
Examining data/staden-2.0.0+b11/gap5/tg_utils.c
Examining data/staden-2.0.0+b11/gap5/tg_utils.h
Examining data/staden-2.0.0+b11/gap5/tg_view.c
Examining data/staden-2.0.0+b11/gap5/tk-io-reg.c
Examining data/staden-2.0.0+b11/gap5/tk-io-reg.h
Examining data/staden-2.0.0+b11/gap5/tkAppInit.c
Examining data/staden-2.0.0+b11/gap5/tkEdNames.c
Examining data/staden-2.0.0+b11/gap5/tkEdNames.h
Examining data/staden-2.0.0+b11/gap5/tkEditor.c
Examining data/staden-2.0.0+b11/gap5/tkEditor.h
Examining data/staden-2.0.0+b11/gap5/tman_display.c
Examining data/staden-2.0.0+b11/gap5/tman_display.h
Examining data/staden-2.0.0+b11/gap5/tman_interface.c
Examining data/staden-2.0.0+b11/gap5/tman_interface.h
Examining data/staden-2.0.0+b11/gap5/utlist.h
Examining data/staden-2.0.0+b11/gap5/xalloc.h
Examining data/staden-2.0.0+b11/gap5/export_contigs.c
Examining data/staden-2.0.0+b11/gap5/sam_index.c
Examining data/staden-2.0.0+b11/gap5/tg_iface_g.c
Examining data/staden-2.0.0+b11/gap5/tg_index.c
FINAL RESULTS:
data/staden-2.0.0+b11/convert/sap2dap.c:64:3: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(projectName);
data/staden-2.0.0+b11/convert/sap2dap.c:67:3: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(versionNumber);
data/staden-2.0.0+b11/Misc/crash.c:11:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr,format,args) ;
data/staden-2.0.0+b11/Misc/dstring.c:129:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(bufp, fmt, args);
data/staden-2.0.0+b11/Misc/error.c:16:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/staden-2.0.0+b11/Misc/error.c:31:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, args);
data/staden-2.0.0+b11/Misc/files.c:64:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (1 == sscanf(line, "%s", name))
data/staden-2.0.0+b11/Misc/find.c:37:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wholePath,file);
data/staden-2.0.0+b11/Misc/find.c:44:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(paths,searchpath);
data/staden-2.0.0+b11/Misc/find.c:78:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(wholePath,path);
data/staden-2.0.0+b11/Misc/find.c:80:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(wholePath,file);
data/staden-2.0.0+b11/Misc/getfile.c:40:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( access (filename, R_OK) == 0 && access (filename, X_OK) )
data/staden-2.0.0+b11/Misc/getfile.c:40:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( access (filename, R_OK) == 0 && access (filename, X_OK) )
data/staden-2.0.0+b11/Misc/getfile.c:46:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( access (filename, F_OK) == 0) {
data/staden-2.0.0+b11/Misc/getfile.c:50:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( access (filename, W_OK) == 0 && access (filename, X_OK) )
data/staden-2.0.0+b11/Misc/getfile.c:50:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( access (filename, W_OK) == 0 && access (filename, X_OK) )
data/staden-2.0.0+b11/Misc/getfile.c:57:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( access (filename, X_OK) )
data/staden-2.0.0+b11/Misc/misc.h:34:60: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define __PRINTF_FORMAT__(a,b) __attribute__ ((format (printf, a, b)))
data/staden-2.0.0+b11/Misc/os.h:156:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define popen _popen
data/staden-2.0.0+b11/Misc/parse_db.c:234:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Warning - unknown identifier \"%s\"\n",word);
data/staden-2.0.0+b11/Misc/shell.c:11:20: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pipe = (FILE *)popen(command,"r");
data/staden-2.0.0+b11/Misc/vlen.c:272:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n","test");
data/staden-2.0.0+b11/Misc/vlen.c:304:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%c %f %d %s %c %g %ld %s\n", 'a', 3.1, 9, "one", 'b', 4.2, 9, "two");
data/staden-2.0.0+b11/Misc/vlen.c:336:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n", "0123456789");
data/staden-2.0.0+b11/Misc/vlen.c:340:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%5s\n", "0123456789");
data/staden-2.0.0+b11/Misc/vlen.c:344:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%50s\n", "0123456789");
data/staden-2.0.0+b11/Misc/xerror.c:47:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s [%d]", strerror(errno), errno);
data/staden-2.0.0+b11/Misc/xerror.c:49:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s [%d]", xerrstr, xerrnum);
data/staden-2.0.0+b11/Misc/xerror.c:51:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", reason);
data/staden-2.0.0+b11/Misc/xerror.c:53:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:%d", xerrfile, xerrline);
data/staden-2.0.0+b11/abi/getABIdate.c:38:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((verbose ?
data/staden-2.0.0+b11/abi/getABIfield.c:49:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(hex ? "%08x" : "%d", i4);
data/staden-2.0.0+b11/alf/alfsplit.c:172:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr,format,args) ;
data/staden-2.0.0+b11/alf/alfsplit.c:312:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname,"%sALF",name[i]) ;
data/staden-2.0.0+b11/convert/bapIO.c:425:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(io->ar_file,name); strcat(io->ar_file,".AR"); strcat(io->ar_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:425:58: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(io->ar_file,name); strcat(io->ar_file,".AR"); strcat(io->ar_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:426:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(io->rl_file,name); strcat(io->rl_file,".RL"); strcat(io->rl_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:426:58: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(io->rl_file,name); strcat(io->rl_file,".RL"); strcat(io->rl_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:427:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(io->sq_file,name); strcat(io->sq_file,".SQ"); strcat(io->sq_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:427:58: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(io->sq_file,name); strcat(io->sq_file,".SQ"); strcat(io->sq_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:428:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(io->tg_file,name); strcat(io->tg_file,".TG"); strcat(io->tg_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:428:58: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(io->tg_file,name); strcat(io->tg_file,".TG"); strcat(io->tg_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:429:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(io->cc_file,name); strcat(io->cc_file,".CC"); strcat(io->cc_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:429:58: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(io->cc_file,name); strcat(io->cc_file,".CC"); strcat(io->cc_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:306:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(io->ar_file,name); strcat(io->ar_file,".AR"); strcat(io->ar_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:306:58: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(io->ar_file,name); strcat(io->ar_file,".AR"); strcat(io->ar_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:307:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(io->rl_file,name); strcat(io->rl_file,".RL"); strcat(io->rl_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:307:58: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(io->rl_file,name); strcat(io->rl_file,".RL"); strcat(io->rl_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:308:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(io->sq_file,name); strcat(io->sq_file,".SQ"); strcat(io->sq_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:308:58: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(io->sq_file,name); strcat(io->sq_file,".SQ"); strcat(io->sq_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:309:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(io->tg_file,name); strcat(io->tg_file,".TG"); strcat(io->tg_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:309:58: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(io->tg_file,name); strcat(io->tg_file,".TG"); strcat(io->tg_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:310:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(io->cc_file,name); strcat(io->cc_file,".CC"); strcat(io->cc_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:310:58: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(io->cc_file,name); strcat(io->cc_file,".CC"); strcat(io->cc_file,version);
data/staden-2.0.0+b11/convert/flat_sd.c:16:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(flat_file,name); strcat(flat_file,".flat");
data/staden-2.0.0+b11/convert/gapDB.c:157:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seq, compl(cp));
data/staden-2.0.0+b11/convert/gapDB.c:165:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seq, cp);
data/staden-2.0.0+b11/convert/gapDB.c:169:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seq, compl(cp));
data/staden-2.0.0+b11/convert/gapDB.c:174:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seq, cp);
data/staden-2.0.0+b11/convert/gapDB.c:182:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seq, cp);
data/staden-2.0.0+b11/convert/gapDB.c:186:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(seq, cp);
data/staden-2.0.0+b11/convert/list.c:14:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( (copy = (char *)malloc(strlen(s)+1)) != NULL ) strcpy(copy,s);
data/staden-2.0.0+b11/convert/main.c:84:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(type,types[use_types[itype]]);
data/staden-2.0.0+b11/convert/sap2dap.c:210:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(RD,name); strcat(RD,".RD"); strncat(RD,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:211:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(TG,name); strcat(TG,".TG"); strncat(TG,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:212:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(CC,name); strcat(CC,".CC"); strncat(CC,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:217:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(AR,name); strcat(AR,".AR"); strncat(AR,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:223:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(RL,name); strcat(RL,".RL"); strncat(RL,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:282:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comment,"%6d%6d%6d%-4s%-18s",len,lcut,wlen,type,name);
data/staden-2.0.0+b11/copy_reads/copy_reads.c:69:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, io_rname(io, r_num));
data/staden-2.0.0+b11/copy_reads/copy_reads.c:125:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comment, "%s %s", tag_text, io_name(io));
data/staden-2.0.0+b11/copy_reads/copy_reads.c:409:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comment, "%s %s", tag_text, io_name(io_to));
data/staden-2.0.0+b11/find_renz/find_renz.c:115:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, cp);
data/staden-2.0.0+b11/find_renz/find_renz.c:121:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, enz);
data/staden-2.0.0+b11/g/g-debug.c:115:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fnaux, fn);
data/staden-2.0.0+b11/g/g-debug.c:116:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fnaux, G_AUX_SUFFIX);
data/staden-2.0.0+b11/g/g-debug.c:125:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gfile->fname, fn);
data/staden-2.0.0+b11/g/g-files.c:165:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fnaux,fn);
data/staden-2.0.0+b11/g/g-files.c:166:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fnaux,G_AUX_SUFFIX);
data/staden-2.0.0+b11/g/g-files.c:178:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gfile->fname,fn);
data/staden-2.0.0+b11/gap4/IO1.c:1282:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(db_fn, "%s.%s", project, version);
data/staden-2.0.0+b11/gap4/IO1.c:1284:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(db_fn, R_OK | W_OK) != 0 && errno == EACCES)
data/staden-2.0.0+b11/gap4/IO1.c:1286:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(db_fn, "%s.%s.aux", project, version);
data/staden-2.0.0+b11/gap4/IO1.c:1288:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(db_fn, R_OK | W_OK) != 0 && errno == EACCES)
data/staden-2.0.0+b11/gap4/IO1.c:1324:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!(access(fn, F_OK) == -1 && errno == ENOENT)) {
data/staden-2.0.0+b11/gap4/IO1.c:1330:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!(access(fn, F_OK) == -1 && errno == ENOENT)) {
data/staden-2.0.0+b11/gap4/IO1.c:1367:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(log_buf, "opening r%c... by %s(%d)",
data/staden-2.0.0+b11/gap4/IO1.c:1577:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.%s", p, version);
data/staden-2.0.0+b11/gap4/IO3.c:666:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, io_rname(io, N));
data/staden-2.0.0+b11/gap4/actf.c:151:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(db_name, "%s.%s", cp+1, version);
data/staden-2.0.0+b11/gap4/actf.c:153:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(db_name, "%s.%s", file, version);
data/staden-2.0.0+b11/gap4/actf.c:155:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(db_path, "%s.%s", file, version);
data/staden-2.0.0+b11/gap4/actf.c:156:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(aux_path, "%s.%s.aux", file, version);
data/staden-2.0.0+b11/gap4/actf.c:157:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s%s.%s.BUSY", dir, file, version);
data/staden-2.0.0+b11/gap4/actf.c:245:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(db_path, "%s %d\n", hostname, (int)getpid());
data/staden-2.0.0+b11/gap4/actf.c:271:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(db_name, "%s.%s", cp+1, version);
data/staden-2.0.0+b11/gap4/actf.c:273:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(db_name, "%s.%s", file, version);
data/staden-2.0.0+b11/gap4/assemble_direct.c:280:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanned = sscanf(line, "%s %s %d %d", s_reading, s_orient,
data/staden-2.0.0+b11/gap4/assemble_direct.c:699:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq, exp_get_entry(si->e, EFLT_SQ));
data/staden-2.0.0+b11/gap4/check_assembly.c:595:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ca->tagname, CPtr2Tcl(ca));
data/staden-2.0.0+b11/gap4/check_assembly.c:598:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ca->colour, val);
data/staden-2.0.0+b11/gap4/confidence_graph.c:74:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(cmd, "%s create line ", c_win);
data/staden-2.0.0+b11/gap4/confidence_graph.c:105:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpp, "-fill %s -width %d", colour, width);
data/staden-2.0.0+b11/gap4/confidence_graph.c:111:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %.20f %d %.20f -fill %s -width %d -capstyle round",
data/staden-2.0.0+b11/gap4/confidence_graph.c:126:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %.20f %d %.20f -fill %s -width %d -capstyle round",
data/staden-2.0.0+b11/gap4/confidence_graph.c:237:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", conf->c_win);
data/staden-2.0.0+b11/gap4/confidence_graph.c:284:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteConfidenceGraph %d %s %s %d\n", *handle_io(io),
data/staden-2.0.0+b11/gap4/confidence_graph.c:419:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "eval %s yview %s", conf->ruler->window, scroll_args);
data/staden-2.0.0+b11/gap4/confidence_graph.c:470:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jdata->name.line, name[conf->mode]);
data/staden-2.0.0+b11/gap4/confidence_graph.c:543:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", conf->ruler->window);
data/staden-2.0.0+b11/gap4/confidence_graph.c:585:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", conf->ruler->window);
data/staden-2.0.0+b11/gap4/confidence_graph.c:696:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(conf->c_win, conf_win);
data/staden-2.0.0+b11/gap4/confidence_graph.c:697:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(conf->frame, frame);
data/staden-2.0.0+b11/gap4/confidence_graph.c:701:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(conf->colour, val);
data/staden-2.0.0+b11/gap4/consen.c:1756:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Annotations for reading %s", name);
data/staden-2.0.0+b11/gap4/consen.c:1771:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Annotations for reading %s", name);
data/staden-2.0.0+b11/gap4/consen.c:1863:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s.%d",
data/staden-2.0.0+b11/gap4/consen.c:1892:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s.%d",
data/staden-2.0.0+b11/gap4/consistency_canvas_box.c:120:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "canvas_cursor_move %d %d %s %d %d %.20f",
data/staden-2.0.0+b11/gap4/consistency_display.c:112:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(old_contig_name,
data/staden-2.0.0+b11/gap4/consistency_display.c:114:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_contig_name,
data/staden-2.0.0+b11/gap4/consistency_display.c:203:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteConsistencyDisplay %s\n", c->frame);
data/staden-2.0.0+b11/gap4/consistency_display.c:364:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s canvasx 0\n", c->win_list[i]->window);
data/staden-2.0.0+b11/gap4/consistency_display.c:418:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s canvasx 0", c->win_list[i]->window);
data/staden-2.0.0+b11/gap4/consistency_display.c:443:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "eval %s xview %s", win_list[i]->window, scroll_args);
data/staden-2.0.0+b11/gap4/consistency_display.c:480:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "eval %s yview %s", window, scroll_args);
data/staden-2.0.0+b11/gap4/consistency_display.c:811:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s configure -text %d\n", c->frame, label,
data/staden-2.0.0+b11/gap4/consistency_display.c:883:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "RulerWindowSize %d %s %s ", 1, c->frame,
data/staden-2.0.0+b11/gap4/consistency_display.c:1114:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "config%s.ruler", frame);
data/staden-2.0.0+b11/gap4/consistency_display.c:1119:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "config%s.ticks", frame);
data/staden-2.0.0+b11/gap4/consistency_display.c:1165:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c->frame, frame);
data/staden-2.0.0+b11/gap4/contigEditor.c:184:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%d", pname, editor_id++);
data/staden-2.0.0+b11/gap4/contigEditor.c:336:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var, "%s.Tags", Tk_PathName(EDTKWIN(xx->ed)));
data/staden-2.0.0+b11/gap4/contigEditor.c:562:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(edn, next_editor(interp));
data/staden-2.0.0+b11/gap4/contig_selector.c:133:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %d %d %d %d -width %d -capstyle round "
data/staden-2.0.0+b11/gap4/contig_selector.c:138:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %d %d %d %d -width %d -capstyle round "
data/staden-2.0.0+b11/gap4/contig_selector.c:176:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", win_name);
data/staden-2.0.0+b11/gap4/contig_selector.c:181:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d "
data/staden-2.0.0+b11/gap4/contig_selector.c:186:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d "
data/staden-2.0.0+b11/gap4/contig_selector.c:213:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %d %d %d %d "
data/staden-2.0.0+b11/gap4/contig_selector.c:223:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %d %d %d %d "
data/staden-2.0.0+b11/gap4/contig_selector.c:236:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(aname, "%s.Cnum", win_name);
data/staden-2.0.0+b11/gap4/contig_selector.c:244:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d "
data/staden-2.0.0+b11/gap4/contig_selector.c:249:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d "
data/staden-2.0.0+b11/gap4/contig_selector.c:342:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "HighlightSeparator %s %d", cs->hori, orig_pos);
data/staden-2.0.0+b11/gap4/contig_selector.c:565:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(type, "{tag %s t_%d num_%d rnum_%d}",
data/staden-2.0.0+b11/gap4/contig_selector.c:585:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create rectangle %d %d %d %d "
data/staden-2.0.0+b11/gap4/contig_selector.c:776:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "ReHighlightContigSelection %d %s", *handle_io(io), cs->hori);
data/staden-2.0.0+b11/gap4/contig_selector.c:799:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DisplayDiagonal %s %s %d", cs->frame, cs->window,
data/staden-2.0.0+b11/gap4/contig_selector.c:816:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->hori, cs->window);
data/staden-2.0.0+b11/gap4/contig_selector.c:817:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->vert, csv_win);
data/staden-2.0.0+b11/gap4/contig_selector.c:818:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->window, csp_win);
data/staden-2.0.0+b11/gap4/contig_selector.c:876:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->frame, frame);
data/staden-2.0.0+b11/gap4/contig_selector.c:877:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->window, csh_win);
data/staden-2.0.0+b11/gap4/contig_selector.c:878:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->hori, cs->window);
data/staden-2.0.0+b11/gap4/contig_selector.c:1145:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s configure -text %d\n", cs->frame, label,
data/staden-2.0.0+b11/gap4/contig_selector.c:1170:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DrawCanvasCursorX1 %s %s %.20f %s %d\n",
data/staden-2.0.0+b11/gap4/contig_selector.c:1182:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s configure -text %d\n", cs->frame, label,
data/staden-2.0.0+b11/gap4/copy_db.c:119:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_name, "%.*s%s",
data/staden-2.0.0+b11/gap4/copy_db.c:127:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, new_name);
data/staden-2.0.0+b11/gap4/copy_db.c:590:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.%s", name, version);
data/staden-2.0.0+b11/gap4/copy_db.c:592:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.%s.aux", name, version);
data/staden-2.0.0+b11/gap4/copy_db.c:594:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.%s.BUSY", name, version);
data/staden-2.0.0+b11/gap4/copy_db.c:611:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(log_fn, "%s.log", io_name(iof));
data/staden-2.0.0+b11/gap4/copy_db_main.c:89:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, to);
data/staden-2.0.0+b11/gap4/edInterface.c:573:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "UpdateReadingListItem %s %d", r_name, high_light);
data/staden-2.0.0+b11/gap4/edInterface.c:1281:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, indexToId(i));
data/staden-2.0.0+b11/gap4/edInterface.c:1501:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
*j += sprintf(buf + *j, "%*s", l1, str);
data/staden-2.0.0+b11/gap4/edInterface.c:1506:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
*j += sprintf(buf + *j, "%s", str);
data/staden-2.0.0+b11/gap4/edMutations.c:502:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mRNA_copy, mRNA);
data/staden-2.0.0+b11/gap4/edMutations.c:1245:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xx->status_lines[l].name, " %*c %-*s",
data/staden-2.0.0+b11/gap4/edUtils2.c:944:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(_DB_Name(db, seq),"%+*d %-*s",
data/staden-2.0.0+b11/gap4/edUtils2.c:991:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%.*s %-*s", DB_GELNOLEN, rname, DB_NAMELEN, tname);
data/staden-2.0.0+b11/gap4/edUtils2.c:1562:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(DB_Name(xx,0),"%*s %-*s",
data/staden-2.0.0+b11/gap4/edUtils2.c:2934:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, t_fname);
data/staden-2.0.0+b11/gap4/extract.c:356:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, io_rname(io, gel));
data/staden-2.0.0+b11/gap4/extract.c:480:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %c %d -1",
data/staden-2.0.0+b11/gap4/extract.c:649:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/fofn", dir);
data/staden-2.0.0+b11/gap4/extract.c:658:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/%s", dir, tmp);
data/staden-2.0.0+b11/gap4/f2c.c:12:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buf += sprintf(buf,format,conv_len1,conv_len2,n); \
data/staden-2.0.0+b11/gap4/f2c.c:14:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buf += sprintf(buf,format,conv_len1,n); \
data/staden-2.0.0+b11/gap4/f2c.c:16:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buf += sprintf(buf,format,conv_len2,n); \
data/staden-2.0.0+b11/gap4/f2c.c:18:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buf += sprintf(buf,format,n); \
data/staden-2.0.0+b11/gap4/fij.c:433:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FIJMatch->tagname, CPtr2Tcl(FIJMatch));
data/staden-2.0.0+b11/gap4/fij.c:436:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FIJMatch->colour, val);
data/staden-2.0.0+b11/gap4/find_oligo.c:402:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(find_oligo->tagname, CPtr2Tcl(find_oligo));
data/staden-2.0.0+b11/gap4/find_oligo.c:405:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(find_oligo->colour, val);
data/staden-2.0.0+b11/gap4/find_repeats.c:304:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(repeat->tagname, CPtr2Tcl(repeat));
data/staden-2.0.0+b11/gap4/find_repeats.c:307:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(repeat->colour, val);
data/staden-2.0.0+b11/gap4/gap-create.c:105:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(auxfn,fn);
data/staden-2.0.0+b11/gap4/gap-create.c:106:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(auxfn,G_AUX_SUFFIX);
data/staden-2.0.0+b11/gap4/gap-create.c:109:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fn,F_OK)==0 || errno != ENOENT) return gerr_set(GERR_FILE_EXISTS);
data/staden-2.0.0+b11/gap4/gap-create.c:110:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(auxfn,F_OK)==0 || errno != ENOENT) return gerr_set(GERR_FILE_EXISTS);
data/staden-2.0.0+b11/gap4/gap-create.c:424:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fn_f, G_AUX_SUFFIX);
data/staden-2.0.0+b11/gap4/gap-create.c:425:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fn_t, G_AUX_SUFFIX);
data/staden-2.0.0+b11/gap4/gap-dbstruct.c:60:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s.%s%s",database,file,version);
data/staden-2.0.0+b11/gap4/gap-error.c:102:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, reason, args);
data/staden-2.0.0+b11/gap4/gap-error.c:114:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, reason, args);
data/staden-2.0.0+b11/gap4/gap-thrash2.c:98:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm thrash2.0*");
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:94:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm thrash2.0*");
data/staden-2.0.0+b11/gap4/gap-thrash3.c:203:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm thrash.0*");
data/staden-2.0.0+b11/gap4/gap_canvas_box.c:106:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "canvas_cursor_delete %d %s %d",
data/staden-2.0.0+b11/gap4/gap_canvas_box.c:153:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "canvas_cursor_move %d %d %s %d %d %.20f",
data/staden-2.0.0+b11/gap4/gap_globals.c:140:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/align_lib_nuc_matrix", env);
data/staden-2.0.0+b11/gap4/io_utils.c:612:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(arr(name_t, io->read_names, number-1).name, name);
data/staden-2.0.0+b11/gap4/io_utils.c:654:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, get_read_name(io, io_clnbr(io, number)));
data/staden-2.0.0+b11/gap4/join.c:88:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/align_lib_nuc_matrix", env);
data/staden-2.0.0+b11/gap4/mess.c:28:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stdout, format, args);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:140:68: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
io = open_db(args.db_name, args.version, &status, args.create, access);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:837:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->window, t->t_win);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:971:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ruler.window, args.win_ruler);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1192:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_name, get_read_name(args.io, gc->read));
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1194:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Contains reading %s (%d) from contig %s (%d)\n",
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1469:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ruler->window, "%s%s", args.frame, tmp);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1607:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ruler->window, args.win_ruler);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1807:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ruler->window, "%s%s", args.frame, tmp);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:2669:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line 1 1 %d %d -tag diagonal",
data/staden-2.0.0+b11/gap4/newgap_cmds.c:3655:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%d %s %d %d %d\n",
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4516:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ruler->window, "%s", args.r_win);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4548:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ruler->window, "%s", args.r_win);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4581:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ruler->window, "%s", args.r_win);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4615:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ruler->window, "%s", args.r_win);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4651:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ruler->window, "%s", args.r_win);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4683:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ruler->window, "%s", args.r_win);
data/staden-2.0.0+b11/gap4/notedb.c:79:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_path, getenv("STADTABL"));
data/staden-2.0.0+b11/gap4/notes.c:697:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(orig_path, "RAWDATA=%s", p);
data/staden-2.0.0+b11/gap4/notes.c:736:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "RAWDATA=%s", rawd);
data/staden-2.0.0+b11/gap4/notes.c:810:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "NoteSelector %d %s %s", *handle_io(io), type, ident);
data/staden-2.0.0+b11/gap4/notes.c:829:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s (%ld)", buf2, (long)t);
data/staden-2.0.0+b11/gap4/notes.c:908:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctime, time_t2str(n.ctime));
data/staden-2.0.0+b11/gap4/notes.c:909:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mtime, time_t2str(n.mtime));
data/staden-2.0.0+b11/gap4/notes.c:911:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
strp += sprintf(str, "%s ctime=%s\nmtime=%s",
data/staden-2.0.0+b11/gap4/notes.c:920:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
strp += sprintf(strp, "\nfrom=reading %s",
data/staden-2.0.0+b11/gap4/notes.c:925:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
strp += sprintf(strp, "\nfrom=contig %s",
data/staden-2.0.0+b11/gap4/notes.c:950:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
strp += sprintf(strp, "\ncomment=%s", c2);
data/staden-2.0.0+b11/gap4/notes.c:1016:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(cp, "from=%s %s\n", type_s, name_s) < 1)
data/staden-2.0.0+b11/gap4/oligo.c:451:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"serial#=\ntemplate=%s\nsequence=%s\nTm=%.2f\n"
data/staden-2.0.0+b11/gap4/oligo.c:460:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c,s);
data/staden-2.0.0+b11/gap4/oligo.c:580:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(name, DBgetGelName(xx,i) );
data/staden-2.0.0+b11/gap4/oligo.c:650:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ptr, "%s ", get_default_template(xx, list));
data/staden-2.0.0+b11/gap4/oligo.c:746:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(statline, "Oligo %s, Len %d, Score %4.1f, Tm %4.1f, "
data/staden-2.0.0+b11/gap4/oligo.c:1065:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(status, "%s %.*s",
data/staden-2.0.0+b11/gap4/oligo.c:1223:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(primer == GAP_PRIMER_UNKNOWN
data/staden-2.0.0+b11/gap4/oligo_sel.c:113:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbname, io_name(io));
data/staden-2.0.0+b11/gap4/oligo_sel.c:253:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempname, gelname);
data/staden-2.0.0+b11/gap4/oligo_sel.c:259:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comment,
data/staden-2.0.0+b11/gap4/oligo_sel.c:276:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf, "%s %s %s.%d %s %d %c",
data/staden-2.0.0+b11/gap4/oligo_sel.c:366:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbname, io_name(io));
data/staden-2.0.0+b11/gap4/oligo_sel.c:396:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempname, gelname);
data/staden-2.0.0+b11/gap4/oligo_sel.c:400:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comment,
data/staden-2.0.0+b11/gap4/oligo_sel.c:409:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf, "%s %s %s.%d %.*s %d %c",
data/staden-2.0.0+b11/gap4/plot_quality.c:106:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(q_name, "%s.quality", win_name);
data/staden-2.0.0+b11/gap4/plot_quality.c:111:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "CreateQualPlot %d %s %d %d", *handle_io(io), win_name,
data/staden-2.0.0+b11/gap4/plot_quality.c:114:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s,disp_quality", win_name);
data/staden-2.0.0+b11/gap4/plot_quality.c:129:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"plot_rec %s %d %.20f %d %.20f "
data/staden-2.0.0+b11/gap4/plot_quality.c:146:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"plot_rec %s %d %.20f %d %.20f "
data/staden-2.0.0+b11/gap4/plot_quality.c:156:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "SetQualityCanvas %s %s %s %d %d", q_name, win_name, scroll, xmin, xmax);
data/staden-2.0.0+b11/gap4/probe.c:93:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oligo, ol[i].sequence);
data/staden-2.0.0+b11/gap4/probe.c:346:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "\"%s\" %d %s",
data/staden-2.0.0+b11/gap4/probe.c:380:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%6d %3d %2.0f %2.0f %2.0f \"%s\"",
data/staden-2.0.0+b11/gap4/quality_plot.c:146:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create rectangle %d %d %d %d -fill %s "
data/staden-2.0.0+b11/gap4/quality_plot.c:162:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create rectangle %d %d %d %d -fill %s "
data/staden-2.0.0+b11/gap4/quality_plot.c:339:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete quality", q->window);
data/staden-2.0.0+b11/gap4/quality_plot.c:372:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteTemplateQualityPlot %s %s\n", q->frame, q->window);
data/staden-2.0.0+b11/gap4/quality_plot.c:623:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q->window, win_quality);
data/staden-2.0.0+b11/gap4/quality_plot.c:624:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q->frame, frame);
data/staden-2.0.0+b11/gap4/quality_plot.c:664:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", q->window);
data/staden-2.0.0+b11/gap4/quality_plot.c:737:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteQualDisplay %s %s\n", q->frame, q->window);
data/staden-2.0.0+b11/gap4/quality_plot.c:998:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q->window, win_quality);
data/staden-2.0.0+b11/gap4/quality_plot.c:999:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q->frame, frame);
data/staden-2.0.0+b11/gap4/reactions.c:373:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ts->name, io_rname(io, gel));
data/staden-2.0.0+b11/gap4/reading_coverage.c:74:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -width %d",
data/staden-2.0.0+b11/gap4/reading_coverage.c:83:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -width %d",
data/staden-2.0.0+b11/gap4/reading_coverage.c:95:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -width %d",
data/staden-2.0.0+b11/gap4/reading_coverage.c:203:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", rcov->c_win);
data/staden-2.0.0+b11/gap4/reading_coverage.c:258:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteReadingCoverage %d %s %s %d\n", *handle_io(io),
data/staden-2.0.0+b11/gap4/reading_coverage.c:437:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "eval %s yview %s", rcov->ruler->window, scroll_args);
data/staden-2.0.0+b11/gap4/reading_coverage.c:564:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", rcov->ruler->window);
data/staden-2.0.0+b11/gap4/reading_coverage.c:606:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", rcov->ruler->window);
data/staden-2.0.0+b11/gap4/reading_coverage.c:724:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rcov->c_win, rcov_win);
data/staden-2.0.0+b11/gap4/reading_coverage.c:725:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rcov->frame, frame);
data/staden-2.0.0+b11/gap4/reading_coverage.c:730:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rcov->colour1, val);
data/staden-2.0.0+b11/gap4/reading_coverage.c:733:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rcov->colour1, val);
data/staden-2.0.0+b11/gap4/reading_coverage.c:736:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rcov->colour2, val);
data/staden-2.0.0+b11/gap4/readpair.c:162:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c2_name, get_contig_name(template->io,
data/staden-2.0.0+b11/gap4/readpair.c:164:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c1_name, get_contig_name(template->io,
data/staden-2.0.0+b11/gap4/readpair.c:167:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c1_name, get_contig_name(template->io,
data/staden-2.0.0+b11/gap4/readpair.c:169:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c2_name, get_contig_name(template->io,
data/staden-2.0.0+b11/gap4/readpair.c:172:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c_list, "%s %s", c1_name, c2_name);
data/staden-2.0.0+b11/gap4/readpair.c:175:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "CreateTemplateDisplay %d {%s}",
data/staden-2.0.0+b11/gap4/readpair.c:519:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template->tagname, CPtr2Tcl(template));
data/staden-2.0.0+b11/gap4/readpair.c:522:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template->colour, val);
data/staden-2.0.0+b11/gap4/readpair.c:643:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, io_rname(io, gc->read));
data/staden-2.0.0+b11/gap4/readpair_coverage.c:71:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -width %d",
data/staden-2.0.0+b11/gap4/readpair_coverage.c:80:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -width %d",
data/staden-2.0.0+b11/gap4/readpair_coverage.c:92:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -width %d",
data/staden-2.0.0+b11/gap4/readpair_coverage.c:205:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", rcov->c_win);
data/staden-2.0.0+b11/gap4/readpair_coverage.c:255:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteReadPairCoverage %d %s %s %d\n", *handle_io(io),
data/staden-2.0.0+b11/gap4/readpair_coverage.c:394:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "eval %s yview %s", rcov->ruler->window, scroll_args);
data/staden-2.0.0+b11/gap4/readpair_coverage.c:513:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", rcov->ruler->window);
data/staden-2.0.0+b11/gap4/readpair_coverage.c:555:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", rcov->ruler->window);
data/staden-2.0.0+b11/gap4/readpair_coverage.c:666:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rcov->c_win, rcov_win);
data/staden-2.0.0+b11/gap4/readpair_coverage.c:667:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rcov->frame, frame);
data/staden-2.0.0+b11/gap4/readpair_coverage.c:671:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rcov->colour1, val);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:253:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteTemplateREnzPlot %s %s\n", r->frame, r->window);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:514:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteREnzPlot %s %s\n", r->frame, r->window);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:865:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete renz", r->window);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:957:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->frame, frame);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:958:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->window, plot);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1002:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", r->window);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1005:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", r->names_win);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1018:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create text 10 %d -text %s -anchor w -fill %s "
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1023:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -tag contig -fill %s",
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1044:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -tag contig -fill %s",
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1117:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->window, re_win);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1118:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->frame, frame);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1119:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->names_win, names_win);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1236:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comments, r->r_enzyme[item].name);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1265:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comments, seq);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1268:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comments, num);
data/staden-2.0.0+b11/gap4/ruler_display.c:83:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "RulerWindowSize %d %s %s ", disp_ticks, frame,
data/staden-2.0.0+b11/gap4/ruler_display.c:97:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "RulerWindowSize %d %s %s ", 1, frame, ruler->window);
data/staden-2.0.0+b11/gap4/ruler_display.c:115:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %f %d %f\n", ruler->window, ruler->offset,
data/staden-2.0.0+b11/gap4/seqInfo.c:350:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line,"%4.4s %6d%s",
data/staden-2.0.0+b11/gap4/seqInfo.c:496:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comment, "#FEATURE 000000 ELEMENT 000\n%s\n%s\n%s",
data/staden-2.0.0+b11/gap4/seqInfo.c:531:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmp, "FEATURE: %s", entry->type);
data/staden-2.0.0+b11/gap4/stack_dump.c:242:15: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp = popen(cmd, "r")) != NULL)
data/staden-2.0.0+b11/gap4/stop_codon.c:168:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", s->window);
data/staden-2.0.0+b11/gap4/stop_codon.c:171:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", s->names_win);
data/staden-2.0.0+b11/gap4/stop_codon.c:201:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -tag contig",
data/staden-2.0.0+b11/gap4/stop_codon.c:205:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create text 10 %d -text %s -anchor w -fill %s",
data/staden-2.0.0+b11/gap4/stop_codon.c:212:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -tag contig",
data/staden-2.0.0+b11/gap4/stop_codon.c:217:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -tag contig",
data/staden-2.0.0+b11/gap4/stop_codon.c:294:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->window, sc_win);
data/staden-2.0.0+b11/gap4/stop_codon.c:295:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->frame, frame);
data/staden-2.0.0+b11/gap4/stop_codon.c:296:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->names_win, names_win);
data/staden-2.0.0+b11/gap4/stop_codon.c:350:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s.buttons.refresh configure -state %s",
data/staden-2.0.0+b11/gap4/stop_codon.c:388:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteCodonPlot %s %s\n", s->frame, s->window);
data/staden-2.0.0+b11/gap4/stop_codon.c:570:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s.buttons.refresh configure -state normal",
data/staden-2.0.0+b11/gap4/stop_codon.c:584:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s.buttons.refresh configure -state disabled",
data/staden-2.0.0+b11/gap4/strand_coverage.c:76:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -width %d "
data/staden-2.0.0+b11/gap4/strand_coverage.c:90:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -width %d "
data/staden-2.0.0+b11/gap4/strand_coverage.c:132:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -width %d "
data/staden-2.0.0+b11/gap4/strand_coverage.c:146:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -fill %s -width %d "
data/staden-2.0.0+b11/gap4/strand_coverage.c:226:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", scov->c_win);
data/staden-2.0.0+b11/gap4/strand_coverage.c:297:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteStrandCoverage %d %s %s %d\n", *handle_io(io),
data/staden-2.0.0+b11/gap4/strand_coverage.c:586:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scov->c_win, win);
data/staden-2.0.0+b11/gap4/strand_coverage.c:587:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scov->frame, frame);
data/staden-2.0.0+b11/gap4/strand_coverage.c:596:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scov->colour1, val);
data/staden-2.0.0+b11/gap4/strand_coverage.c:598:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scov->colour2, val);
data/staden-2.0.0+b11/gap4/tagEditor.c:67:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ncomment, te->anno);
data/staden-2.0.0+b11/gap4/tagEditor.c:84:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ncomment, te->anno);
data/staden-2.0.0+b11/gap4/tagEditor.c:135:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ncomment, anno);
data/staden-2.0.0+b11/gap4/tagEditor.c:272:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(te->window, "%s.tag%d%p", pname, id, tag);
data/staden-2.0.0+b11/gap4/tagEditor.c:273:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(te->array, "%s.tag%d%p.data", pname, id, tag);
data/staden-2.0.0+b11/gap4/tagEditor.c:274:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(te->command, "%s.tag%d%p.command", pname, id, tag);
data/staden-2.0.0+b11/gap4/tagEditor.c:276:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(te->window, "%s.tag%d", pname, id);
data/staden-2.0.0+b11/gap4/tagEditor.c:277:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(te->array, "%s.tag%d.data", pname, id);
data/staden-2.0.0+b11/gap4/tagEditor.c:278:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(te->command, "%s.tag%d.command", pname, id);
data/staden-2.0.0+b11/gap4/tagU2.c:668:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, &line[5]);
data/staden-2.0.0+b11/gap4/tagU2.c:686:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, &line[10]);
data/staden-2.0.0+b11/gap4/tagU2.c:1518:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, p);
data/staden-2.0.0+b11/gap4/tagU2.c:1539:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tag, "%4s %c %d..%d%n\n", type, strc, start, end, &pos);
data/staden-2.0.0+b11/gap4/tagU2.c:1813:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(com, "Repeats with contig %s, offset %d",
data/staden-2.0.0+b11/gap4/tagU2.c:1824:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(com, "Repeats with contig %s, offset %d",
data/staden-2.0.0+b11/gap4/tagdb.c:82:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_path, "%s/GTAGDB", getenv("STADTABL"));
data/staden-2.0.0+b11/gap4/template_display.c:892:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, get_contig_name(io, ABS(contig_array[i-1])));
data/staden-2.0.0+b11/gap4/template_display.c:893:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name2, get_contig_name(io, ABS(contig_array[i])));
data/staden-2.0.0+b11/gap4/template_display.c:925:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, io_rname(io, gc->read));
data/staden-2.0.0+b11/gap4/template_display.c:1333:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TArray[cnt].type, "%s", Tcl_DStringValue(&tmp));
data/staden-2.0.0+b11/gap4/template_display.c:1717:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteTemplateDisplay %s %s %d\n", t->frame, t->t_win,
data/staden-2.0.0+b11/gap4/template_display.c:1772:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(old_contig_name,
data/staden-2.0.0+b11/gap4/template_display.c:1774:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_contig_name,
data/staden-2.0.0+b11/gap4/template_display.c:1819:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s.menubar.[menu_path {View.Quality Plot}] delete \"contig %s\" ",
data/staden-2.0.0+b11/gap4/template_display.c:1823:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s.menubar.[menu_path {View.Restriction Enzyme Plot}] delete \"contig %s\" ",
data/staden-2.0.0+b11/gap4/template_display.c:1910:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s.menubar.view.opts.quality entryconfigure \"contig %s\" -label \"contig %s\"", t->frame, get_read_name(io, right),
data/staden-2.0.0+b11/gap4/template_display.c:1915:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s.menubar.view.opts.renz entryconfigure \"contig %s\" -label \"contig %s\"", t->frame, get_read_name(io, right),
data/staden-2.0.0+b11/gap4/template_display.c:2072:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s itemconfig r_%d -width %d",
data/staden-2.0.0+b11/gap4/template_display.c:2101:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->window, t->win_list[0]->window);
data/staden-2.0.0+b11/gap4/template_display.c:2134:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->window, t->win_list[0]->window);
data/staden-2.0.0+b11/gap4/template_display.c:2256:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s configure -text %d\n", t->frame, label,
data/staden-2.0.0+b11/gap4/template_display.c:2354:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "RulerWindowSize %d %s %s ", 1, t->frame,
data/staden-2.0.0+b11/gap4/template_display.c:2380:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "config%s.template", frame);
data/staden-2.0.0+b11/gap4/template_display.c:2385:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "config%s.reading", frame);
data/staden-2.0.0+b11/gap4/template_display.c:2390:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "config%s.multi_template", frame);
data/staden-2.0.0+b11/gap4/template_display.c:2396:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "config%s.read_pairs", frame);
data/staden-2.0.0+b11/gap4/template_display.c:2401:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "config%s.ruler", frame);
data/staden-2.0.0+b11/gap4/template_display.c:2406:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "config%s.ticks", frame);
data/staden-2.0.0+b11/gap4/template_display.c:2411:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "config%s.span_read_pairs", frame);
data/staden-2.0.0+b11/gap4/template_display.c:2416:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "config%s.consist_read_pairs", frame);
data/staden-2.0.0+b11/gap4/template_display.c:2422:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "config%s.calc_contig_pos", frame);
data/staden-2.0.0+b11/gap4/template_display.c:2463:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->frame, frame);
data/staden-2.0.0+b11/gap4/template_display.c:2464:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->window, t_win);
data/staden-2.0.0+b11/gap4/template_display.c:2465:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->t_win, t_win);
data/staden-2.0.0+b11/gap4/template_display.c:2482:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t->ruler->window, "%s", r_win);
data/staden-2.0.0+b11/gap4/template_display.c:2576:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d "
data/staden-2.0.0+b11/gap4/template_display.c:2632:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %f %f %f %f "
data/staden-2.0.0+b11/gap4/template_display.c:2681:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteTemplatePlot %d %d %s %s",
data/staden-2.0.0+b11/gap4/template_display.c:2688:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->window, t->win_list[0]->window);
data/staden-2.0.0+b11/gap4/template_display.c:2860:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(type, "{tag %s t_%d num_%d}",
data/staden-2.0.0+b11/gap4/template_display.c:2873:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create rectangle %d %d %d %d "
data/staden-2.0.0+b11/gap4/tk-io-reg.c:52:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%d %d %d {%s}", contig, reg, id, line);
data/staden-2.0.0+b11/gap4/tk-io-reg.c:242:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "tk_messageBox \
data/staden-2.0.0+b11/gap4/tk-io-reg.c:419:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->window, cs->hori);
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1019:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(job, first ? "INCREMENT" : " INCREMENT");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1023:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(job, first ? "DECREMENT" : " DECREMENT");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1027:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(job, first ? "DELETE" : " DELETE");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1031:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "{id %d} {seq %d} {pos %d} {abspos %d} {refs %d} "
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1045:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "{id %d} {type %s} {contig %d}",
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1060:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "{note %d} {task %s}",
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1097:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&buf[p], largv[i]);
data/staden-2.0.0+b11/gap4/tkAppInit.c:98:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "TCL_LIBRARY=%s/tcl", lib);
data/staden-2.0.0+b11/gap4/tkAppInit.c:100:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "TK_LIBRARY=%s/tk", lib);
data/staden-2.0.0+b11/gap4/tkEdUtils.c:174:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "foreach t [winfo children %s] {place forget $t}",
data/staden-2.0.0+b11/gap4/tkEdUtils.c:193:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "place %s.trace_%d -y %d; raise %s.trace_%d",
data/staden-2.0.0+b11/gap4/tkEdUtils.c:744:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + DB_GELNOLEN+1, name + DB_GELNOLEN+1 + xx->names_xpos);
data/staden-2.0.0+b11/gap4/tkEdUtils.c:747:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, name);
data/staden-2.0.0+b11/gap4/tkEdUtils.c:1736:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, " %*s %-*s", DB_GELNOLEN, " ", DB_NAMELEN, "Strands");
data/staden-2.0.0+b11/gap4/tman_cons.c:624:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dc->path, pname);
data/staden-2.0.0+b11/gap4/tman_diff.c:265:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dc->path, pname);
data/staden-2.0.0+b11/gap4/tman_display.c:63:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, dc->path);
data/staden-2.0.0+b11/gap4/tman_display.c:233:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dc->path, Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/gap4/tman_display.c:252:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s left_cutoff %d", dc->path, leftCutOff);
data/staden-2.0.0+b11/gap4/tman_display.c:255:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s right_cutoff %d", dc->path, leftCutOff + cutLength);
data/staden-2.0.0+b11/gap4/tman_display.c:281:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s xview moveto %g;%s icursor %d\n",
data/staden-2.0.0+b11/gap4/tman_display.c:286:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s xview C%%%d;%s icursor %d\n",
data/staden-2.0.0+b11/gap4/tman_interface.c:1138:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s xview moveto %g", path, gpos);
data/staden-2.0.0+b11/gap4/tman_interface.c:1578:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/seq%d_%d_%d.png", dir, seq, pos, col*4+row);
data/staden-2.0.0+b11/gap5/ace.c:228:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (5 != sscanf(line+3, "%s %d %d %d %c", ai.co.cname, &ai.co.nbases,
data/staden-2.0.0+b11/gap5/ace.c:306:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (3 != sscanf(line+3, fmt, ai.af.rname, &dir, &ai.af.start))
data/staden-2.0.0+b11/gap5/ace.c:320:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (4 != sscanf(line+3, fmt, ai.rd.rname,
data/staden-2.0.0+b11/gap5/ace.c:426:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&ai.rt.text[used], line);
data/staden-2.0.0+b11/gap5/ace.c:521:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(af[af_count].name, ai->af.rname);
data/staden-2.0.0+b11/gap5/ace.c:568:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq.name, ai->rd.rname);
data/staden-2.0.0+b11/gap5/actf.c:163:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(db_path, "%s.g5d", db_name);
data/staden-2.0.0+b11/gap5/actf.c:164:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(aux_path, "%s.g5x", db_name);
data/staden-2.0.0+b11/gap5/actf.c:175:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s%s.BUSY", dir, db_name);
data/staden-2.0.0+b11/gap5/afg.c:461:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq.name, read_name);
data/staden-2.0.0+b11/gap5/b+tree2.c:841:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n->keys[i]+dist, (char *)bufp);
data/staden-2.0.0+b11/gap5/baf.c:378:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name, name);
data/staden-2.0.0+b11/gap5/baf.c:381:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->trace_name, trace_name);
data/staden-2.0.0+b11/gap5/baf.c:384:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->alignment, alignment);
data/staden-2.0.0+b11/gap5/caf.c:1063:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lig_name, value);
data/staden-2.0.0+b11/gap5/caf.c:1073:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lib_name, "ins_size=%s", value);
data/staden-2.0.0+b11/gap5/caf.c:1155:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq.name, name);
data/staden-2.0.0+b11/gap5/caf.c:1160:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq.trace_name, trace_name);
data/staden-2.0.0+b11/gap5/check_assembly.c:393:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ca->tagname, CPtr2Tcl(ca));
data/staden-2.0.0+b11/gap5/check_assembly.c:396:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ca->colour, val);
data/staden-2.0.0+b11/gap5/consen.c:124:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
rlen = sprintf(buf, "%"PRIrec, left_gelnumber);
data/staden-2.0.0+b11/gap5/consen.c:1843:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Annotations for reading %s", name);
data/staden-2.0.0+b11/gap5/consen.c:1858:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Annotations for reading %s", name);
data/staden-2.0.0+b11/gap5/consen.c:1951:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s.%d",
data/staden-2.0.0+b11/gap5/contig_selector.c:167:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %"PRId64" %"PRId64" %"PRId64
data/staden-2.0.0+b11/gap5/contig_selector.c:174:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %"PRId64" %"PRId64" %"PRId64
data/staden-2.0.0+b11/gap5/contig_selector.c:215:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", win_name);
data/staden-2.0.0+b11/gap5/contig_selector.c:220:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %"PRId64" %"PRId64" %"PRId64" %"PRId64
data/staden-2.0.0+b11/gap5/contig_selector.c:225:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %"PRId64" %"PRId64" %"PRId64" %"PRId64
data/staden-2.0.0+b11/gap5/contig_selector.c:251:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %"PRId64" %"PRId64" %"PRId64
data/staden-2.0.0+b11/gap5/contig_selector.c:261:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %"PRId64" %"PRId64" %"PRId64
data/staden-2.0.0+b11/gap5/contig_selector.c:275:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(aname, "%s.Cnum", win_name);
data/staden-2.0.0+b11/gap5/contig_selector.c:283:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %"PRId64" %"PRId64" %"PRId64
data/staden-2.0.0+b11/gap5/contig_selector.c:288:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %"PRId64" %"PRId64" %"PRId64
data/staden-2.0.0+b11/gap5/contig_selector.c:381:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd, "HighlightSeparator %s %"PRId64, cs->hori, orig_pos);
data/staden-2.0.0+b11/gap5/contig_selector.c:594:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(type, "{tag %s t_%"PRIrec" num_%"PRIrec" rnum_%"PRIrec"}",
data/staden-2.0.0+b11/gap5/contig_selector.c:606:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create rectangle %d %d %d %d "
data/staden-2.0.0+b11/gap5/contig_selector.c:777:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "ReHighlightContigSelection %s %s",
data/staden-2.0.0+b11/gap5/contig_selector.c:801:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DisplayDiagonal %s %s %s", cs->frame, cs->window,
data/staden-2.0.0+b11/gap5/contig_selector.c:818:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->hori, cs->window);
data/staden-2.0.0+b11/gap5/contig_selector.c:819:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->vert, csv_win);
data/staden-2.0.0+b11/gap5/contig_selector.c:820:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->window, csp_win);
data/staden-2.0.0+b11/gap5/contig_selector.c:877:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->frame, frame);
data/staden-2.0.0+b11/gap5/contig_selector.c:878:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->window, csh_win);
data/staden-2.0.0+b11/gap5/contig_selector.c:879:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->hori, cs->window);
data/staden-2.0.0+b11/gap5/contig_selector.c:1146:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s configure -text %d\n", cs->frame, label,
data/staden-2.0.0+b11/gap5/contig_selector.c:1170:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DrawCanvasCursorX1 %s %s %.20f %s %d\n",
data/staden-2.0.0+b11/gap5/contig_selector.c:1182:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s configure -text %d\n", cs->frame, label,
data/staden-2.0.0+b11/gap5/contig_selector.c:1240:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "ContigParams %s", io_obj_as_string(io));
data/staden-2.0.0+b11/gap5/contig_selector.c:1290:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs->window, cs->hori);
data/staden-2.0.0+b11/gap5/dis_readings.c:727:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s%%%d", contig_get_name(&c_old), last_count++);
data/staden-2.0.0+b11/gap5/do_fij.c:561:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(name1,"%"PRIrec, c1p->contig_number);
data/staden-2.0.0+b11/gap5/do_fij.c:562:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(name2,"%"PRIrec, c2p->contig_number);
data/staden-2.0.0+b11/gap5/do_fij.c:665:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(name1,"%"PRIrec, c1p->contig_number);
data/staden-2.0.0+b11/gap5/do_fij.c:666:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(name2,"%"PRIrec, c2p->contig_number);
data/staden-2.0.0+b11/gap5/editor_join.c:98:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/align_lib_nuc_matrix", env);
data/staden-2.0.0+b11/gap5/editor_join.c:331:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(name0, "%"PRIrec, c0);
data/staden-2.0.0+b11/gap5/editor_join.c:332:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(name1, "%"PRIrec, c1);
data/staden-2.0.0+b11/gap5/editor_view.c:56:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "edit_contig -io %s -contig %"PRIrec
data/staden-2.0.0+b11/gap5/editor_view.c:66:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "join_contig -io %s -contig %"PRIrec" -reading #%"PRIrec
data/staden-2.0.0+b11/gap5/editor_view.c:290:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
*j += sprintf(buf + *j, "%*.*"PRId64, l1, l2, val);
data/staden-2.0.0+b11/gap5/editor_view.c:292:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
*j += sprintf(buf + *j, "%*"PRId64, l1, val);
data/staden-2.0.0+b11/gap5/editor_view.c:295:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
*j += sprintf(buf + *j, "%.*"PRId64, l2, val);
data/staden-2.0.0+b11/gap5/editor_view.c:297:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
*j += sprintf(buf + *j, "%"PRId64, val);
data/staden-2.0.0+b11/gap5/editor_view.c:318:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
*j += sprintf(buf + *j, "%*s", l1, str);
data/staden-2.0.0+b11/gap5/editor_view.c:323:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
*j += sprintf(buf + *j, "%s", str);
data/staden-2.0.0+b11/gap5/editor_view.c:560:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%d@%s", cpos, get_contig_name(io, cnum));
data/staden-2.0.0+b11/gap5/editor_view.c:1346:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(list, "NGList_read_hash_%s", xx->ed->output_list);
data/staden-2.0.0+b11/gap5/editor_view.c:1347:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(srec, "#%"PRIrec, rec);
data/staden-2.0.0+b11/gap5/editor_view.c:1352:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(list, "NGList_read_hash_%s", xx->ed->haplotype_list);
data/staden-2.0.0+b11/gap5/editor_view.c:1353:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(srec, "#%"PRIrec, rec);
data/staden-2.0.0+b11/gap5/export_contigs.c:328:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(false_name, "seq_%"PRIrec"%s",
data/staden-2.0.0+b11/gap5/export_contigs.c:332:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(false_name, "seq_%"PRIrec,
data/staden-2.0.0+b11/gap5/export_contigs.c:414:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, "rg#%"PRIrec, lib->rec);
data/staden-2.0.0+b11/gap5/export_contigs.c:1177:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rg_buf, "%s", lib->name);
data/staden-2.0.0+b11/gap5/export_contigs.c:1179:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(rg_buf, "rg#%"PRIrec, lib->rec);
data/staden-2.0.0+b11/gap5/export_contigs.c:1784:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(name+strlen(name), ".%"PRIrec, s->rec);
data/staden-2.0.0+b11/gap5/export_contigs.c:2321:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn1, "%s.fasta", fn);
data/staden-2.0.0+b11/gap5/export_contigs.c:2322:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn2, "%s.fasta.fai", fn);
data/staden-2.0.0+b11/gap5/fij.c:880:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FIJMatch->tagname, CPtr2Tcl(FIJMatch));
data/staden-2.0.0+b11/gap5/fij.c:883:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FIJMatch->colour, val);
data/staden-2.0.0+b11/gap5/fij.c:1175:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m->tagname, CPtr2Tcl(m));
data/staden-2.0.0+b11/gap5/fij.c:1182:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m->colour, val);
data/staden-2.0.0+b11/gap5/find_oligo.c:451:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(find_oligo->tagname, CPtr2Tcl(find_oligo));
data/staden-2.0.0+b11/gap5/find_oligo.c:454:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(find_oligo->colour, val);
data/staden-2.0.0+b11/gap5/find_oligo.c:987:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "#%"PRIrec" %s",
data/staden-2.0.0+b11/gap5/find_repeats.c:304:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(repeat->tagname, CPtr2Tcl(repeat));
data/staden-2.0.0+b11/gap5/find_repeats.c:307:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(repeat->colour, val);
data/staden-2.0.0+b11/gap5/find_repeats.c:504:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m->tagname, CPtr2Tcl(m));
data/staden-2.0.0+b11/gap5/find_repeats.c:514:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m->colour, val);
data/staden-2.0.0+b11/gap5/find_repeats.c:522:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m->colour, val);
data/staden-2.0.0+b11/gap5/find_repeats.c:531:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m->colour, val);
data/staden-2.0.0+b11/gap5/g-files.c:162:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn2, "%s%s", dir, fn);
data/staden-2.0.0+b11/gap5/g-files.c:164:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn2, fn);
data/staden-2.0.0+b11/gap5/g-files.c:169:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fndb, fn2);
data/staden-2.0.0+b11/gap5/g-files.c:170:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((fndb) + fn2l, G5_DB_SUFFIX);
data/staden-2.0.0+b11/gap5/g-files.c:171:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fnaux, fn2);
data/staden-2.0.0+b11/gap5/g-files.c:172:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((fnaux) + fn2l, G5_AUX_SUFFIX);
data/staden-2.0.0+b11/gap5/g-files.c:181:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fndb , fn2);
data/staden-2.0.0+b11/gap5/g-files.c:182:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fnaux, fn2);
data/staden-2.0.0+b11/gap5/g-files.c:183:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((fnaux) + fn2l, G_AUX_SUFFIX);
data/staden-2.0.0+b11/gap5/g-files.c:284:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gfile->fname,fn);
data/staden-2.0.0+b11/gap5/gap-error.c:102:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, reason, args);
data/staden-2.0.0+b11/gap5/gap-error.c:114:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, reason, args);
data/staden-2.0.0+b11/gap5/gap4_compat.c:719:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s.%s", project, version);
data/staden-2.0.0+b11/gap5/gap_canvas_box.c:107:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "canvas_cursor_delete %s %s %d",
data/staden-2.0.0+b11/gap5/gap_canvas_box.c:153:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "canvas_cursor_move %s %d %s %d %d %.20f",
data/staden-2.0.0+b11/gap5/gap_globals.c:141:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/align_lib_nuc_matrix", env);
data/staden-2.0.0+b11/gap5/maq.c:38:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name, m->name);
data/staden-2.0.0+b11/gap5/maq.c:43:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name, n);
data/staden-2.0.0+b11/gap5/maq.c:198:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, mm->ref_name[m128.seqid]);
data/staden-2.0.0+b11/gap5/maq.c:215:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname, seq.name);
data/staden-2.0.0+b11/gap5/newgap5_cmds.c:833:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line 1 1 %d %d -tag diagonal",
data/staden-2.0.0+b11/gap5/notedb.c:79:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_path, getenv("STADTABL"));
data/staden-2.0.0+b11/gap5/quality_plot.c:111:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, "%"PRIrec, rec);
data/staden-2.0.0+b11/gap5/readpair.c:382:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template->tagname, CPtr2Tcl(template));
data/staden-2.0.0+b11/gap5/readpair.c:385:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template->colour, val);
data/staden-2.0.0+b11/gap5/readpair.c:906:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m->tagname, CPtr2Tcl(m));
data/staden-2.0.0+b11/gap5/readpair.c:913:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m->colour, val);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:150:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteREnzPlot %s %s\n", r->frame, r->window);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:504:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", r->window);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:507:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", r->names_win);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:520:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create text 10 %d -text %s -anchor w -fill %s "
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:525:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -tag contig -fill %s",
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:546:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -tag contig -fill %s",
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:619:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->window, re_win);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:620:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->frame, frame);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:621:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->names_win, names_win);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:739:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comments, r->r_enzyme[item].name);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:768:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comments, seq);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:771:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comments, num);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:964:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ruler->window, args.win_ruler);
data/staden-2.0.0+b11/gap5/sam_index.c:1149:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s.name, name);
data/staden-2.0.0+b11/gap5/sam_index.c:1151:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s.name, suffix);
data/staden-2.0.0+b11/gap5/sam_index.c:1157:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s.name, n);
data/staden-2.0.0+b11/gap5/sam_index.c:1199:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname, name);
data/staden-2.0.0+b11/gap5/sam_index.c:1564:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s.name, name);
data/staden-2.0.0+b11/gap5/sam_index.c:1566:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s.name, suffix);
data/staden-2.0.0+b11/gap5/sam_index.c:1572:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s.name, n);
data/staden-2.0.0+b11/gap5/sam_index.c:1615:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname, name);
data/staden-2.0.0+b11/gap5/sam_pileup.c:619:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, fp->ref[ref].name); cp += strlen(cp);
data/staden-2.0.0+b11/gap5/stack_dump.c:242:15: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp = popen(cmd, "r")) != NULL)
data/staden-2.0.0+b11/gap5/tagdb.c:82:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_path, "%s/GTAGDB", getenv("STADTABL"));
data/staden-2.0.0+b11/gap5/tg_anno.c:163:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ae->comment, comment);
data/staden-2.0.0+b11/gap5/tg_cache.c:2306:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c->name, f->name ? f->name : "");
data/staden-2.0.0+b11/gap5/tg_cache.c:2371:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c->name, f->name ? f->name : "");
data/staden-2.0.0+b11/gap5/tg_cache.c:2440:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->comment, f->comment ? f->comment : "");
data/staden-2.0.0+b11/gap5/tg_contig.c:41:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/staden-2.0.0+b11/gap5/tg_contig.c:142:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n->name, name);
data/staden-2.0.0+b11/gap5/tg_contig.c:2344:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template1, s1->name);
data/staden-2.0.0+b11/gap5/tg_contig.c:2357:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template2, s2->name);
data/staden-2.0.0+b11/gap5/tg_gio.c:327:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(io->debug_fp, fmt, args);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1277:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbfn, fn);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1278:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dbfn, G5_DB_SUFFIX);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1279:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(auxfn,fn);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1280:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(auxfn,G5_AUX_SUFFIX);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2308:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lib->name, name);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2356:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)cp, lib->name);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4015:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)cp, seq->name);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4019:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)cp, seq->trace_name);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4056:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)cp, seq->alignment);
data/staden-2.0.0+b11/gap5/tg_index.c:298:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a.out_fn, argv[optind]);
data/staden-2.0.0+b11/gap5/tg_index_common.c:79:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/%s", dir, start);
data/staden-2.0.0+b11/gap5/tg_index_common.c:82:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, file_name);
data/staden-2.0.0+b11/gap5/tg_index_common.c:175:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "sort < %s > %s", tmp->name, new_tmp);
data/staden-2.0.0+b11/gap5/tg_index_common.c:180:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (-1 == system(buf))
data/staden-2.0.0+b11/gap5/tg_index_common.c:185:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp->name, new_tmp);
data/staden-2.0.0+b11/gap5/tg_index_common.c:206:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (fscanf(tmp->fp, "%s %"PRId64"\n", line, &recno) == 2) {
data/staden-2.0.0+b11/gap5/tg_index_common.c:566:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line_in, "%s %"PRId64"\n", name, &recno);
data/staden-2.0.0+b11/gap5/tg_index_common.c:1428:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(line, "%"PRIrec" %d %"PRIrec" %d %d %d %d %"PRIrec,
data/staden-2.0.0+b11/gap5/tg_index_common.c:1546:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
found = sscanf(line_in, "%s %"PRId64" %"PRId64" %d %"PRId64
data/staden-2.0.0+b11/gap5/tg_library.c:107:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lib->name, name);
data/staden-2.0.0+b11/gap5/tg_library.c:403:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lib->name, name);
data/staden-2.0.0+b11/gap5/tg_scaffold.c:85:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n->name, name);
data/staden-2.0.0+b11/gap5/tg_sequence.c:79:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name, f->name ? f->name : "");
data/staden-2.0.0+b11/gap5/tg_sequence.c:82:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->trace_name, f->trace_name ? f->trace_name : "");
data/staden-2.0.0+b11/gap5/tg_sequence.c:85:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->alignment, f->alignment ? f->alignment : "");
data/staden-2.0.0+b11/gap5/tg_sequence.c:388:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, name);
data/staden-2.0.0+b11/gap5/tg_sequence.c:390:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, n->trace_name);
data/staden-2.0.0+b11/gap5/tg_sequence.c:392:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, n->alignment);
data/staden-2.0.0+b11/gap5/tg_sequence.c:438:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, n->name);
data/staden-2.0.0+b11/gap5/tg_sequence.c:440:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, trace_name);
data/staden-2.0.0+b11/gap5/tg_sequence.c:442:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, n->alignment);
data/staden-2.0.0+b11/gap5/tg_tcl.c:97:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
obj->length = sprintf(obj->bytes, "%s", io_obj_as_string(io));
data/staden-2.0.0+b11/gap5/tg_tcl.c:3026:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, "rec#%"PRIrec, tl->library->rec);
data/staden-2.0.0+b11/gap5/tg_view.c:445:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(name, "bin-%"PRIrec, bin->rec);
data/staden-2.0.0+b11/gap5/tg_view.c:536:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, contig_get_name(cp));
data/staden-2.0.0+b11/gap5/tg_view.c:762:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("ps lx | grep g_iotest | grep -v grep");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:49:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%"PRIrec" %d {%s}",
data/staden-2.0.0+b11/gap5/tk-io-reg.c:208:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "result_list_update %s", io_obj_as_string(io));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:902:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "{name %s}",
data/staden-2.0.0+b11/gap5/tk-io-reg.c:953:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(job, first ? "INCREMENT" : " INCREMENT");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:957:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(job, first ? "DECREMENT" : " DECREMENT");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:961:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(job, first ? "DELETE" : " DELETE");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:965:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "{id %d} {seq %"PRIrec"} {pos %d} {abspos %d} {refs %d} "
data/staden-2.0.0+b11/gap5/tk-io-reg.c:979:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "{id %d} {type %s} {contig %"PRIrec"}",
data/staden-2.0.0+b11/gap5/tk-io-reg.c:994:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "{note %d} {task %s}",
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1036:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&buf[p], largv[i]);
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1139:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", contig_get_name(&c));
data/staden-2.0.0+b11/gap5/tkAppInit.c:96:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "TCL_LIBRARY=%s/tcl", lib);
data/staden-2.0.0+b11/gap5/tkAppInit.c:98:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "TK_LIBRARY=%s/tk", lib);
data/staden-2.0.0+b11/gap5/tman_display.c:64:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, dc->path);
data/staden-2.0.0+b11/gap5/tman_display.c:236:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dc->path, Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/gap5/tman_display.c:250:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s left_cutoff %d", dc->path, leftCutOff);
data/staden-2.0.0+b11/gap5/tman_display.c:253:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s right_cutoff %d", dc->path, leftCutOff + cutLength);
data/staden-2.0.0+b11/gap5/tman_display.c:279:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s xview moveto %g;%s icursor %d\n",
data/staden-2.0.0+b11/gap5/tman_display.c:284:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s xview C%%%d;%s icursor %d\n",
data/staden-2.0.0+b11/gap5/tman_interface.c:1131:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s xview moveto %g", path, gpos);
data/staden-2.0.0+b11/make_weights/make_weights.c:165:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( name, s );
data/staden-2.0.0+b11/make_weights/make_weights.c:170:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( seq, s );
data/staden-2.0.0+b11/make_weights/make_weights.c:194:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( comment, c );
data/staden-2.0.0+b11/mutlib/mutationtag.cpp:77:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pName, rhs.m_pName );
data/staden-2.0.0+b11/mutlib/mutationtag.cpp:78:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pComment, rhs.m_pComment );
data/staden-2.0.0+b11/mutlib/mutationtag.cpp:118:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pName, newname );
data/staden-2.0.0+b11/mutlib/mutationtag_utils.cpp:97:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( a[n].Type, pTag->Name() );
data/staden-2.0.0+b11/mutlib/mutationtag_utils.cpp:106:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( a[n].Comment, pTag->Comment() );
data/staden-2.0.0+b11/mutlib/mutscan.cpp:268:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( ms->ResultString, TraceAlignGetResultString(&ta) );
data/staden-2.0.0+b11/mutlib/mutscan.cpp:311:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( buffer, AlignedTrace[MUTLIB_INPUT].Name() );
data/staden-2.0.0+b11/mutlib/mutscan.cpp:378:34: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( ms->ResultString, "Trace alignment failed for %s\n", ms->InputTrace.Trace->trace_name );
data/staden-2.0.0+b11/mutlib/mutscan_preprocess.cpp:60:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( ms->ResultString, "Insufficent data to process trace %s.\n", t.Name() );
data/staden-2.0.0+b11/mutlib/mutscan_validate.cpp:48:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( ms->ResultString, "Invalid %s parameter %.2f. "
data/staden-2.0.0+b11/mutlib/muttag.cpp:113:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pName, rhs.m_pName );
data/staden-2.0.0+b11/mutlib/muttag.cpp:114:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pComment, rhs.m_pComment );
data/staden-2.0.0+b11/mutlib/muttag.cpp:172:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pComment, pCommentTable[m_nType] );
data/staden-2.0.0+b11/mutlib/parameter.hpp:89:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pName, pName );
data/staden-2.0.0+b11/mutlib/pathutil.cpp:48:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( pBuffer, pExpFile );
data/staden-2.0.0+b11/mutlib/pathutil.cpp:61:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( p2, p1 );
data/staden-2.0.0+b11/mutlib/pathutil.cpp:62:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( pTraceFile, pBuffer );
data/staden-2.0.0+b11/mutlib/pathutil.cpp:77:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( pExt, pNewExt );
data/staden-2.0.0+b11/mutlib/pathutil.cpp:79:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
std::strcat( pFileName, pNewExt );
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:4619:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(malign->charset,charset);
data/staden-2.0.0+b11/mutlib/stringlist.cpp:31:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pString, s );
data/staden-2.0.0+b11/mutlib/tagarray.cpp:97:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pArray[n].Type, pTag->Name() );
data/staden-2.0.0+b11/mutlib/tagarray.cpp:104:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pArray[n].Comment, s );
data/staden-2.0.0+b11/mutlib/trace.cpp:170:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pRead->trace_name, pName );
data/staden-2.0.0+b11/mutlib/tracealign.cpp:283:30: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( ta->ResultString, "Insufficient sequence overlap to compute "
data/staden-2.0.0+b11/mutlib/tracediff.cpp:253:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( td->ResultString, td->Alignment.ResultString );
data/staden-2.0.0+b11/mutlib/tracediff.cpp:266:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( td->ResultString, TraceAlignGetResultString(&td->Alignment) );
data/staden-2.0.0+b11/mutlib/tracediff_validate.cpp:34:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( td->ResultString, "Invalid %s parameter %.2f. "
data/staden-2.0.0+b11/mutlib/validate.cpp:36:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( rs, "Missing %s %s trace.\n", strand, s );
data/staden-2.0.0+b11/mutlib/validate.cpp:45:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( rs, "Zero length %s %s trace %s.\n", strand, s,
data/staden-2.0.0+b11/mutlib/validate.cpp:81:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( rs, "%s %s trace clip range of (%d,%d) is too small in %s.\n",
data/staden-2.0.0+b11/mutscan/main.cpp:296:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( pFileOfFiles, pBuffer );
data/staden-2.0.0+b11/mutscan/main.cpp:614:26: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( pBuffer, "%s %c %d..%d", pTag->Type, sc, pTag->Position[0], pTag->Position[1] );
data/staden-2.0.0+b11/mutscan/main.cpp:623:26: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( pBuffer, "%s %c %d..%d\n%s", pTag->Type, sc, pTag->Position[0], pTag->Position[1], pTag->Comment );
data/staden-2.0.0+b11/mutscan/pathutil.cpp:48:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( pBuffer, pExpFile );
data/staden-2.0.0+b11/mutscan/pathutil.cpp:61:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( p2, p1 );
data/staden-2.0.0+b11/mutscan/pathutil.cpp:62:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( pTraceFile, pBuffer );
data/staden-2.0.0+b11/mutscan/pathutil.cpp:77:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( pExt, pNewExt );
data/staden-2.0.0+b11/mutscan/pathutil.cpp:79:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
std::strcat( pFileName, pNewExt );
data/staden-2.0.0+b11/mutscan/stringlist.cpp:31:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( m_pString, s );
data/staden-2.0.0+b11/polyA_clip/seqInfo.c:49:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/staden-2.0.0+b11/prefinish/finish.c:556:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ptr, "|%s", line);
data/staden-2.0.0+b11/prefinish/finish.c:558:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(r_exp, "%s", line);
data/staden-2.0.0+b11/prefinish/finish.c:1001:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fin->external_seq, eseq);
data/staden-2.0.0+b11/prefinish/finish_hash.c:232:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(best_msg_buf, msg_buf);
data/staden-2.0.0+b11/prefinish/finish_pcr.c:126:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cons_joined, "%sNNNNNNNNNNNNNNNNNNNN%s", cons1, cons2);
data/staden-2.0.0+b11/prefinish/finish_walk.c:344:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PNAME" score=%g p_err=%g => %g %s\n",
data/staden-2.0.0+b11/prefinish/finish_walk.c:415:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/staden-2.0.0+b11/prefinish/finish_walk.c:435:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/staden-2.0.0+b11/prefinish/main.c:16:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "TCL_LIBRARY=%s/tcl", lib);
data/staden-2.0.0+b11/prefinish/main.c:18:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "TK_LIBRARY=%s/tk", lib);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:65:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(T, datum); \
data/staden-2.0.0+b11/primer3/src/boulder_input.c:275:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(repeat_file, datum);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:288:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(int_repeat_file, datum);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:817:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lib->repeat_file, filename);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:848:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lib->names[i],p);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:880:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lib->seqs[i], p);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:1007:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lib->names[i], lib->names[i-n]);
data/staden-2.0.0+b11/primer3/src/format_output.c:264:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, format1,
data/staden-2.0.0+b11/primer3/src/format_output.c:557:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, format,
data/staden-2.0.0+b11/primer3/src/format_output.c:561:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, format,
data/staden-2.0.0+b11/primer3/src/format_output.c:565:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, format,
data/staden-2.0.0+b11/primer3/src/format_output.c:570:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, format,
data/staden-2.0.0+b11/primer3/src/format_output.c:574:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, format,
data/staden-2.0.0+b11/primer3/src/format_output.c:578:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, format,
data/staden-2.0.0+b11/primer3/src/format_output.c:624:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, format,
data/staden-2.0.0+b11/primer3/src/format_output.c:629:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, format,
data/staden-2.0.0+b11/primer3/src/ntdpal_main.c:49:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, msg, argv[0]);
data/staden-2.0.0+b11/primer3/src/ntdpal_main.c:71:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, msg, argv[0]);
data/staden-2.0.0+b11/primer3/src/ntdpal_main.c:87:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, msg, argv[0]);
data/staden-2.0.0+b11/primer3/src/ntdpal_main.c:95:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, msg, argv[0]);
data/staden-2.0.0+b11/primer3/src/ntdpal_main.c:102:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, msg, argv[0]);
data/staden-2.0.0+b11/primer3/src/ntdpal_main.c:117:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, msg, argv[0]);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:482:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x->data + xlen, s);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:650:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x->data + xlen, s);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:1661:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file, sa->sequence_name);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:1662:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file,ext);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2972:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, s1);
data/staden-2.0.0+b11/qclip/seqInfo.c:48:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/staden-2.0.0+b11/screen_seq/screen_seq.c:86:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( file_names[num_read], file_name );
data/staden-2.0.0+b11/screen_seq/screen_seq.c:133:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s%s", base_name, file_name);
data/staden-2.0.0+b11/screen_seq/screen_seq.c:134:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_name, tmp);
data/staden-2.0.0+b11/screen_seq/screen_seq.c:141:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( vfile_names[num_read], file_name );
data/staden-2.0.0+b11/screen_seq/screen_seq.c:179:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, file_name);
data/staden-2.0.0+b11/screen_seq/screen_seq.c:180:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_name, "%s%s", base_name, file_name);
data/staden-2.0.0+b11/screen_seq/screen_seq.c:188:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( vfile_names[num_read], file_name );
data/staden-2.0.0+b11/screen_seq/screen_seq.c:749:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mess, "CONT = %d..%d\n%d %d %s",
data/staden-2.0.0+b11/screen_seq/screen_seq.c:796:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mess, "CONT = %d..%d\n%d %d %s",
data/staden-2.0.0+b11/seq_utils/genetic_code.c:792:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/gcodes/code_%d", env, index);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:681:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, whiteptr); /* must be strcat to remove all whitespaces */
data/staden-2.0.0+b11/seq_utils/renz_utils.c:693:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word, tokptr);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:730:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r_enzyme.name, name);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:733:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r_enzyme.seq[i], res_seq[i]);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:763:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, whiteptr);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:778:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*names), name);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1256:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fbuf, "%7s", "-");
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1260:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lbuf, "%7s", "-");
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1390:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fbuf, "%7s", "-");
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1394:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lbuf, "%7s", "-");
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1438:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newseq, seq);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1440:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newseq,seq);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:329:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*identifier), entry_name);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:337:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (1 != sscanf(line, ">%s\n", *identifier)) {
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:462:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key_index[i][key_index[i]->id].cdsexpr, loc_expr);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:475:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qua_expr, &line[21]);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:484:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(qua_expr, &line[21]);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:505:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(qual[k], qua_expr);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:602:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (t, range);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:723:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(loc_expr, &line[21]);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:731:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, &line[21]);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:737:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(loc_expr, tmp);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:983:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry_name,entry_name_in);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1054:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry_name,entry_name_in);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1289:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(locexpr,"%11s%s", tmp,locexpr1);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1299:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key_index[i][key_index[i]->id].type_loca,"%s","cj");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1313:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key_index[i][key_index[i]->id].type_loca,"%s","c");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1328:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key_index[i][key_index[i]->id].type_loca,"%s","j");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1342:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key_index[i][key_index[i]->id].type_loca,"%s","n");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1428:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(locexpr,"%5s%s", tmp1, locexpr1);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1431:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(locexpr1, "%11s%s", tmp1, locexpr2);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1432:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locexpr1, locexpr2);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1446:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(tmp,"%12s%s", tmp1,locexpr2);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1450:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(tmp,",%s",locexpr2);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1461:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(tmp,",%s", locexpr2);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1464:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(locexpr2, "%11s%s", tmp1,locexpr1);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1465:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locexpr2, locexpr1);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1501:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_list_item->type_range,type_range);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:149:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "%s #%d", output->name, result->id);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:166:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(jdata->name.line, g_data->title);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:169:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(jdata->name.line, g_data->maintitle);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:173:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "%s: seq=%s",
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:176:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "%s: seq_h=%s seq_v=%s",
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:403:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(plot_type, &line[2]);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:407:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(title, &line[8]);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:429:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(maintitle, &line[11]);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:431:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(subtitle, &line[10]);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:433:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xtitle, &line[8]);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:435:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ytitle, &line[8]);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:446:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s x1 %lf y1 %lf x2 %lf y2%lf colour %d\n",
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:451:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s x1 %lf y1 %lf x2 %lf y2%lf colour %d\n",
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:455:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d_obj[i].colour, colournum[colour]);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:480:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s x1 %lf y1 %lf x2 %lf y2 %lf colour %d\n",
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:485:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s x1 %lf y1 %lf x2 %lf y2 %lf colour %d\n",
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:489:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(g_obj[i].colour, colournum[colour]);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:752:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output->raster_win, raster_win);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:758:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:964:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/nip_base_comp.c:118:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "base comp: seq=%s",
data/staden-2.0.0+b11/spin/nip_canvas_box.c:90:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "nip_canvas_cursor_delete %s %d",
data/staden-2.0.0+b11/spin/nip_canvas_box.c:128:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "nip_canvas_cursor_move %d %s %d %d %s %f",
data/staden-2.0.0+b11/spin/nip_cmds.c:1148:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ruler->window, args.win_ruler);
data/staden-2.0.0+b11/spin/nip_cmds.c:1232:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&(sequence[2]), seq);
data/staden-2.0.0+b11/spin/nip_cmds.c:1298:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buffer, protein_id );
data/staden-2.0.0+b11/spin/nip_cmds.c:2025:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp,&tt[1]);
data/staden-2.0.0+b11/spin/nip_cmds.c:2040:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( infile, "%s/%s", dir, genetic_code_ft[idx] );
data/staden-2.0.0+b11/spin/nip_cmds.c:2108:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sub_seq,range_seq);
data/staden-2.0.0+b11/spin/nip_gene_search.c:135:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "gene: seq=%s frame=%d",
data/staden-2.0.0+b11/spin/nip_gene_search.c:138:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "gene: seq=%s",
data/staden-2.0.0+b11/spin/nip_gene_search.c:492:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, get_default_string(interp, nip_defs, w("NIP.PGS.MODE.BUTTON.3")));
data/staden-2.0.0+b11/spin/nip_gene_search.c:494:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, get_default_string(interp, nip_defs, w("NIP.PGS.MODE.BUTTON.4")));
data/staden-2.0.0+b11/spin/nip_gene_search.c:496:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s\n%s\n", get_default_string(interp, nip_defs, w("NIP.PGS.MODE.BUTTON.3")), get_default_string(interp, nip_defs, w("NIP.PGS.MODE.BUTTON.4")));
data/staden-2.0.0+b11/spin/nip_restriction_enzymes.c:37:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DeleteREnzPlot %s %s\n", data->frame, data->re_win);
data/staden-2.0.0+b11/spin/nip_restriction_enzymes.c:329:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->re_win, re_win);
data/staden-2.0.0+b11/spin/nip_restriction_enzymes.c:330:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->frame, frame);
data/staden-2.0.0+b11/spin/nip_restriction_enzymes.c:331:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->names_win, names_win);
data/staden-2.0.0+b11/spin/nip_splice_search.c:119:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "splice search: seq=%s frame=%d",
data/staden-2.0.0+b11/spin/nip_splice_search.c:422:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output->raster_win, raster_win);
data/staden-2.0.0+b11/spin/nip_splice_search.c:444:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/nip_stop_codon.c:128:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "stop codons: seq=%s frame=%d",
data/staden-2.0.0+b11/spin/nip_stop_codon.c:131:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "start codons: seq=%s frame=%d",
data/staden-2.0.0+b11/spin/nip_stop_codon.c:436:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(codon[cnt], codon[i]);
data/staden-2.0.0+b11/spin/nip_stop_codon.c:502:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(codon[cnt], codon[i]);
data/staden-2.0.0+b11/spin/nip_stop_codon.c:555:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output->raster_win, raster_win);
data/staden-2.0.0+b11/spin/nip_stop_codon.c:565:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/nip_string_search.c:104:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "string: seq=%s",
data/staden-2.0.0+b11/spin/nip_trna_search.c:109:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "trna: seq=%s",
data/staden-2.0.0+b11/spin/nip_wtmatrix_search.c:103:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "wtmatrix: seq=%s",
data/staden-2.0.0+b11/spin/raster_cmds.c:98:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], args.colour);
data/staden-2.0.0+b11/spin/seq_raster.c:88:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "rasterHRuler %s %f %f ", raster_win, wx0, wx1);
data/staden-2.0.0+b11/spin/seq_raster.c:92:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "rasterVRuler %s %f %f", raster_win, wy0, wy1);
data/staden-2.0.0+b11/spin/seq_raster.c:199:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "rasterVRuler %s %f %f", window, wy0, wy1);
data/staden-2.0.0+b11/spin/seq_raster.c:216:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "rasterHRuler %s %f %f ", raster_win, wx0, wx1);
data/staden-2.0.0+b11/spin/seq_raster.c:257:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "rasterHRuler %s %f %f ", raster_win, x0, x1);
data/staden-2.0.0+b11/spin/seq_raster.c:261:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "rasterVRuler %s %f %f", raster_win, y0, y1);
data/staden-2.0.0+b11/spin/seq_raster.c:552:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "scrollXCmd %s %s %s.ruler_h moveto %f",
data/staden-2.0.0+b11/spin/seq_raster.c:561:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "scrollYCmd %s %s.ruler_v%d moveto %f",
data/staden-2.0.0+b11/spin/seq_raster.c:633:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s.buttons.pos1 configure -text {}",
data/staden-2.0.0+b11/spin/seq_raster.c:646:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s.buttons.pos2 configure -text {}",
data/staden-2.0.0+b11/spin/seq_raster.c:765:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s.buttons.pos1 configure -text %d",
data/staden-2.0.0+b11/spin/seq_raster.c:778:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s.buttons.pos2 configure -text %d",
data/staden-2.0.0+b11/spin/seq_raster.c:821:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], cursor->colour);
data/staden-2.0.0+b11/spin/seq_raster.c:1054:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s set %d", r_win, tmp, (int)ROUND(value));
data/staden-2.0.0+b11/spin/seq_raster.c:1059:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s set %d", r_win, tmp, (int)ROUND(value));
data/staden-2.0.0+b11/spin/seq_raster.c:1078:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s set %d", r_win, tmp, (int)ROUND(value));
data/staden-2.0.0+b11/spin/seq_raster.c:1083:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s set %d", r_win, tmp, (int)ROUND(value));
data/staden-2.0.0+b11/spin/seq_raster.c:1114:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "update_zoom_list %s %d {%d %d %d %d}",
data/staden-2.0.0+b11/spin/seq_raster.c:1122:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "update_zoom_list %s %d {%d %d %d %d}",
data/staden-2.0.0+b11/spin/seq_raster.c:1284:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s.ruler_v%d delete all", r_win, id);
data/staden-2.0.0+b11/spin/seq_raster.c:1299:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "rasterVRuler %s %f %f", raster_win, wy0, wy1);
data/staden-2.0.0+b11/spin/seq_raster.c:1481:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "change_zoom_list %s {%d %d %d %d} {%d %d %d %d}",
data/staden-2.0.0+b11/spin/seq_raster.c:2038:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output->raster_win, raster_new);
data/staden-2.0.0+b11/spin/seq_raster.c:2049:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], GetRasterColour(interp, rasterold, output->env_index));
data/staden-2.0.0+b11/spin/seq_raster.c:2271:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "update_zoom_list %s %d {%d %d %d %d}",
data/staden-2.0.0+b11/spin/seq_raster.c:2403:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output->raster_win, raster_new);
data/staden-2.0.0+b11/spin/seq_raster.c:2411:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], GetRasterColour(interp, rasterold, output->env_index));
data/staden-2.0.0+b11/spin/seq_raster.c:3179:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(raster_result->raster_win, "%s%d", raster_win, id);
data/staden-2.0.0+b11/spin/seq_raster.c:3314:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(raster_frame, Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/seq_raster.c:3321:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(raster_win, raster_frame);
data/staden-2.0.0+b11/spin/seq_raster.c:3329:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(raster_win, "%s%s", raster_win, val);
data/staden-2.0.0+b11/spin/seq_raster.c:3331:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(raster_win, "%s%d", raster_win, raster_id);
data/staden-2.0.0+b11/spin/seq_raster.c:3393:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(raster_win, raster_result->raster_win);
data/staden-2.0.0+b11/spin/seq_raster.c:3438:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(raster_win, Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/seq_raster.c:3451:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(raster_win, "%s%s", raster_win, val);
data/staden-2.0.0+b11/spin/seq_raster.c:3455:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(raster_win, "%s%d", raster_win, raster_id);
data/staden-2.0.0+b11/spin/seq_raster.c:3736:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output->raster_win, raster_win);
data/staden-2.0.0+b11/spin/seq_raster.c:3742:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/seq_raster.c:3862:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output->raster_win, raster_win);
data/staden-2.0.0+b11/spin/seq_raster.c:3884:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/seq_raster.c:4012:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/seq_raster.c:4017:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output->raster_win, raster_win);
data/staden-2.0.0+b11/spin/seq_raster.c:4118:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output->raster_win, raster_win);
data/staden-2.0.0+b11/spin/seq_reg.c:592:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data[cnt].line, qn.line);
data/staden-2.0.0+b11/spin/seq_reg.c:594:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data[cnt].time, seq_result_time(i, r->id));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:94:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s : %s (#%d)", data[i].time, data[i].line, data[i].id);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:112:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s : %s (#%d)", data[i].time, data[i].line, data[i].id);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:129:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s : %s (#%d)", data[i].time, data[i].line, data[i].id);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1651:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(identifier, "%s#%d", identifier, unique_name++);
data/staden-2.0.0+b11/spin/seq_results.c:190:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqs[seq_num].identifier, identifier);
data/staden-2.0.0+b11/spin/seq_results.c:285:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqs[seq_num].identifier, identifier);
data/staden-2.0.0+b11/spin/seq_results.c:286:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqs[seq_num].seq->name, name);
data/staden-2.0.0+b11/spin/seq_results.c:429:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "CDS %3d %2s ",idx, seqs[seq_num].key_index[0][idx].type_loca);
data/staden-2.0.0+b11/spin/seq_results.c:433:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key_index_subcds, tmp);
data/staden-2.0.0+b11/spin/seq_results.c:437:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, " %2s %d..%d ", current->type_range,
data/staden-2.0.0+b11/spin/seq_results.c:442:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(key_index_subcds, tmp);
data/staden-2.0.0+b11/spin/seq_results.c:694:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_s%d", GetSeqName(seq_num), count++);
data/staden-2.0.0+b11/spin/seq_results.c:730:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_n%d", parental_name, count++);
data/staden-2.0.0+b11/spin/seq_results.c:752:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_n%d", child_name, count++);
data/staden-2.0.0+b11/spin/seq_results.c:789:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_c", parental_name);
data/staden-2.0.0+b11/spin/seq_results.c:810:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_c", child_name);
data/staden-2.0.0+b11/spin/seq_results.c:859:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_r", parental_name);
data/staden-2.0.0+b11/spin/seq_results.c:879:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_r", child_name);
data/staden-2.0.0+b11/spin/seq_results.c:943:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_name, ptr+6);
data/staden-2.0.0+b11/spin/seq_results.c:944:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_rf%d_%d", new_name, rf+1, num);
data/staden-2.0.0+b11/spin/seq_results.c:946:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_rf%d_%d", parental_name, rf+1, num);
data/staden-2.0.0+b11/spin/seq_results.c:976:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_name, ptr+6);
data/staden-2.0.0+b11/spin/seq_results.c:977:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_rf%d_%d", new_name, rf+1, num);
data/staden-2.0.0+b11/spin/seq_results.c:979:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_rf%d_%d", child_name, rf+1, num);
data/staden-2.0.0+b11/spin/seq_results.c:1021:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_rf123", parental_name);
data/staden-2.0.0+b11/spin/seq_results.c:1041:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_rf123", child_name);
data/staden-2.0.0+b11/spin/seq_results.c:1084:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_x%d", parental_name, num);
data/staden-2.0.0+b11/spin/seq_results.c:1104:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_x%d", child_name, num);
data/staden-2.0.0+b11/spin/seq_results.c:1143:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_o%d", parental_name, num);
data/staden-2.0.0+b11/spin/seq_results.c:1163:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_o", child_name);
data/staden-2.0.0+b11/spin/seq_sendto.c:23:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "upvar #0 commn_[list %s] commn; "
data/staden-2.0.0+b11/spin/seq_sendto.c:62:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "Send to Gap4, %s", GetSeqName(seq_num));
data/staden-2.0.0+b11/spin/seq_sendto.c:75:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "upvar #0 commn_%s commn;", send->rid);
data/staden-2.0.0+b11/spin/seq_sendto.c:119:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(job, first ? "INCREMENT" : " INCREMENT");
data/staden-2.0.0+b11/spin/seq_sendto.c:123:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(job, first ? "DECREMENT" : " DECREMENT");
data/staden-2.0.0+b11/spin/seq_sendto.c:127:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(job, first ? "DELETE" : " DELETE");
data/staden-2.0.0+b11/spin/seq_sendto.c:132:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "upvar #0 commn_[list %s] commn; "
data/staden-2.0.0+b11/spin/seq_sendto.c:153:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c, "cursor_h_%s", send->rid);
data/staden-2.0.0+b11/spin/seq_sendto.c:155:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c, "cursor_v_%s", send->rid);
data/staden-2.0.0+b11/spin/seq_sendto.c:158:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c, "cursor_%s", send->rid);
data/staden-2.0.0+b11/spin/seqed.c:277:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqed_result->seqed_win, seqed_win);
data/staden-2.0.0+b11/spin/seqed.c:289:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(se->cursorCol, colour);
data/staden-2.0.0+b11/spin/seqed_translate.c:312:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(st_str, t);
data/staden-2.0.0+b11/spin/seqed_translate.c:318:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(st_str, t);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:30:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "seq_disp_show_cursor %s %d %d %d\n", seq_disp_win, result_id,
data/staden-2.0.0+b11/spin/sequence_pair_display.c:163:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_disp_result->seq_disp_win, seq_disp_win);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:317:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, tmp);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:345:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, tmp);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:371:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_str, &seq1[seq1_left]);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:396:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_str, &seq2[seq2_left]);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:507:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "SeqDispStartShutdown %s%d", seq_disp_win, result_index);
data/staden-2.0.0+b11/spin/sim.c:152:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char *strchr(), *strcpy(), filename[1000];
data/staden-2.0.0+b11/spin/sim.c:194:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,argv[argc]+2); gave_S=1;
data/staden-2.0.0+b11/spin/sim.c:1229:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, msg, val);
data/staden-2.0.0+b11/spin/sip_align.c:114:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "align: hori=%s vert=%s",
data/staden-2.0.0+b11/spin/sip_align.c:396:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name1, "%s_a%d", name, id);
data/staden-2.0.0+b11/spin/sip_align.c:594:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/sip_find_identity.c:96:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "matching words: hori=%s vert=%s",
data/staden-2.0.0+b11/spin/sip_find_identity.c:748:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/sip_quick_scan.c:102:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "diagonals: hori=%s vert=%s",
data/staden-2.0.0+b11/spin/sip_quick_scan.c:678:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/sip_results.c:249:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prot_mat->name, file);
data/staden-2.0.0+b11/spin/sip_sim.c:130:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "local alignment: hori=%s vert=%s",
data/staden-2.0.0+b11/spin/sip_sim.c:744:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/sip_similar_spans.c:206:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(jdata->name.line, "similar spans: hori=%s vert=%s",
data/staden-2.0.0+b11/spin/sip_similar_spans.c:676:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opts[1], colour);
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:527:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&(se->sequence[2]), sequence);
data/staden-2.0.0+b11/text_utils/text_output_stubs.c:27:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/staden-2.0.0+b11/text_utils/text_output_stubs.c:40:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, args);
data/staden-2.0.0+b11/text_utils/text_output_stubs.c:51:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, args);
data/staden-2.0.0+b11/text_utils/text_output_stubs.c:77:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, args);
data/staden-2.0.0+b11/tk_utils/canvas_box.c:160:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s configure -scrollregion \"%.20f %.20f %.20f %.20f\"",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:215:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s scale %s %.20f %.20f %.20f %.20f",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:219:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s move %s %"PRId64" %d",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:222:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s scale %s %.20f %.20f %.20f %.20f",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:228:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s scale %s %.20f %.20f %.20f %.20f",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:231:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd, "%s move %s %d %"PRId64,
data/staden-2.0.0+b11/tk_utils/canvas_box.c:234:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s scale %s %.20f %.20f %.20f %.20f",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:238:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s scale %s %.20f %.20f %.20f %.20f",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:242:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s scale %s %.20f %.20f %.20f %.20f",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:245:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd, "%s move %s %"PRId64" %"PRId64,
data/staden-2.0.0+b11/tk_utils/canvas_box.c:251:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s scale %s %.20f %.20f %.20f %.20f",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:307:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "eval %s xview %s", win_list[i]->window, scroll_args);
data/staden-2.0.0+b11/tk_utils/canvas_box.c:341:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "eval %s yview %s", win_list[i]->window, scroll_args);
data/staden-2.0.0+b11/tk_utils/canvas_box.c:588:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s configure -text %"PRId64"\n",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:596:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DrawCanvasCursorX %s %s %"PRId64" %s %d\n",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:620:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s%s configure -text %"PRId64"\n",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:628:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "DrawCanvasCursorY %s %s %"PRId64" %s %d\n",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:974:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %.20f %d %.20f %d -fill %s -width %d",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:999:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %.20f %d %.20f -fill %s -width %d",
data/staden-2.0.0+b11/tk_utils/canvas_box.c:1021:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s canvasx %.20f", window, val);
data/staden-2.0.0+b11/tk_utils/canvas_box.c:1032:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s canvasy %.20f", window, val);
data/staden-2.0.0+b11/tk_utils/container.c:60:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "destroy %s", c->win);
data/staden-2.0.0+b11/tk_utils/container.c:127:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*c_win, "%s%d", win, container_id);
data/staden-2.0.0+b11/tk_utils/container.c:440:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "get_element_row %s", win);
data/staden-2.0.0+b11/tk_utils/container.c:450:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "get_element_column %s", win);
data/staden-2.0.0+b11/tk_utils/container.c:880:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "tcl_delete_row %s %d", c->win, row_num);
data/staden-2.0.0+b11/tk_utils/container.c:905:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "tcl_delete_column %s %d", c->win, column_num);
data/staden-2.0.0+b11/tk_utils/container.c:911:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "delete_sb_h %s %d", c->win, column_num);
data/staden-2.0.0+b11/tk_utils/container.c:920:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "delete_sb_h %s %d", c->win, c->column[e->column_index]->num);
data/staden-2.0.0+b11/tk_utils/container.c:1244:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*e_win, "%s%d", win, element_id);
data/staden-2.0.0+b11/tk_utils/container.c:1421:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(window, "%s%s", c_win, e_win);
data/staden-2.0.0+b11/tk_utils/container.c:2616:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "rotate_element %s %s %d %d %d %d", e->win, c->row[i]->ruler->win, seq_id, result_id, VERTICAL, row_num);
data/staden-2.0.0+b11/tk_utils/container.c:2640:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "update_container_menu %s %d %s", c->win, c->id,
data/staden-2.0.0+b11/tk_utils/container_ruler.c:48:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "create_canvas_ruler %s %d %d %d %d %d %d LENGTH", c->win, c->id,
data/staden-2.0.0+b11/tk_utils/container_ruler.c:148:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(e_ruler->ruler->window, "%s", e_ruler->win);
data/staden-2.0.0+b11/tk_utils/container_ruler.c:211:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "find_result_position \"\" %s %d", e->win, BOTTOM);
data/staden-2.0.0+b11/tk_utils/container_ruler.c:224:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "create_canvas_ruler %s %d %d %d %d %d %d AMPLITUDE",
data/staden-2.0.0+b11/tk_utils/container_ruler.c:230:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "create_canvas_ruler %s %d %d %d %d %d %d AMPLITUDE",
data/staden-2.0.0+b11/tk_utils/container_ruler.c:320:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(e_ruler->ruler->window, "%s", e_ruler->win);
data/staden-2.0.0+b11/tk_utils/element_canvas.c:105:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s scale cursor %.20f %.20f %.20f %.20f \n",
data/staden-2.0.0+b11/tk_utils/element_canvas.c:111:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s scale tick %.20f %.20f %.20f %.20f \n",
data/staden-2.0.0+b11/tk_utils/element_canvas.c:116:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s scale id%d %.20f %.20f %.20f %.20f \n",
data/staden-2.0.0+b11/tk_utils/element_canvas.c:119:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s scale all %.20f %.20f %.20f %.20f \n",
data/staden-2.0.0+b11/tk_utils/element_canvas.c:140:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s move all %.20f %.20f", e->win, x_amount, y_amount);
data/staden-2.0.0+b11/tk_utils/element_canvas.c:142:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s move id%d %.20f %.20f", e->win, result_id,
data/staden-2.0.0+b11/tk_utils/element_canvas.c:284:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s configure -scrollregion \"%d %d %d %d\"",
data/staden-2.0.0+b11/tk_utils/element_canvas.c:300:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s xview %s", e->win, command);
data/staden-2.0.0+b11/tk_utils/element_canvas.c:343:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s yview %s", e->win, command);
data/staden-2.0.0+b11/tk_utils/element_canvas.c:507:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %.20f %.20f %.20f %.20f -width %d -fill %s "
data/staden-2.0.0+b11/tk_utils/element_canvas.c:515:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %.20f %.20f %.20f %.20f -width %d -fill %s "
data/staden-2.0.0+b11/tk_utils/element_canvas.c:531:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %.20f %.20f %.20f %.20f -width %d -fill %s "
data/staden-2.0.0+b11/tk_utils/element_canvas.c:540:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %.20f %.20f %.20f %.20f -width %d -fill %s "
data/staden-2.0.0+b11/tk_utils/element_canvas.c:579:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %.20f %.20f %.20f %.20f -width %d -fill %s "
data/staden-2.0.0+b11/tk_utils/element_canvas.c:587:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %.20f %.20f %.20f %.20f -width %d -fill %s "
data/staden-2.0.0+b11/tk_utils/element_canvas.c:603:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %.20f %.20f %.20f %.20f -width %d -fill %s "
data/staden-2.0.0+b11/tk_utils/element_canvas.c:612:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %.20f %.20f %.20f %.20f -width %d -fill %s "
data/staden-2.0.0+b11/tk_utils/element_canvas.c:644:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s canvasx %d", e->win, pos);
data/staden-2.0.0+b11/tk_utils/element_canvas.c:654:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "draw_canvas_crosshairX %s %s %d %.20f\n", e->c->win, e->win, cx, wx);
data/staden-2.0.0+b11/tk_utils/element_canvas.c:661:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s canvasy %d", e->win, pos);
data/staden-2.0.0+b11/tk_utils/element_canvas.c:666:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "draw_canvas_crosshairY %s %s %d %.20f\n", e->c->win, e->win, cy, invert_wy(e, wy));
data/staden-2.0.0+b11/tk_utils/init.c:81:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/tk_utils", lib);
data/staden-2.0.0+b11/tk_utils/restriction_enzyme_map.c:76:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create line %d %d %d %d -fill %s -width %d "
data/staden-2.0.0+b11/tk_utils/restriction_enzyme_map.c:112:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", re_win);
data/staden-2.0.0+b11/tk_utils/restriction_enzyme_map.c:115:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s delete all", names_win);
data/staden-2.0.0+b11/tk_utils/restriction_enzyme_map.c:125:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd,"%s create text 10 %d -text %s -anchor w -fill %s "
data/staden-2.0.0+b11/tk_utils/restriction_enzyme_map.c:130:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -tag contig -fill %s",
data/staden-2.0.0+b11/tk_utils/restriction_enzyme_map.c:152:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %d %d %d -tag contig -fill %s",
data/staden-2.0.0+b11/tk_utils/ruler_tick.c:172:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %.20f %d %.20f %d "
data/staden-2.0.0+b11/tk_utils/ruler_tick.c:185:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create text %.20f %d -text %g -tag tick\n",
data/staden-2.0.0+b11/tk_utils/ruler_tick.c:218:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %d %.20f %d %.20f "
data/staden-2.0.0+b11/tk_utils/ruler_tick.c:231:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create text %d %.20f -text %g -tag tick\n",
data/staden-2.0.0+b11/tk_utils/ruler_tick.c:276:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %.20f %.20f %.20f %.20f "
data/staden-2.0.0+b11/tk_utils/ruler_tick.c:281:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create text %.20f %.20f -text %.3g -tag tick\n",
data/staden-2.0.0+b11/tk_utils/ruler_tick.c:306:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create line %.20f %.20f %.20f %.20f "
data/staden-2.0.0+b11/tk_utils/ruler_tick.c:319:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s create text %.20f %.20f -text %.3g -tag tick\n",
data/staden-2.0.0+b11/tk_utils/tclCanvGraph.c:124:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(objPtr->bytes, buffer);
data/staden-2.0.0+b11/tk_utils/tclExtdInt.h:16:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(strcpy (ckalloc (strlen (sourceStr) + 1), sourceStr))
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:43:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(stringp, fmt, args);
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:70:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(stringp, fmt, args);
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:97:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(stringp, fmt, args);
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:118:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, str);
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:129:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, args);
data/staden-2.0.0+b11/tk_utils/text_output.c:215:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tag_list, "{%s%s %s}",
data/staden-2.0.0+b11/tk_utils/text_output.c:219:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tag_list, "%s%s", cur_tag, header ? "_h" : "_t");
data/staden-2.0.0+b11/tk_utils/text_output.c:278:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s: %s\n", tbuf, name);
data/staden-2.0.0+b11/tk_utils/text_output.c:360:2: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("sh", "sh", "-c", command, NULL);
data/staden-2.0.0+b11/tk_utils/text_output.c:536:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stdout_win, argv[1]);
data/staden-2.0.0+b11/tk_utils/text_output.c:537:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stderr_win, argv[2]);
data/staden-2.0.0+b11/tk_utils/text_output.c:739:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufp, "%s %.7500s: ", tbuf, argv[2]);
data/staden-2.0.0+b11/tk_utils/text_output.c:743:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, argv[i]);
data/staden-2.0.0+b11/tk_utils/text_output.c:959:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufp, "%s %s: ", tbuf, name);
data/staden-2.0.0+b11/tk_utils/text_output.c:963:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/staden-2.0.0+b11/tk_utils/text_output.c:968:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(&bufp[l], fmt, args);
data/staden-2.0.0+b11/tk_utils/text_output.c:1017:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(bufp, fmt, args);
data/staden-2.0.0+b11/tk_utils/text_output.c:1047:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(bufp, fmt, args);
data/staden-2.0.0+b11/tk_utils/text_output.c:1077:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(namep, fmt, args);
data/staden-2.0.0+b11/tk_utils/text_output.c:1111:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(namep, fmt, args);
data/staden-2.0.0+b11/tk_utils/text_output.c:1138:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(paramsp, fmt, args);
data/staden-2.0.0+b11/tk_utils/tkCanvGraph.c:2458:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s canvasx %d", Tk_PathName(tkwin), pixel);
data/staden-2.0.0+b11/tk_utils/tkCanvGraph.c:2460:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s canvasy %d", Tk_PathName(tkwin), pixel);
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:331:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->edBases, str);
data/staden-2.0.0+b11/tracediff/main.cpp:191:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( pFileOfFiles, pBuffer );
data/staden-2.0.0+b11/tracediff/main.cpp:465:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy( pBuffer, p );
data/staden-2.0.0+b11/tracediff/main.cpp:485:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf( pBuffer, "%s %c %d..%d\n%s", pTag->Type, c, *pTag->Position,
data/staden-2.0.0+b11/vector_clip/vector_clip.c:173:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( vector_name, s );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:177:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( f_primer_seq, s );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:181:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( r_primer_seq, s );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:203:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( file_name, c );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1149:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( prev_vector_file_name, vector_file_name );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1394:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat, "vector_clip: %s",
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1456:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pstat, "vector_clip: %s",
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1813:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( prev_vector_file_name, vector_file_name );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2244:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( prev_vector_file_name, vector_file_name );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2826:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( prev_vector_file_name, vector_file_name );
data/staden-2.0.0+b11/Misc/getfile.c:141:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncpy(nameout,getenv("HOMEDRIVE"),FILENAME_MAX);
data/staden-2.0.0+b11/Misc/getfile.c:142:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncat(nameout,getenv("HOMEPATH"),FILENAME_MAX-strlen(nameout));
data/staden-2.0.0+b11/Misc/getfile.c:147:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncpy ( nameout, getenv("HOME"), FILENAME_MAX);
data/staden-2.0.0+b11/Misc/getfile.c:162:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( getenv ( &namein[1] ) ) {
data/staden-2.0.0+b11/Misc/getfile.c:163:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncpy ( nameout, getenv(&namein[1]), FILENAME_MAX);
data/staden-2.0.0+b11/Misc/getfile.c:171:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( getenv ( &namein[0] ) ) {
data/staden-2.0.0+b11/Misc/getfile.c:172:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncpy ( nameout, getenv(namein), FILENAME_MAX);
data/staden-2.0.0+b11/Misc/misc.h:13:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt( int argc, char* const argv[], const char* optstring );
data/staden-2.0.0+b11/Misc/shell.c:35:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char * const argv[], const char *optstring) {
data/staden-2.0.0+b11/g/bitmap_test.c:15:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
while (random()%3 == 0) {
data/staden-2.0.0+b11/g/bitmap_test.c:16:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int bit = random()%b->Nbits;
data/staden-2.0.0+b11/gap4/copy_db_main.c:42:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "vfb:T")) != -1) {
data/staden-2.0.0+b11/gap4/gap-init.c:40:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gap_server = (char *)getenv(GAP_SERVER);
data/staden-2.0.0+b11/gap4/gap-thrash.c:174:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/staden-2.0.0+b11/gap4/gap-thrash.c:211:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v = random() % MAX_VIEWS;
data/staden-2.0.0+b11/gap4/gap-thrash.c:214:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = record[v] = random() % MAX_RECS;
data/staden-2.0.0+b11/gap4/gap-thrash.c:216:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (info.lock >= G_LOCK_RW || random()&01 ) {
data/staden-2.0.0+b11/gap4/gap-thrash.c:218:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random()&01) {
data/staden-2.0.0+b11/gap4/gap-thrash.c:229:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random()&01) {
data/staden-2.0.0+b11/gap4/gap-thrash.c:231:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
state[v] = random() % 10;
data/staden-2.0.0+b11/gap4/gap-thrash.c:235:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
album[r] = random() % Nc;
data/staden-2.0.0+b11/gap4/gap-thrash.c:273:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
album[r] = random() % Nc;
data/staden-2.0.0+b11/gap4/gap-thrash2.c:20:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
len = random() % (T_MAX_READ_LEN-1)+1;
data/staden-2.0.0+b11/gap4/gap-thrash2.c:22:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
seq[i] = "ACGT"[random() % 4];
data/staden-2.0.0+b11/gap4/gap-thrash2.c:23:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
conf[i] = random()%100;
data/staden-2.0.0+b11/gap4/gap-thrash2.c:27:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
start = random() % len;
data/staden-2.0.0+b11/gap4/gap-thrash2.c:28:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
end = (random() % (length - start)) + start;
data/staden-2.0.0+b11/gap4/gap-thrash2.c:62:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
j = random()%x+1;
data/staden-2.0.0+b11/gap4/gap-thrash2.c:63:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random()%10 > 3) {
data/staden-2.0.0+b11/gap4/gap-thrash2.c:76:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random()%100 == 0) {
data/staden-2.0.0+b11/gap4/gap-thrash2.c:96:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:20:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
len = random() % (T_MAX_READ_LEN-1)+1;
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:22:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
seq[i] = "ACGT"[random() % 4];
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:23:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
conf[i] = random()%100;
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:27:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
start = random() % len;
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:28:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
end = (random() % (length - start)) + start;
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:61:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
j = random()%10+1;
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:62:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random()%10 > 3) {
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:76:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random()%5 == 0 || 1) {
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:92:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/staden-2.0.0+b11/gap4/gap-thrash3.c:27:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
len = random() % (T_MAX_READ_LEN-1)+1;
data/staden-2.0.0+b11/gap4/gap-thrash3.c:28:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
cval = random()%100;
data/staden-2.0.0+b11/gap4/gap-thrash3.c:30:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
seq[i] = "ACGT"[random() % 4];
data/staden-2.0.0+b11/gap4/gap-thrash3.c:35:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
start = random() % len;
data/staden-2.0.0+b11/gap4/gap-thrash3.c:36:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
end = (random() % (length - start)) + start;
data/staden-2.0.0+b11/gap4/gap-thrash3.c:154:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
j = random()%x+1;
data/staden-2.0.0+b11/gap4/gap-thrash3.c:155:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random()%10 > 3) {
data/staden-2.0.0+b11/gap4/gap-thrash3.c:170:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
j = random()%NumReadings(io) + 1;
data/staden-2.0.0+b11/gap4/gap-thrash3.c:180:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random()%5 == 0) {
data/staden-2.0.0+b11/gap4/gap-thrash3.c:201:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/staden-2.0.0+b11/gap4/gap_globals.c:134:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (env = getenv("STADTABL")))
data/staden-2.0.0+b11/gap4/join.c:80:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (env = getenv("STADTABL"))) {
data/staden-2.0.0+b11/gap4/notedb.c:77:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (path = getenv("NOTEDB"))) {
data/staden-2.0.0+b11/gap4/notedb.c:78:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("STADTABL")) {
data/staden-2.0.0+b11/gap4/notedb.c:79:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(tmp_path, getenv("STADTABL"));
data/staden-2.0.0+b11/gap4/notes.c:694:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("RAWDATA")) {
data/staden-2.0.0+b11/gap4/tagdb.c:80:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (path = (char *)getenv(TAGDB))){
data/staden-2.0.0+b11/gap4/tagdb.c:81:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("STADTABL")) {
data/staden-2.0.0+b11/gap4/tagdb.c:82:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sprintf(tmp_path, "%s/GTAGDB", getenv("STADTABL"));
data/staden-2.0.0+b11/gap4/tkAppInit.c:97:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL != (lib = getenv("STADLIB"))) {
data/staden-2.0.0+b11/gap5/b+tree2.c:1200:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(atoi(argv[2]));
data/staden-2.0.0+b11/gap5/b+tree2.c:1208:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int n = random() % nlines;
data/staden-2.0.0+b11/gap5/b+tree2.c:1209:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random()&1) {
data/staden-2.0.0+b11/gap5/editor_join.c:90:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (env = getenv("STADTABL"))) {
data/staden-2.0.0+b11/gap5/g-alloc.c:1079:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(atoi(argv[1]));
data/staden-2.0.0+b11/gap5/gap_globals.c:135:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (env = getenv("STADTABL")))
data/staden-2.0.0+b11/gap5/interval_tree.c:604:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(0);
data/staden-2.0.0+b11/gap5/interval_tree.c:607:18: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int x1 = drand48()*RLEN;
data/staden-2.0.0+b11/gap5/interval_tree.c:608:23: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int x2 = x1 + drand48()*SLEN;
data/staden-2.0.0+b11/gap5/interval_tree.c:641:7: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
st = drand48()*(RLEN-SLEN*10);
data/staden-2.0.0+b11/gap5/interval_tree.c:642:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
en = st + (drand48()*(SLEN*10));
data/staden-2.0.0+b11/gap5/notedb.c:77:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (path = getenv("NOTEDB"))) {
data/staden-2.0.0+b11/gap5/notedb.c:78:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("STADTABL")) {
data/staden-2.0.0+b11/gap5/notedb.c:79:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(tmp_path, getenv("STADTABL"));
data/staden-2.0.0+b11/gap5/tagdb.c:80:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (path = (char *)getenv(TAGDB))){
data/staden-2.0.0+b11/gap5/tagdb.c:81:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("STADTABL")) {
data/staden-2.0.0+b11/gap5/tagdb.c:82:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sprintf(tmp_path, "%s/GTAGDB", getenv("STADTABL"));
data/staden-2.0.0+b11/gap5/tg_index.c:148:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "aBCsVbtThAmMo:pPq:nz:fd:c:"
data/staden-2.0.0+b11/gap5/tg_index_common.c:35:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (dir = getenv("TMPDIR"))) {
data/staden-2.0.0+b11/gap5/tg_index_common.c:36:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (dir = getenv("TMP_DIR"))) {
data/staden-2.0.0+b11/gap5/tg_index_common.c:37:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dir = getenv("TEMP");
data/staden-2.0.0+b11/gap5/tg_index_common.c:105:17: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
if (NULL == tmpnam(file_name)) {
data/staden-2.0.0+b11/gap5/tg_index_common.c:170:10: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
if (!tmpnam(new_tmp)) {
data/staden-2.0.0+b11/gap5/tg_view.c:792:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(0);
data/staden-2.0.0+b11/gap5/tg_view.c:795:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int xpos = random() % 2000000;
data/staden-2.0.0+b11/gap5/tg_view.c:796:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int size = random() % 1000;
data/staden-2.0.0+b11/gap5/tg_view.c:851:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "hl:dcCx:e")) != -1) {
data/staden-2.0.0+b11/gap5/tkAppInit.c:95:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL != (lib = getenv("STADLIB"))) {
data/staden-2.0.0+b11/get_scf_field/get_scf_field.c:58:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "sqc")) != -1) {
data/staden-2.0.0+b11/hetins/hetins.c:432:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "w:e:h:g:tT")) != -1) {
data/staden-2.0.0+b11/make_weights/make_weights.c:598:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "o:w:m:c:C:vp")) != -1) {
data/staden-2.0.0+b11/polyA_clip/polyA_clip.c:275:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "w:x:p:vtx")) != -1) {
data/staden-2.0.0+b11/prefinish/main.c:15:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL != (lib = getenv("STADLIB"))) {
data/staden-2.0.0+b11/prefinish/random.c:4:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
putchar("ACGT"[random() % 4]);
data/staden-2.0.0+b11/prefinish/test.c:211:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(15551);
data/staden-2.0.0+b11/prefinish/test.c:215:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
prim[j] = "ACGT"[random()%4];
data/staden-2.0.0+b11/prefinish/testbak.c:150:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(15551);
data/staden-2.0.0+b11/prefinish/testbak.c:154:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
vec[j] = "ACGT"[random()%4];
data/staden-2.0.0+b11/qclip/qclip.c:278:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "q:w:vtncm:M:R:r:L:l:s:x:")) != -1) {
data/staden-2.0.0+b11/screen_seq/screen_seq.c:916:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "l:m:i:I:p:f:s:S:t")) != -1) {
data/staden-2.0.0+b11/seq_utils/genetic_code.c:786:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env = getenv("STADTABL");
data/staden-2.0.0+b11/seq_utils/scramble.c:39:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/staden-2.0.0+b11/stops/stops.c:354:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "vw:s:t:b:")) != -1) {
data/staden-2.0.0+b11/tk_utils/init.c:80:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (lib = getenv("STADTCL")) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3448:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "w:n:d:l:L:R:p:f:m:M:P:v:V:i:schrtT")) != -1) {
data/staden-2.0.0+b11/Misc/array.c:168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)a->base + a->max*a->size,
data/staden-2.0.0+b11/Misc/dstring.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], *bufp = buf;
data/staden-2.0.0+b11/Misc/dstring.c:254:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char escape[256];
data/staden-2.0.0+b11/Misc/dstring.c:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[3];
data/staden-2.0.0+b11/Misc/dstring.c:316:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50], *cp = buf;
data/staden-2.0.0+b11/Misc/files.c:36:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fname, "rb")))
data/staden-2.0.0+b11/Misc/files.c:56:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(files, "r");
data/staden-2.0.0+b11/Misc/files.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/staden-2.0.0+b11/Misc/files.c:61:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[256];
data/staden-2.0.0+b11/Misc/find.c:31:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char wholePath[1024];
data/staden-2.0.0+b11/Misc/getfile.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempbuf[FILENAME_MAX+1], tempb[FILENAME_MAX+1];
data/staden-2.0.0+b11/Misc/getfile.c:190:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(filename, mode);
data/staden-2.0.0+b11/Misc/parse_db.c:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char word[MAXWORD]; /* Array containing the TOK_ID word */
data/staden-2.0.0+b11/Misc/parse_db.c:233:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXWORD];
data/staden-2.0.0+b11/Misc/parse_db.c:253:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((int *)valp) = atoi(word);
data/staden-2.0.0+b11/Misc/parse_db.c:257:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXWORD];
data/staden-2.0.0+b11/Misc/parse_db.c:258:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Unknown type %d\n", type);
data/staden-2.0.0+b11/Misc/parse_db.c:321:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fn, "rb");
data/staden-2.0.0+b11/Misc/parse_db.c:343:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(storep, default_store, store_size);
data/staden-2.0.0+b11/Misc/strings.c:158:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(s2, s1, n);
data/staden-2.0.0+b11/Misc/strings.c:187:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char type[256];
data/staden-2.0.0+b11/Misc/strings.c:246:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&new[ni], "\\%03o", c);
data/staden-2.0.0+b11/Misc/strings.c:271:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char type[256];
data/staden-2.0.0+b11/Misc/strings.c:386:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&new[ni], "%%%02X", c);
data/staden-2.0.0+b11/Misc/vlen.c:262:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10000];
data/staden-2.0.0+b11/Misc/vlen.c:264:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "d: %d\n", 500);
data/staden-2.0.0+b11/Misc/vlen.c:276:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%c\n", 'a');
data/staden-2.0.0+b11/Misc/vlen.c:280:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%31.30f\n", -9999.99);
data/staden-2.0.0+b11/Misc/vlen.c:284:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%f\n", -1e308);
data/staden-2.0.0+b11/Misc/vlen.c:288:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.9f\n", -1e308);
data/staden-2.0.0+b11/Misc/vlen.c:292:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%10.20f\n", -1.999222333);
data/staden-2.0.0+b11/Misc/vlen.c:296:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%#g\n", -3.14159265358e-222);
data/staden-2.0.0+b11/Misc/vlen.c:300:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%e\n", -123456789123456789.1);
data/staden-2.0.0+b11/Misc/vlen.c:308:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%*.*e %*c\n", 10, 5, 9.0, 20, 'x');
data/staden-2.0.0+b11/Misc/vlen.c:312:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%10c\n", 'z');
data/staden-2.0.0+b11/Misc/vlen.c:316:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.10c\n", 'z');
data/staden-2.0.0+b11/Misc/vlen.c:320:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%10d\n", 'z');
data/staden-2.0.0+b11/Misc/vlen.c:324:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.10d\n", 'z');
data/staden-2.0.0+b11/Misc/vlen.c:328:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%10%\n");
data/staden-2.0.0+b11/Misc/vlen.c:332:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.10%\n");
data/staden-2.0.0+b11/Misc/vlen.c:348:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.5s\n", "0123456789");
data/staden-2.0.0+b11/Misc/vlen.c:352:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.50s\n", "0123456789");
data/staden-2.0.0+b11/Misc/vlen.c:356:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%5.50s\n", "0123456789");
data/staden-2.0.0+b11/Misc/vlen.c:360:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%50.5s\n", "0123456789");
data/staden-2.0.0+b11/Misc/xerror.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/abi/abiIO.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/staden-2.0.0+b11/abi/abiIO.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/staden-2.0.0+b11/abi/abiIO.c:78:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i4, &abi->data[0x00], 4);
data/staden-2.0.0+b11/abi/abiIO.c:83:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(abi->header.stuff1, &abi->data[0x04], 12);
data/staden-2.0.0+b11/abi/abiIO.c:84:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(abi->header.spare, &abi->data[0x1e], 98);
data/staden-2.0.0+b11/abi/abiIO.c:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i2, &abi->data[0x10], 2);
data/staden-2.0.0+b11/abi/abiIO.c:89:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i2, &abi->data[0x14], 2);
data/staden-2.0.0+b11/abi/abiIO.c:92:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i4, &abi->data[0x16], 4);
data/staden-2.0.0+b11/abi/abiIO.c:95:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i4, &abi->data[0x1a], 4);
data/staden-2.0.0+b11/abi/abiIO.c:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[8192];
data/staden-2.0.0+b11/abi/abiIO.c:176:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fn, "rb");
data/staden-2.0.0+b11/abi/abiIO.c:183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[sz], block, len);
data/staden-2.0.0+b11/abi/abiIO.h:25:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)d)[0]<<8) + \
data/staden-2.0.0+b11/abi/abiIO.h:26:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)d)[1]))
data/staden-2.0.0+b11/abi/abiIO.h:30:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)d)[0]<<24) + \
data/staden-2.0.0+b11/abi/abiIO.h:31:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)d)[1]<<16) + \
data/staden-2.0.0+b11/abi/abiIO.h:32:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)d)[2]<< 8) + \
data/staden-2.0.0+b11/abi/abiIO.h:33:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)d)[3]))
data/staden-2.0.0+b11/abi/abiIO.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stuff1[12]; /* don't care what this is */
data/staden-2.0.0+b11/abi/abiIO.h:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spare[98]; /* Unused? */
data/staden-2.0.0+b11/abi/getABIfield.c:270:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = (++arg < argc) ? atoi(argv[arg]) : 1;
data/staden-2.0.0+b11/abi/getABIfield.c:322:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
style = atoi(argv[arg]);
data/staden-2.0.0+b11/abi/getABIfield.c:383:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fofn_fp = fopen(fofn, "r"))) {
data/staden-2.0.0+b11/alf/alfsplit.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char junk[512] ; /* for when we want to read/write junk */
data/staden-2.0.0+b11/alf/alfsplit.c:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(int_4)];
data/staden-2.0.0+b11/alf/alfsplit.c:64:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(int_2)];
data/staden-2.0.0+b11/alf/alfsplit.c:74:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(int_4)];
data/staden-2.0.0+b11/alf/alfsplit.c:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(int_2)];
data/staden-2.0.0+b11/alf/alfsplit.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[40] ;
data/staden-2.0.0+b11/alf/alfsplit.c:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expLine[4][20],name[MAXCLONES][256],note[MAXCLONES][80],fname[25];
data/staden-2.0.0+b11/alf/alfsplit.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512] ;
data/staden-2.0.0+b11/alf/alfsplit.c:206:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inData = fopen (argv[1],"r") ;
data/staden-2.0.0+b11/alf/alfsplit.c:207:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(inEnt = fopen (argv[1],"r")))
data/staden-2.0.0+b11/alf/alfsplit.c:258:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name[i],
data/staden-2.0.0+b11/alf/alfsplit.c:285:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (&ent->label[len]) - 1 ;
data/staden-2.0.0+b11/alf/alfsplit.c:313:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outData[i] = fopen (fname,"w") ;
data/staden-2.0.0+b11/alf/alfsplit.c:327:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(outEnt[i] = fopen (fname,"a")))
data/staden-2.0.0+b11/alf/alfsplit.c:338:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ent->label,"ALF Processed data Clone 1");
data/staden-2.0.0+b11/alf/alfsplit.c:354:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ent->label,"ALF Sequence data Clone 1");
data/staden-2.0.0+b11/convert/bapDB.c:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[17];
data/staden-2.0.0+b11/convert/bapDB.c:239:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_type[5];
data/staden-2.0.0+b11/convert/bapDB.c:240:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_file[19];
data/staden-2.0.0+b11/convert/bapDB.c:330:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[2];
data/staden-2.0.0+b11/convert/bapDB.c:351:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/convert/bapDB.c:490:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
io.data_class = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:495:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
io.num_gels = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:500:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
io.num_contigs = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:505:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
io.max_gel_length = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:510:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
io.max_gels = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:515:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
io.max_db_size = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:567:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rl_line.lines.left_nbr = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:572:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rl_line.lines.right_nbr = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:577:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rl_line.lines.length = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:582:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:589:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rl_line.lines.rel_pos = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/convert/bapDB.c:636:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[18];
data/staden-2.0.0+b11/convert/bapDB.c:637:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[41];
data/staden-2.0.0+b11/convert/bapDB.c:639:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
length = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:644:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cut = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:649:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ulen = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:667:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%6d%6d%6d%4.4s%18.18s",length,cut,ulen,type,file);
data/staden-2.0.0+b11/convert/bapDB.c:695:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[4];
data/staden-2.0.0+b11/convert/bapDB.c:703:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type,"*DE");
data/staden-2.0.0+b11/convert/bapDB.c:705:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type,"*IN");
data/staden-2.0.0+b11/convert/bapDB.c:716:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:780:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tg_rec.lines.position = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:785:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tg_rec.lines.length = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:824:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rl_line.clines.left_end = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:829:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rl_line.clines.right_end = atoi(a);
data/staden-2.0.0+b11/convert/bapDB.c:834:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rl_line.clines.length = atoi(a);
data/staden-2.0.0+b11/convert/bapIO.c:182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->lines.comment,src->lines.comment,BAP_COMMENT_SIZE);
data/staden-2.0.0+b11/convert/bapIO.c:425:31: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(io->ar_file,name); strcat(io->ar_file,".AR"); strcat(io->ar_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:426:31: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(io->rl_file,name); strcat(io->rl_file,".RL"); strcat(io->rl_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:427:31: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(io->sq_file,name); strcat(io->sq_file,".SQ"); strcat(io->sq_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:428:31: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(io->tg_file,name); strcat(io->tg_file,".TG"); strcat(io->tg_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:429:31: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(io->cc_file,name); strcat(io->cc_file,".CC"); strcat(io->cc_file,version);
data/staden-2.0.0+b11/convert/bapIO.c:445:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( io->ar_fp = fopen(io->ar_file,mode) ) == NULL )
data/staden-2.0.0+b11/convert/bapIO.c:447:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( io->rl_fp = fopen(io->rl_file,mode) ) == NULL )
data/staden-2.0.0+b11/convert/bapIO.c:449:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( io->sq_fp = fopen(io->sq_file,mode) ) == NULL )
data/staden-2.0.0+b11/convert/bapIO.c:451:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( io->tg_fp = fopen(io->tg_file,mode) ) == NULL )
data/staden-2.0.0+b11/convert/bapIO.c:453:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( io->cc_fp = fopen(io->cc_file,mode) ) == NULL )
data/staden-2.0.0+b11/convert/bapIO.h:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[BAP_FILE_NAME_LENGTH];
data/staden-2.0.0+b11/convert/bapIO.h:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/staden-2.0.0+b11/convert/bapIO.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spare[BAP_COMMENT_SIZE - sizeof(int_4)];
data/staden-2.0.0+b11/convert/bapIO.h:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[BAP_COMMENT_SIZE];
data/staden-2.0.0+b11/convert/bapIO.h:144:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char IOString[200];
data/staden-2.0.0+b11/convert/dapDB.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[13];
data/staden-2.0.0+b11/convert/dapDB.c:237:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_type[5];
data/staden-2.0.0+b11/convert/dapDB.c:238:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_file[19];
data/staden-2.0.0+b11/convert/dapDB.c:328:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[2];
data/staden-2.0.0+b11/convert/dapDB.c:349:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/convert/dapIO.c:306:31: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(io->ar_file,name); strcat(io->ar_file,".AR"); strcat(io->ar_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:307:31: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(io->rl_file,name); strcat(io->rl_file,".RL"); strcat(io->rl_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:308:31: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(io->sq_file,name); strcat(io->sq_file,".SQ"); strcat(io->sq_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:309:31: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(io->tg_file,name); strcat(io->tg_file,".TG"); strcat(io->tg_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:310:31: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(io->cc_file,name); strcat(io->cc_file,".CC"); strcat(io->cc_file,version);
data/staden-2.0.0+b11/convert/dapIO.c:327:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( io->ar_fp = fopen(io->ar_file,mode) ) == NULL )
data/staden-2.0.0+b11/convert/dapIO.c:329:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( io->rl_fp = fopen(io->rl_file,mode) ) == NULL )
data/staden-2.0.0+b11/convert/dapIO.c:331:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( io->sq_fp = fopen(io->sq_file,mode) ) == NULL )
data/staden-2.0.0+b11/convert/dapIO.c:333:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( io->tg_fp = fopen(io->tg_file,mode) ) == NULL )
data/staden-2.0.0+b11/convert/dapIO.c:335:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( io->cc_fp = fopen(io->cc_file,mode) ) == NULL )
data/staden-2.0.0+b11/convert/dapIO.h:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DAP_FILE_NAME_LENGTH];
data/staden-2.0.0+b11/convert/dapIO.h:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/staden-2.0.0+b11/convert/dapIO.h:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spare[DAP_COMMENT_SIZE - sizeof(int_4)];
data/staden-2.0.0+b11/convert/dapIO.h:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[DAP_COMMENT_SIZE];
data/staden-2.0.0+b11/convert/dapIO.h:142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char IOString[200];
data/staden-2.0.0+b11/convert/flat_sd.c:8:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char IOString[200];
data/staden-2.0.0+b11/convert/flat_sd.c:16:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(flat_file,name); strcat(flat_file,".flat");
data/staden-2.0.0+b11/convert/flat_sd.c:39:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (flat_fp = (fopen(flat_file,"w"))) == NULL) crash("Cannot open file %s\n",flat_file);
data/staden-2.0.0+b11/convert/flat_sd.c:78:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (flat_fp = (fopen(flat_file,"r"))) == NULL) crash("Cannot open file %s\n",flat_file);
data/staden-2.0.0+b11/convert/gapDB.c:12:28: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memmove(a,b,c) bcopy(b,a,c)
data/staden-2.0.0+b11/convert/gapDB.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swap[256];
data/staden-2.0.0+b11/convert/gapDB.c:120:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
io->db.data_class = atoi(cp);
data/staden-2.0.0+b11/convert/gapDB.c:123:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
io->db.max_gel_len = atoi(cp);
data/staden-2.0.0+b11/convert/gapDB.c:125:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((cp = assoc(l, db_max_db_size)) && atoi(cp) > io->db.maximum_db_size) {
data/staden-2.0.0+b11/convert/gapDB.c:126:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
io->db.maximum_db_size = io->db.actual_db_size = atoi(cp);
data/staden-2.0.0+b11/convert/gapDB.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[WINKLE], *cp;
data/staden-2.0.0+b11/convert/gapDB.c:143:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
left = atoi(cp);
data/staden-2.0.0+b11/convert/gapDB.c:146:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
right = atoi(cp);
data/staden-2.0.0+b11/convert/gapDB.c:149:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(cp);
data/staden-2.0.0+b11/convert/gapDB.c:152:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
comp = atoi(cp);
data/staden-2.0.0+b11/convert/gapDB.c:255:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a.position = atoi(cp) + ostart;
data/staden-2.0.0+b11/convert/gapDB.c:271:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a.length = atoi(cp);
data/staden-2.0.0+b11/convert/gapDB.c:325:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = r.sequence_length - atoi(assoc(e, gel_ed_base_pos))
data/staden-2.0.0+b11/convert/gapDB.c:342:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(assoc(e, gel_ed_base_pos)) + start;
data/staden-2.0.0+b11/convert/gapDB.c:396:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c.left = atoi(cp);
data/staden-2.0.0+b11/convert/gapDB.c:399:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c.right = atoi(cp);
data/staden-2.0.0+b11/convert/gapDB.c:402:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c.length = atoi(cp);
data/staden-2.0.0+b11/convert/list.c:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/staden-2.0.0+b11/convert/list.c:121:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",i);
data/staden-2.0.0+b11/convert/list.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/staden-2.0.0+b11/convert/main.c:53:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char IOString[200];
data/staden-2.0.0+b11/convert/main.c:81:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
itype = atoi(ctype);
data/staden-2.0.0+b11/convert/sap2dap.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[COMMENT_LENGTH];
data/staden-2.0.0+b11/convert/sap2dap.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[COMMENT_LENGTH-sizeof(int_f)];
data/staden-2.0.0+b11/convert/sap2dap.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[4];
data/staden-2.0.0+b11/convert/sap2dap.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[12];
data/staden-2.0.0+b11/convert/sap2dap.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char projectName[l_len];
data/staden-2.0.0+b11/convert/sap2dap.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char versionNumber[l_len];
data/staden-2.0.0+b11/convert/sap2dap.c:85:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((AR_fp=fopen(AR,"rb"))==NULL) {
data/staden-2.0.0+b11/convert/sap2dap.c:115:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((RL_fp=fopen(RL,"rb"))==NULL) {
data/staden-2.0.0+b11/convert/sap2dap.c:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AR[f_len];
data/staden-2.0.0+b11/convert/sap2dap.c:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RD[f_len];
data/staden-2.0.0+b11/convert/sap2dap.c:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CC[f_len];
data/staden-2.0.0+b11/convert/sap2dap.c:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TG[f_len];
data/staden-2.0.0+b11/convert/sap2dap.c:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RL[f_len];
data/staden-2.0.0+b11/convert/sap2dap.c:210:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(RD,name); strcat(RD,".RD"); strncat(RD,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:211:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(TG,name); strcat(TG,".TG"); strncat(TG,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:212:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(CC,name); strcat(CC,".CC"); strncat(CC,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:217:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(AR,name); strcat(AR,".AR"); strncat(AR,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:223:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(RL,name); strcat(RL,".RL"); strncat(RL,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:239:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((TG_fp=fopen(TG,"wb"))==NULL) {
data/staden-2.0.0+b11/convert/sap2dap.c:244:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((CC_fp=fopen(CC,"wb"))==NULL) {
data/staden-2.0.0+b11/convert/sap2dap.c:253:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((RD_fp=fopen(RD,"rb"))==NULL) {
data/staden-2.0.0+b11/convert/sap2dap.c:274:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/convert/sap2dap.c:275:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[13];
data/staden-2.0.0+b11/convert/sap2dap.c:276:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[COMMENT_LENGTH];
data/staden-2.0.0+b11/copy_reads/copy_reads.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_str[1050];
data/staden-2.0.0+b11/copy_reads/copy_reads.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[100];
data/staden-2.0.0+b11/copy_reads/copy_reads.c:193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_str[1050];
data/staden-2.0.0+b11/copy_reads/copy_reads.c:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[100];
data/staden-2.0.0+b11/copy_reads/copy_reads.c:531:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80],name1[10],name2[10];
data/staden-2.0.0+b11/copy_reads/copy_reads.c:595:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name2,"%d",
data/staden-2.0.0+b11/copy_reads/copy_reads.c:597:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf," Possible join between contig in the + sense and contig %d",
data/staden-2.0.0+b11/eba/qual.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *nf_conf[4], *f_conf[4], base[256];
data/staden-2.0.0+b11/eba/qual.c:316:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
avg_qual = atoi(argv[++a]);
data/staden-2.0.0+b11/eba/qual.c:318:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
non_filtered = atoi(argv[++a]);
data/staden-2.0.0+b11/eba/qual.c:320:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
filtered = atoi(argv[++a]);
data/staden-2.0.0+b11/eba/qual.c:322:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi(argv[++a]);
data/staden-2.0.0+b11/find_renz/find_renz.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[FILENAME_MAX];
data/staden-2.0.0+b11/find_renz/find_renz.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE+1];
data/staden-2.0.0+b11/find_renz/find_renz.c:34:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(path, "r"))){
data/staden-2.0.0+b11/find_renz/find_renz.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strline[1024];
data/staden-2.0.0+b11/find_renz/find_renz.c:81:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strline, "%d", i = renz2index(enz));
data/staden-2.0.0+b11/find_renz/find_renz.c:97:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], *cp;
data/staden-2.0.0+b11/find_renz/find_renz.c:104:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(seq, "%.*s%.*s%.*s",
data/staden-2.0.0+b11/g/freetree.c:397:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("freetree.dot", "w");
data/staden-2.0.0+b11/g/g-debug.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnaux[1024];
data/staden-2.0.0+b11/g/g-debug.c:129:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((gfile->fd = open(fn, O_RDONLY)) == -1)
data/staden-2.0.0+b11/g/g-debug.c:132:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((gfile->fdaux = open(fnaux, O_RDONLY)) == -1)
data/staden-2.0.0+b11/g/g-debug.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/staden-2.0.0+b11/g/g-files.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnaux[1024];
data/staden-2.0.0+b11/g/g-files.c:183:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (read_only || (gfile->fd = open(fn,O_RDWR|O_BINARY)) == -1 )
data/staden-2.0.0+b11/g/g-files.c:184:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !read_only || (gfile->fd = open(fn,O_RDONLY|O_BINARY)) == -1 )
data/staden-2.0.0+b11/g/g-files.c:188:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (read_only || (gfile->fdaux = open(fnaux,O_RDWR|O_BINARY)) == -1 )
data/staden-2.0.0+b11/g/g-files.c:189:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !read_only || (gfile->fdaux = open(fnaux,O_RDONLY|O_BINARY)) == -1 )
data/staden-2.0.0+b11/g/g-io.c:211:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recv, &rec, sizeof(rec));
data/staden-2.0.0+b11/g/g-io.c:269:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(headerv, &rec, sizeof(AuxHeader));
data/staden-2.0.0+b11/g/g-request.c:260:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, addr+image, in);
data/staden-2.0.0+b11/g/g-request.c:319:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset((char *)v[parti].buf+partj,'\0',v[parti].len-partj);
data/staden-2.0.0+b11/g/g-request.c:350:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v[parti].buf, addr+image+count, partj);
data/staden-2.0.0+b11/g/g-request.c:362:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset((char *)v[parti].buf+partj,'\0',v[parti].len-partj);
data/staden-2.0.0+b11/gap4/IO1.c:128:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arrp(GReadings, io->reading, read-1), r, sizeof(GReadings));
data/staden-2.0.0+b11/gap4/IO1.c:484:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&io->relpos[db_size-nc], &io->relpos[old_size-nc], nc*sizeof(int));
data/staden-2.0.0+b11/gap4/IO1.c:485:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&io->length[db_size-nc], &io->length[old_size-nc], nc*sizeof(int));
data/staden-2.0.0+b11/gap4/IO1.c:486:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&io->lnbr [db_size-nc], &io->lnbr [old_size-nc], nc*sizeof(int));
data/staden-2.0.0+b11/gap4/IO1.c:487:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&io->rnbr [db_size-nc], &io->rnbr [old_size-nc], nc*sizeof(int));
data/staden-2.0.0+b11/gap4/IO1.c:1276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_fn[1024];
data/staden-2.0.0+b11/gap4/IO1.c:1321:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/staden-2.0.0+b11/gap4/IO1.c:1329:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fn, ".aux");
data/staden-2.0.0+b11/gap4/IO1.c:1363:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_buf[256], *user;
data/staden-2.0.0+b11/gap4/IO1.c:1372:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(db_fn, ".log");
data/staden-2.0.0+b11/gap4/IO1.c:1570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, buf[DB_FILELEN+1];
data/staden-2.0.0+b11/gap4/IO1.c:1692:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/staden-2.0.0+b11/gap4/IO1.c:1699:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(strcat(fn, ".aux"), -1 == remove(fn))) {
data/staden-2.0.0+b11/gap4/IO1.c:1778:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char project[DB_FILELEN], *version, *p;
data/staden-2.0.0+b11/gap4/IO1.h:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[DB_FILELEN]; /* database "file.version" */
data/staden-2.0.0+b11/gap4/IO1.h:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/IO2.c:383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namarc[F_NAMLEN+1], *name;
data/staden-2.0.0+b11/gap4/IO2.c:449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap4/IO2.c:485:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(exp_get_entry(si->e, EFLT_SL));
data/staden-2.0.0+b11/gap4/IO2.c:499:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = atoi(exp_get_entry(si->e, EFLT_SR));
data/staden-2.0.0+b11/gap4/IO2.c:544:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq, exp_get_entry(si->e,EFLT_SQ), length);
data/staden-2.0.0+b11/gap4/IO2.c:738:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[F_NAMLEN+1];
data/staden-2.0.0+b11/gap4/IO2.c:1071:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/IO2.c:1074:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "> Delete contig. Renumber %d (last) to %d (deleting)",
data/staden-2.0.0+b11/gap4/IO3.c:313:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq, &wholeSeq[t_st], *length);
data/staden-2.0.0+b11/gap4/IO3.c:579:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/IO3.c:619:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(GEL,seq+r.start,l);
data/staden-2.0.0+b11/gap4/IO3.c:654:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/actf.c:78:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_RDONLY, 0)) != -1) {
data/staden-2.0.0+b11/gap4/actf.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[2048];
data/staden-2.0.0+b11/gap4/actf.c:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[1025];
data/staden-2.0.0+b11/gap4/actf.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[1025];
data/staden-2.0.0+b11/gap4/actf.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_path[2048];
data/staden-2.0.0+b11/gap4/actf.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_path[2048];
data/staden-2.0.0+b11/gap4/actf.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[1024];
data/staden-2.0.0+b11/gap4/actf.c:228:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_CREAT | O_RDWR | O_TRUNC, 0666)) == -1) {
data/staden-2.0.0+b11/gap4/actf.c:238:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostname, "unknown");
data/staden-2.0.0+b11/gap4/actf.c:242:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostname, "unknown");
data/staden-2.0.0+b11/gap4/actf.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[1024], *cp;
data/staden-2.0.0+b11/gap4/actf.c:295:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lock_files[i].pathname, &lock_files[i+1].pathname,
data/staden-2.0.0+b11/gap4/assemble_direct.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap4/assemble_direct.c:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_orient[100], s_reading[100];
data/staden-2.0.0+b11/gap4/assemble_direct.c:361:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int end = atoi(exp_get_entry(si->e, EFLT_SL));
data/staden-2.0.0+b11/gap4/assemble_direct.c:363:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(a->type, "SVEC");
data/staden-2.0.0+b11/gap4/assemble_direct.c:380:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int start = atoi(exp_get_entry(si->e, EFLT_SR));
data/staden-2.0.0+b11/gap4/assemble_direct.c:383:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(a->type, "SVEC");
data/staden-2.0.0+b11/gap4/assemble_direct.c:401:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(a->type, "CVEC");
data/staden-2.0.0+b11/gap4/assemble_direct.c:544:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pads[BLOCK+1] = "********************";
data/staden-2.0.0+b11/gap4/auto_assemble.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namarc[F_NAMLEN];
data/staden-2.0.0+b11/gap4/auto_break.c:483:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[WS+2];
data/staden-2.0.0+b11/gap4/auto_break.c:505:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[WS+2];
data/staden-2.0.0+b11/gap4/auto_break.c:866:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filt, seq, len);
data/staden-2.0.0+b11/gap4/auto_break.c:978:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char legal_chars[256];
data/staden-2.0.0+b11/gap4/bubbl3.c:96:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list, listn, sizeof(int) * *idim);
data/staden-2.0.0+b11/gap4/bubbl3.c:99:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(listel, listn, sizeof(int) * *idim);
data/staden-2.0.0+b11/gap4/bubbl3.c:103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(listal, listn, sizeof(int) * *idim);
data/staden-2.0.0+b11/gap4/check_assembly.c:361:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap4/check_assembly.c:435:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/staden-2.0.0+b11/gap4/check_assembly.c:465:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Check Assembly");
data/staden-2.0.0+b11/gap4/check_assembly.c:604:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ca->params, "Unknown at present");
data/staden-2.0.0+b11/gap4/clip.c:399:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap4/clip.c:407:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Difference clipped from old start at %d\n", r.start);
data/staden-2.0.0+b11/gap4/clip.c:413:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap4/clip.c:421:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Difference clipped from old end at %d\n", r.end);
data/staden-2.0.0+b11/gap4/clones.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128]; /* this should be more than enough */
data/staden-2.0.0+b11/gap4/clones.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128]; /* this should be more than enough */
data/staden-2.0.0+b11/gap4/clones.c:163:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t.strands = atoi(ST);
data/staden-2.0.0+b11/gap4/clones.c:331:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r.primer = atoi(PR);
data/staden-2.0.0+b11/gap4/confidence_graph.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[10000], *tmpp;
data/staden-2.0.0+b11/gap4/confidence_graph.c:89:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(tmpp, "%d %.20f %d %.20f ",
data/staden-2.0.0+b11/gap4/confidence_graph.c:97:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(tmpp, "%d %.20f %d %.20f ",
data/staden-2.0.0+b11/gap4/confidence_graph.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/confidence_graph.c:271:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/confidence_graph.c:416:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/confidence_graph.c:424:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
canvas->y = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/gap4/confidence_graph.c:535:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100];
data/staden-2.0.0+b11/gap4/confidence_graph.c:578:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/confidence_graph.h:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap4/confidence_graph.h:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_win[100];
data/staden-2.0.0+b11/gap4/confidence_graph.h:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour[30];
data/staden-2.0.0+b11/gap4/consen.c:197:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char standard_to_masked[256];
data/staden-2.0.0+b11/gap4/consen.c:198:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char standard_to_marked[256];
data/staden-2.0.0+b11/gap4/consen.c:199:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char marked_to_masked[256];
data/staden-2.0.0+b11/gap4/consen.c:200:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char masked_to_marked[256];
data/staden-2.0.0+b11/gap4/consen.c:261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/staden-2.0.0+b11/gap4/consen.c:265:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
rlen = sprintf(buf, "%d", left_gelnumber);
data/staden-2.0.0+b11/gap4/consen.c:276:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(consensus, "<%.*s.%.*d%.*s>",
data/staden-2.0.0+b11/gap4/consen.c:937:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy ( hidden_seq,
data/staden-2.0.0+b11/gap4/consen.c:967:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (t_hidden_seq,
data/staden-2.0.0+b11/gap4/consen.c:1085:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy ( hidden_seq,
data/staden-2.0.0+b11/gap4/consen.c:1117:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (t_hidden_seq,
data/staden-2.0.0+b11/gap4/consen.c:1372:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy ( &consensus[contig_start], hidden_seq,
data/staden-2.0.0+b11/gap4/consen.c:1399:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy ( &consensus[*consensus_length], hidden_seq,
data/staden-2.0.0+b11/gap4/consen.c:1473:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
left_gel = atoi ( ++dot );
data/staden-2.0.0+b11/gap4/consen.c:1744:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], *name;
data/staden-2.0.0+b11/gap4/consen.c:1845:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[21];
data/staden-2.0.0+b11/gap4/consen.c:1846:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &seq[contig_ends[contig_index]], 20);
data/staden-2.0.0+b11/gap4/consen.c:1860:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[1024], *entry_name_ptr;
data/staden-2.0.0+b11/gap4/consen.c:1861:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/consen.c:1889:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[1024], *entry_name_ptr;
data/staden-2.0.0+b11/gap4/consen.c:1890:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/consen.c:2198:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(out_file, "w"))) {
data/staden-2.0.0+b11/gap4/consistency_canvas_box.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/consistency_canvas_box.c:74:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "moveto %.20f", fract);
data/staden-2.0.0+b11/gap4/consistency_canvas_box.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/consistency_display.c:108:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char old_contig_name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/consistency_display.c:109:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char new_contig_name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/consistency_display.c:193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/consistency_display.c:289:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/consistency_display.c:366:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c->win_list[i]->canvas->x = atoi(Tcl_GetStringResult(c->interp));
data/staden-2.0.0+b11/gap4/consistency_display.c:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/consistency_display.c:392:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->win_list[i]->world->visible,
data/staden-2.0.0+b11/gap4/consistency_display.c:420:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c->win_list[i]->canvas->x = atoi(Tcl_GetStringResult(c->interp));
data/staden-2.0.0+b11/gap4/consistency_display.c:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/consistency_display.c:448:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
win_list[i]->canvas->x = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/gap4/consistency_display.c:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/consistency_display.c:486:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
canvas->y = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/gap4/consistency_display.c:520:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(Tcl_GetStringResult(interp)) - 1;
data/staden-2.0.0+b11/gap4/consistency_display.c:523:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi(Tcl_GetStringResult(interp)) - 1;
data/staden-2.0.0+b11/gap4/consistency_display.c:603:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/consistency_display.c:610:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Consistency display");
data/staden-2.0.0+b11/gap4/consistency_display.c:722:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scroll_args[20];
data/staden-2.0.0+b11/gap4/consistency_display.c:728:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scroll_args, "scroll 0 units");
data/staden-2.0.0+b11/gap4/consistency_display.c:854:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100];
data/staden-2.0.0+b11/gap4/consistency_display.c:933:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/consistency_display.c:990:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "moveto %f", fract);
data/staden-2.0.0+b11/gap4/consistency_display.c:1001:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c->win_list[win_num]->canvas->x = atoi(Tcl_GetStringResult(c->interp));
data/staden-2.0.0+b11/gap4/consistency_display.c:1083:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->win_list[i]->world->visible,
data/staden-2.0.0+b11/gap4/consistency_display.c:1104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[1024];
data/staden-2.0.0+b11/gap4/consistency_display.c:1115:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_array[CONS_RULER] = atoi(Tcl_GetVar(interp, config, TCL_GLOBAL_ONLY));
data/staden-2.0.0+b11/gap4/consistency_display.c:1120:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_array[CONS_TICKS] = atoi(Tcl_GetVar(interp, config, TCL_GLOBAL_ONLY));
data/staden-2.0.0+b11/gap4/consistency_display.c:1217:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->win_list[i]->world->total, c->orig_total, sizeof(d_box));
data/staden-2.0.0+b11/gap4/consistency_display.c:1219:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->win_list[i]->world->visible,
data/staden-2.0.0+b11/gap4/consistency_display.h:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap4/contigEditor.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *contig[2];
data/staden-2.0.0+b11/gap4/contigEditor.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *reading[2];
data/staden-2.0.0+b11/gap4/contigEditor.c:180:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/staden-2.0.0+b11/gap4/contigEditor.c:312:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var[1024];
data/staden-2.0.0+b11/gap4/contigEditor.c:399:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccut[10], qcut[10], rev[10], *edname, dbptr[50];
data/staden-2.0.0+b11/gap4/contigEditor.c:404:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ccut, "%d", (int)(con_cut * 100 + 0.1));
data/staden-2.0.0+b11/gap4/contigEditor.c:405:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qcut, "%d", qual_cut);
data/staden-2.0.0+b11/gap4/contigEditor.c:406:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rev, "%d", reveal_cutoffs);
data/staden-2.0.0+b11/gap4/contigEditor.c:412:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dbptr, "%p", (void *)DBI(xx));
data/staden-2.0.0+b11/gap4/contigEditor.c:540:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_io[10];
data/staden-2.0.0+b11/gap4/contigEditor.c:541:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c_io, "%d", *handle_io(io));
data/staden-2.0.0+b11/gap4/contigEditor.c:555:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edn[100];
data/staden-2.0.0+b11/gap4/contigEditor.c:556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccut[10], qcut[10], rev[10], dbptr[50];
data/staden-2.0.0+b11/gap4/contigEditor.c:563:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ccut, "%d", (int)(con_cut * 100 + 0.1));
data/staden-2.0.0+b11/gap4/contigEditor.c:564:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qcut, "%d", qual_cut);
data/staden-2.0.0+b11/gap4/contigEditor.c:604:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rev, "%d", reveal_cutoffs[0]);
data/staden-2.0.0+b11/gap4/contigEditor.c:605:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dbptr, "%p", (void *)DBI(xx[0]));
data/staden-2.0.0+b11/gap4/contigEditor.c:646:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rev, "%d", reveal_cutoffs[1]);
data/staden-2.0.0+b11/gap4/contigEditor.c:647:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dbptr, "%p", (void *)DBI(xx[1]));
data/staden-2.0.0+b11/gap4/contigEditor.c:731:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dbptr, "%p", (void *)DBI(xx[i]));
data/staden-2.0.0+b11/gap4/contig_order.c:1012:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/staden-2.0.0+b11/gap4/contig_order.c:1022:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", contig[i].dir);
data/staden-2.0.0+b11/gap4/contig_order.c:1027:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", *handle_io(io));
data/staden-2.0.0+b11/gap4/contig_order.c:1155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/contig_order.c:1257:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "contig_order_listbox %d ", *handle_io(io));
data/staden-2.0.0+b11/gap4/contig_selector.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/contig_selector.c:147:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inum = atoi(GetInterpResult());
data/staden-2.0.0+b11/gap4/contig_selector.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/contig_selector.c:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aname[1024], aele[50];
data/staden-2.0.0+b11/gap4/contig_selector.c:237:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(aele, "%d", i+1);
data/staden-2.0.0+b11/gap4/contig_selector.c:275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/contig_selector.c:560:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[100];
data/staden-2.0.0+b11/gap4/contig_selector.c:562:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024], str[5];
data/staden-2.0.0+b11/gap4/contig_selector.c:607:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[5];
data/staden-2.0.0+b11/gap4/contig_selector.c:746:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/contig_selector.c:749:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
win_ht = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/gap4/contig_selector.c:761:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->world->visible, cs->world->total, sizeof(d_box));
data/staden-2.0.0+b11/gap4/contig_selector.c:789:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/contig_selector.c:792:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
win_wd = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/gap4/contig_selector.c:963:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/contig_selector.c:1003:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Contig selector");
data/staden-2.0.0+b11/gap4/contig_selector.c:1089:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scroll_args[20];
data/staden-2.0.0+b11/gap4/contig_selector.c:1094:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scroll_args, "scroll 0 units");
data/staden-2.0.0+b11/gap4/contig_selector.c:1157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/contig_selector.c:1233:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "ContigParams %d", *handle_io(io));
data/staden-2.0.0+b11/gap4/contig_selector.h:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hori[100];
data/staden-2.0.0+b11/gap4/contig_selector.h:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vert[100];
data/staden-2.0.0+b11/gap4/contig_selector.h:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap4/contig_selector.h:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window[100];
data/staden-2.0.0+b11/gap4/copy_db.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/copy_db.c:114:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/copy_db.c:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[10];
data/staden-2.0.0+b11/gap4/copy_db.c:118:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "#%d", iter++);
data/staden-2.0.0+b11/gap4/copy_db.c:132:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "unknown.%d", (*num_unknowns)++);
data/staden-2.0.0+b11/gap4/copy_db.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_type[5];
data/staden-2.0.0+b11/gap4/copy_db.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rt, &r, sizeof(r));
data/staden-2.0.0+b11/gap4/copy_db.c:315:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&at, &a, sizeof(a));
data/staden-2.0.0+b11/gap4/copy_db.c:374:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nt, &n, sizeof(n));
data/staden-2.0.0+b11/gap4/copy_db.c:441:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vt, &v, sizeof(v));
data/staden-2.0.0+b11/gap4/copy_db.c:461:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tt, &t, sizeof(t));
data/staden-2.0.0+b11/gap4/copy_db.c:499:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&st, &s, sizeof(s));
data/staden-2.0.0+b11/gap4/copy_db.c:588:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/copy_db.c:610:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_fn[1024];
data/staden-2.0.0+b11/gap4/copy_db_main.c:53:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bitsize = atoi(optarg);
data/staden-2.0.0+b11/gap4/copy_db_main.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ans, buf[100];
data/staden-2.0.0+b11/gap4/copy_db_main.c:91:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf+strlen(to), ".aux");
data/staden-2.0.0+b11/gap4/copy_db_main.c:93:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf+strlen(to), ".BUSY");
data/staden-2.0.0+b11/gap4/cs-object.h:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagname[20];
data/staden-2.0.0+b11/gap4/cs-object.h:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour[COLOUR_LEN];
data/staden-2.0.0+b11/gap4/cs-object.h:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagname[20];
data/staden-2.0.0+b11/gap4/cs-object.h:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour[COLOUR_LEN];
data/staden-2.0.0+b11/gap4/cs-object.h:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagname[20];
data/staden-2.0.0+b11/gap4/cs-object.h:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour[COLOUR_LEN];
data/staden-2.0.0+b11/gap4/do_fij.c:37:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024],name1[10],name2[10];
data/staden-2.0.0+b11/gap4/do_fij.c:243:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name1,"%d",
data/staden-2.0.0+b11/gap4/do_fij.c:245:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name2,"%d",
data/staden-2.0.0+b11/gap4/do_fij.c:247:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/staden-2.0.0+b11/gap4/do_fij.c:377:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name1,"%d",
data/staden-2.0.0+b11/gap4/do_fij.c:379:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name2,"%d",
data/staden-2.0.0+b11/gap4/do_fij.c:381:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf," Possible join between contig %d "
data/staden-2.0.0+b11/gap4/dstrand.c:452:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gelname[DB_NAMELEN + 1];
data/staden-2.0.0+b11/gap4/dstrand.c:550:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(salbuf, albuf, *gel_l * 2 * sizeof(align_int));
data/staden-2.0.0+b11/gap4/edCommands.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spare[MAX_LINE_LENGTH+25];
data/staden-2.0.0+b11/gap4/edCommands.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char con[MAX_LINE_LENGTH+5], *consensus = &con[2];
data/staden-2.0.0+b11/gap4/edCommands.c:81:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(k,"%10d",lower);
data/staden-2.0.0+b11/gap4/edCommands.c:155:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen(fn,"w")) != NULL ) {
data/staden-2.0.0+b11/gap4/edCommands.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pads[BLOCK+1] = "********************";
data/staden-2.0.0+b11/gap4/edCommands.c:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CHUNKSIZE+1];
data/staden-2.0.0+b11/gap4/edInterface.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char consensus[2];
data/staden-2.0.0+b11/gap4/edInterface.c:567:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/edInterface.c:1270:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char types[8192], *cp;
data/staden-2.0.0+b11/gap4/edInterface.c:1473:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%*.*d", l1, l2, val);
data/staden-2.0.0+b11/gap4/edInterface.c:1475:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%*d", l1, val);
data/staden-2.0.0+b11/gap4/edInterface.c:1478:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%.*d", l2, val);
data/staden-2.0.0+b11/gap4/edInterface.c:1480:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%d", val);
data/staden-2.0.0+b11/gap4/edInterface.c:1486:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%*.*f", l1, l2, val);
data/staden-2.0.0+b11/gap4/edInterface.c:1488:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%*f", l1, val);
data/staden-2.0.0+b11/gap4/edInterface.c:1491:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%.*f", l2, val);
data/staden-2.0.0+b11/gap4/edInterface.c:1493:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%f", val);
data/staden-2.0.0+b11/gap4/edInterface.c:1499:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%*.*s", l1, l2, str);
data/staden-2.0.0+b11/gap4/edInterface.c:1504:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%.*s", l2, str);
data/staden-2.0.0+b11/gap4/edInterface.c:1526:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_buf[8192]; /* NB: no bounds checking! */
data/staden-2.0.0+b11/gap4/edInterface.c:1566:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
j += sprintf(&status_buf[j], "%c", "+-="[sense]);
data/staden-2.0.0+b11/gap4/edInterface.c:1643:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_buf[8192]; /* NB: no bounds checking! */
data/staden-2.0.0+b11/gap4/edInterface.c:1797:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[FILE_NAME_LENGTH];
data/staden-2.0.0+b11/gap4/edInterface.c:1798:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap4/edInterface.c:1877:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/edInterface.c:1909:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "(unknown)");
data/staden-2.0.0+b11/gap4/edInterface.c:1916:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/edInterface.c:1917:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d..%d",
data/staden-2.0.0+b11/gap4/edInterface.c:1926:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/gap4/edInterface.c:1959:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "ok");
data/staden-2.0.0+b11/gap4/edInterface.c:1983:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "(unknown)");
data/staden-2.0.0+b11/gap4/edInterface.c:1997:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/edInterface.c:2027:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "(unknown)");
data/staden-2.0.0+b11/gap4/edInterface.c:2051:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "(unknown)");
data/staden-2.0.0+b11/gap4/edInterface.c:2083:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_buf[8192]; /* NB: no bounds checking! */
data/staden-2.0.0+b11/gap4/edInterface.c:2409:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_buf[8192]; /* NB: no bounds checking! */
data/staden-2.0.0+b11/gap4/edInterface.c:2468:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/staden-2.0.0+b11/gap4/edInterface.c:2608:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_buf[8192];
data/staden-2.0.0+b11/gap4/edInterface.c:2649:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(status_buf, "Expected no. of errors between %d and %d is %.2f. "
data/staden-2.0.0+b11/gap4/edInterface.c:2669:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[1024];
data/staden-2.0.0+b11/gap4/edInterface.c:2694:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comment, "sequence %d %d", offset, length);
data/staden-2.0.0+b11/gap4/edMutations.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/edMutations.c:152:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(arr(ft_entry_ptr, fta, i).name, "%.*s",
data/staden-2.0.0+b11/gap4/edMutations.c:155:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(arr(ft_entry_ptr, fta, i).name, "CDS %d", ft_num);
data/staden-2.0.0+b11/gap4/edMutations.c:334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codon[3];
data/staden-2.0.0+b11/gap4/edMutations.c:365:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codon[3];
data/staden-2.0.0+b11/gap4/edMutations.c:921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[1024];
data/staden-2.0.0+b11/gap4/edMutations.c:1130:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(muts[fwd][pos]->tag_type_bot,
data/staden-2.0.0+b11/gap4/edMutations.c:1142:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(muts[fwd][pos]->tag_type_bot,
data/staden-2.0.0+b11/gap4/edMutations.c:1208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_DISPLAY_WIDTH+1];
data/staden-2.0.0+b11/gap4/edMutations.c:1237:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xx->status_lines[l].line, line, width);
data/staden-2.0.0+b11/gap4/edMutations.c:1321:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
codon_start = atoi(ele->value);
data/staden-2.0.0+b11/gap4/edMutations.c:1330:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
transl_table = atoi(ele->value);
data/staden-2.0.0+b11/gap4/edMutations.c:1569:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(muts[seq][refpos]->tag_type_top, t->tagrec.type.c, 4);
data/staden-2.0.0+b11/gap4/edMutations.c:1640:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
codon_start = atoi(ele->value);
data/staden-2.0.0+b11/gap4/edMutations.c:1649:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
transl_table = atoi(ele->value);
data/staden-2.0.0+b11/gap4/edMutations.c:1794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/staden-2.0.0+b11/gap4/edMutations.c:1805:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "Frame %d", 1+j%3);
data/staden-2.0.0+b11/gap4/edMutations.c:1806:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(arr(ft_entry_ptr, fta, i).name, "%.*s", DB_NAMELEN, name);
data/staden-2.0.0+b11/gap4/edStructs.h:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/staden-2.0.0+b11/gap4/edStructs.h:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_DISPLAY_WIDTH+1];
data/staden-2.0.0+b11/gap4/edStructs.h:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELEN+1];
data/staden-2.0.0+b11/gap4/edStructs.h:236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displayedConsensus[MAX_DISPLAY_WIDTH+1]; /* consensus */
data/staden-2.0.0+b11/gap4/edStructs.h:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_type_top[4];
data/staden-2.0.0+b11/gap4/edStructs.h:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_type_bot[4];
data/staden-2.0.0+b11/gap4/edUtils2.c:717:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, &xx->consensus[pos-1], width);
data/staden-2.0.0+b11/gap4/edUtils2.c:719:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qual, &xx->quality[pos-1],
data/staden-2.0.0+b11/gap4/edUtils2.c:733:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, xx->consensus, width);
data/staden-2.0.0+b11/gap4/edUtils2.c:735:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qual, xx->quality, width * sizeof(*qual));
data/staden-2.0.0+b11/gap4/edUtils2.c:930:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NAMELEN+1];
data/staden-2.0.0+b11/gap4/edUtils2.c:966:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/edUtils2.c:967:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[NAMELEN+1];
data/staden-2.0.0+b11/gap4/edUtils2.c:979:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tname, "(unknown)");
data/staden-2.0.0+b11/gap4/edUtils2.c:983:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tname, "(unknown)");
data/staden-2.0.0+b11/gap4/edUtils2.c:1040:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char params[100];
data/staden-2.0.0+b11/gap4/edUtils2.c:1046:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Contig editor @ %d",
data/staden-2.0.0+b11/gap4/edUtils2.c:1049:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Contig editor @ =%d",
data/staden-2.0.0+b11/gap4/edUtils2.c:1216:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(params, "Contig: %d",
data/staden-2.0.0+b11/gap4/edUtils2.c:1689:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[1024];
data/staden-2.0.0+b11/gap4/edUtils2.c:1691:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comment, "sequence %d %d",
data/staden-2.0.0+b11/gap4/edUtils2.c:1695:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comment, "sequence %d",
data/staden-2.0.0+b11/gap4/edUtils2.c:2057:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*clones)[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/edUtils2.c:2061:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
clones = (char (*)[DB_NAMELEN+1])xmalloc(count * sizeof(*clones));
data/staden-2.0.0+b11/gap4/edUtils2.c:2166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list, last_sorted, count * sizeof(*list));
data/staden-2.0.0+b11/gap4/edUtils2.c:2173:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(last_list, list, count * sizeof(*list));
data/staden-2.0.0+b11/gap4/edUtils2.c:2239:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(last_sorted, list, count * sizeof(*list));
data/staden-2.0.0+b11/gap4/edUtils2.c:2910:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_fname[FILE_NAME_LENGTH+1]; /* file name of trace */
data/staden-2.0.0+b11/gap4/edUtils2.c:2945:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[256];
data/staden-2.0.0+b11/gap4/edUtils2.c:2946:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_type[5];
data/staden-2.0.0+b11/gap4/edUtils2.c:3021:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(slist, seqList, i * sizeof(int));
data/staden-2.0.0+b11/gap4/extract.c:107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap4/extract.c:485:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "*new* %c", "+-"[r.sense]);
data/staden-2.0.0+b11/gap4/extract.c:621:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024], *tmp;
data/staden-2.0.0+b11/gap4/extract.c:650:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(path, "w+"))) {
data/staden-2.0.0+b11/gap4/f2c.c:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[100];
data/staden-2.0.0+b11/gap4/f2c.c:129:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(format, formatp, cp-formatp+1);
data/staden-2.0.0+b11/gap4/f2c.c:270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/staden-2.0.0+b11/gap4/f2c.c:271:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, data, *length_p);
data/staden-2.0.0+b11/gap4/f2c.c:273:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(tmp);
data/staden-2.0.0+b11/gap4/fij.c:25:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap4/fij.c:150:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/staden-2.0.0+b11/gap4/fij.c:184:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Find Internal Joins");
data/staden-2.0.0+b11/gap4/fij.c:328:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap4/fij.c:428:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Number of potential joins found %d", counter);
data/staden-2.0.0+b11/gap4/fij.c:443:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(FIJMatch->params, "Unknown at present");
data/staden-2.0.0+b11/gap4/find_oligo.c:33:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap4/find_oligo.c:153:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/staden-2.0.0+b11/gap4/find_oligo.c:174:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap4/find_oligo.c:238:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/staden-2.0.0+b11/gap4/find_oligo.c:272:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Find oligo");
data/staden-2.0.0+b11/gap4/find_oligo.c:412:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(find_oligo->params, "Unknown at present");
data/staden-2.0.0+b11/gap4/find_oligo.c:472:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char seq[1024];
data/staden-2.0.0+b11/gap4/find_oligo.c:579:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[1024];
data/staden-2.0.0+b11/gap4/find_oligo.c:580:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[10];
data/staden-2.0.0+b11/gap4/find_oligo.c:581:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[10];
data/staden-2.0.0+b11/gap4/find_oligo.c:654:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(title, "Match found between tag on contig "
data/staden-2.0.0+b11/gap4/find_oligo.c:660:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name1, "%d", io_clnbr(io, ABS(c1[cnt])));
data/staden-2.0.0+b11/gap4/find_oligo.c:661:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name2, "%d", io_clnbr(io, ABS(c2[cnt])));
data/staden-2.0.0+b11/gap4/find_oligo.c:751:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[1024];
data/staden-2.0.0+b11/gap4/find_oligo.c:752:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[10];
data/staden-2.0.0+b11/gap4/find_oligo.c:863:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name1, "%d", io_clnbr(io, ABS(c1[j])));
data/staden-2.0.0+b11/gap4/find_oligo.c:864:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(title, "Match found with contig %d read #%d "
data/staden-2.0.0+b11/gap4/find_repeats.c:23:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap4/find_repeats.c:143:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Repeat: %c#%d@%d with %c#%d@%d, len %d",
data/staden-2.0.0+b11/gap4/find_repeats.c:172:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Repeat search");
data/staden-2.0.0+b11/gap4/find_repeats.c:314:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(repeat->params, "Unknown at present");
data/staden-2.0.0+b11/gap4/gap-create.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auxfn[1024];
data/staden-2.0.0+b11/gap4/gap-create.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/staden-2.0.0+b11/gap4/gap-create.c:381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn_f[256], fn_t[256];
data/staden-2.0.0+b11/gap4/gap-create.c:389:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (ifd = open(fn_f, O_RDONLY | O_BINARY))) {
data/staden-2.0.0+b11/gap4/gap-create.c:393:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (ofd = open(fn_t, O_RDWR | O_TRUNC | O_CREAT | O_BINARY,
data/staden-2.0.0+b11/gap4/gap-create.c:434:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[256], to[256];
data/staden-2.0.0+b11/gap4/gap-dbstruct.c:48:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[1024];
data/staden-2.0.0+b11/gap4/gap-error.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/staden-2.0.0+b11/gap4/gap-error.c:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/staden-2.0.0+b11/gap4/gap-io.c:205:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(BUFFER,buf,len);
data/staden-2.0.0+b11/gap4/gap-local.c:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char files[GAP_FILES][1024];
data/staden-2.0.0+b11/gap4/gap-local.c:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fileps[GAP_FILES];
data/staden-2.0.0+b11/gap4/gap-tcl.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5]; \
data/staden-2.0.0+b11/gap4/gap-tcl.c:381:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:387:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = GT_Read(io, arr(GCardinal, io->annotations, atoi(argv[2])-1),
data/staden-2.0.0+b11/gap4/gap-tcl.c:412:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:418:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = GT_Read(io, arr(GCardinal, io->notes, atoi(argv[2])-1),
data/staden-2.0.0+b11/gap4/gap-tcl.c:443:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:449:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = GT_Read(io, arr(GCardinal, io->vectors, atoi(argv[2])-1),
data/staden-2.0.0+b11/gap4/gap-tcl.c:474:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:480:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = gel_read(io, atoi(argv[2]), r);
data/staden-2.0.0+b11/gap4/gap-tcl.c:504:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:510:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = GT_Read(io, arr(GCardinal, io->contigs, atoi(argv[2])-1),
data/staden-2.0.0+b11/gap4/gap-tcl.c:533:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:557:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:563:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = GT_Read(io, arr(GCardinal, io->templates, atoi(argv[2])-1),
data/staden-2.0.0+b11/gap4/gap-tcl.c:588:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:594:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = GT_Read(io, arr(GCardinal, io->clones, atoi(argv[2])-1),
data/staden-2.0.0+b11/gap4/gap-tcl.c:620:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:628:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = GT_Write(io, arr(GCardinal, io->annotations, atoi(argv[2])-1),
data/staden-2.0.0+b11/gap4/gap-tcl.c:652:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:660:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = GT_Write(io, arr(GCardinal, io->notes, atoi(argv[2])-1),
data/staden-2.0.0+b11/gap4/gap-tcl.c:684:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:692:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = GT_Write(io, arr(GCardinal, io->vectors, atoi(argv[2])-1),
data/staden-2.0.0+b11/gap4/gap-tcl.c:716:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:722:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:754:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:760:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:791:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:822:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:830:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = GT_Write(io, arr(GCardinal, io->templates, atoi(argv[2])-1),
data/staden-2.0.0+b11/gap4/gap-tcl.c:854:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:862:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = GT_Write(io, arr(GCardinal, io->clones, atoi(argv[2])-1),
data/staden-2.0.0+b11/gap4/gap-tcl.c:892:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:893:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rnum = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:916:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:917:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rnum = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:951:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:952:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
record = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:997:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:998:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
record = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:1179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(GCardinal, io->contigs),
data/staden-2.0.0+b11/gap4/gap-tcl.c:1182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(GCardinal, io->readings),
data/staden-2.0.0+b11/gap4/gap-tcl.c:1185:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(GCardinal, io->annotations),
data/staden-2.0.0+b11/gap4/gap-tcl.c:1188:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(GCardinal, io->templates),
data/staden-2.0.0+b11/gap4/gap-tcl.c:1191:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(GCardinal, io->clones),
data/staden-2.0.0+b11/gap4/gap-tcl.c:1194:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(GCardinal, io->vectors),
data/staden-2.0.0+b11/gap4/gap-tcl.c:1197:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(GCardinal, io->notes),
data/staden-2.0.0+b11/gap4/gap-tcl.c:1200:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(GCardinal, io->contig_order),
data/staden-2.0.0+b11/gap4/gap-tcl.c:1229:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:1270:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:1295:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:1320:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:1342:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/staden-2.0.0+b11/gap4/gap-tcl.c:1365:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:1390:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:1415:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:1441:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:1477:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:1484:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rec = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/gap-tcl.c:1509:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-thrash.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/gap-thrash.c:223:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/gap-thrash.c:253:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/gap-thrash.c:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/gap-thrash.c:361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/gap-thrash.c:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/gap-thrash2.c:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[T_MAX_READ_LEN+1];
data/staden-2.0.0+b11/gap4/gap-thrash2.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gel[4096+1];
data/staden-2.0.0+b11/gap4/gap-thrash2.c:93:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[T_MAX_READ_LEN+1];
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gel[4096+1];
data/staden-2.0.0+b11/gap4/gap-thrash2bug.c:89:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap-thrash3.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[T_MAX_READ_LEN+1];
data/staden-2.0.0+b11/gap4/gap-thrash3.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gel[4096+1];
data/staden-2.0.0+b11/gap4/gap-thrash3.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[T_MAX_READ_LEN+1];
data/staden-2.0.0+b11/gap4/gap-thrash3.c:198:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/gap_array.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_str[1024];
data/staden-2.0.0+b11/gap4/gap_array.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_ele_str[1024];
data/staden-2.0.0+b11/gap4/gap_array.c:26:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num_ele_str, "%d", num_elements);
data/staden-2.0.0+b11/gap4/gap_array.c:38:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(item_str, "%d", item);
data/staden-2.0.0+b11/gap4/gap_canvas_box.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/gap_canvas_box.c:80:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "moveto %.20f", fract);
data/staden-2.0.0+b11/gap4/gap_canvas_box.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/gap_canvas_box.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/gap_cli_arg.c:22:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int handle = atoi(val);
data/staden-2.0.0+b11/gap4/gap_cli_arg.c:30:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((int *)&store[a->offset]) = atoi(val);
data/staden-2.0.0+b11/gap4/gap_cli_arg.c:61:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset((char *)&((char *)store)[a->offset], 0, a->value); /* YUK */
data/staden-2.0.0+b11/gap4/gap_cli_arg.c:163:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset((char *)&((char *)store)[a->offset], 0, a->value); /* YUK */
data/staden-2.0.0+b11/gap4/gap_globals.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/gap_globals.c:89:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", note_db_count);
data/staden-2.0.0+b11/gap4/gap_globals.c:93:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d,type", i);
data/staden-2.0.0+b11/gap4/gap_globals.c:97:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d,id", i);
data/staden-2.0.0+b11/gap4/gap_globals.c:101:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d,dt", i);
data/staden-2.0.0+b11/gap4/gap_globals.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/io-reg.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], buf2[1024];
data/staden-2.0.0+b11/gap4/io-reg.c:122:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "> Register id=%d cnum=%d func=%p data=%p :%.900s",
data/staden-2.0.0+b11/gap4/io-reg.c:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], buf2[1024];
data/staden-2.0.0+b11/gap4/io-reg.c:229:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "> Deregister id=%d cnum=%d func=%p data=%p :%.900s",
data/staden-2.0.0+b11/gap4/io-reg.c:406:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/io-reg.c:414:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "> Register_join cfrom=%d cto=%d\n", cfrom, cto);
data/staden-2.0.0+b11/gap4/io-reg.c:487:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "> Register_join done");
data/staden-2.0.0+b11/gap4/io-reg.c:573:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap4/io-reg.c:619:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap4/io_utils.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[128];
data/staden-2.0.0+b11/gap4/io_utils.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[128];
data/staden-2.0.0+b11/gap4/io_utils.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/staden-2.0.0+b11/gap4/io_utils.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/io_utils.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/io_utils.c:141:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num = atoi(gel_name+1);
data/staden-2.0.0+b11/gap4/io_utils.c:152:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gel_num = atoi(gel_name+1);
data/staden-2.0.0+b11/gap4/io_utils.c:330:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*rargv)[j] = atoi(&listArgv[j][1]);
data/staden-2.0.0+b11/gap4/io_utils.c:333:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num = atoi(&listArgv[j][1]);
data/staden-2.0.0+b11/gap4/io_utils.c:435:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num = atoi(&listArgv[j][1]);
data/staden-2.0.0+b11/gap4/io_utils.c:443:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num = atoi(&listArgv[j][1]);
data/staden-2.0.0+b11/gap4/io_utils.c:607:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/io_utils.c:623:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/io_utils.c:636:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/io_utils.c:652:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/io_utils.c:661:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[1025];
data/staden-2.0.0+b11/gap4/io_utils.c:676:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[1025];
data/staden-2.0.0+b11/gap4/io_utils.c:691:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[1025];
data/staden-2.0.0+b11/gap4/join.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pads[BLOCK_SIZE+1] = "********************";
data/staden-2.0.0+b11/gap4/join.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/join.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name0[100];
data/staden-2.0.0+b11/gap4/join.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[100];
data/staden-2.0.0+b11/gap4/join.c:225:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name0, "#%d", xx0->DBi->DB[1].number);
data/staden-2.0.0+b11/gap4/join.c:226:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name1, "#%d", xx1->DBi->DB[1].number);
data/staden-2.0.0+b11/gap4/join.c:350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cons0, ol0, len0+1);
data/staden-2.0.0+b11/gap4/join.c:351:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cons1, ol1, len1+1);
data/staden-2.0.0+b11/gap4/join.c:426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name0[100];
data/staden-2.0.0+b11/gap4/join.c:427:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[100];
data/staden-2.0.0+b11/gap4/join.c:432:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name0, "%d", xx0->DBi->DB_contigNum);
data/staden-2.0.0+b11/gap4/join.c:433:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name1, "%d", xx1->DBi->DB_contigNum);
data/staden-2.0.0+b11/gap4/join.c:597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name0[100];
data/staden-2.0.0+b11/gap4/join.c:598:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[100];
data/staden-2.0.0+b11/gap4/join.c:603:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name0, "%d", xx0->DBi->DB_contigNum);
data/staden-2.0.0+b11/gap4/join.c:604:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name1, "%d", xx1->DBi->DB_contigNum);
data/staden-2.0.0+b11/gap4/legacy_f2c.c:80:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char csen[1];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:96:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char infod[80];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:136:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char infoud[80];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:1510:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char namid[40], infod[80];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:1959:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char p[1] = ",";
data/staden-2.0.0+b11/gap4/legacy_f2c.c:2729:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char csen[1];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:2740:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char infod[80];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:3163:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char com[1] = ",";
data/staden-2.0.0+b11/gap4/legacy_f2c.c:3164:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char as[1] = "*";
data/staden-2.0.0+b11/gap4/legacy_f2c.c:3267:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name1[15], name2[15];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:3272:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char infod[80];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:3516:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pad[1] = ",";
data/staden-2.0.0+b11/gap4/legacy_f2c.c:4641:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char infod[60];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:4644:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errmsg[333];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:4901:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pad[1] = "*";
data/staden-2.0.0+b11/gap4/legacy_f2c.c:5130:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dubbl[1*4] = "D" "B" "V" "H";
data/staden-2.0.0+b11/gap4/legacy_f2c.c:5291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch__1[1];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:5364:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char c__[6] = "CTAG*-";
data/staden-2.0.0+b11/gap4/legacy_f2c.c:5652:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dup[29] = "CTAG1234DVBHKLMNRY5678ctag*,-";
data/staden-2.0.0+b11/gap4/legacy_f2c.c:5813:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dc[1*8];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:5944:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char list1[1*12] = "C" "T" "A" "G" "c" "t" "a" "g" "e" "d" "f"
data/staden-2.0.0+b11/gap4/legacy_f2c.c:5946:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char list2[1*12] = "G" "A" "T" "C" "g" "a" "t" "c" "i" "f" "d"
data/staden-2.0.0+b11/gap4/legacy_f2c.c:5954:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[1];
data/staden-2.0.0+b11/gap4/legacy_f2c.c:6024:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dup[16] = "TCAG-RYWSMKHBVDN";
data/staden-2.0.0+b11/gap4/legacy_f2c.c:6025:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pup[26] = "CSTPAGNDEQBZHRKMILVFYW-X? ";
data/staden-2.0.0+b11/gap4/legacy_f2c.c:6026:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlow[16] = "tcag-rywsmkhbvdn";
data/staden-2.0.0+b11/gap4/legacy_f2c.c:6027:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char plow[26] = "cstpagndeqbzhrkmilvfyw-x? ";
data/staden-2.0.0+b11/gap4/list_proc.c:72:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_list[100];
data/staden-2.0.0+b11/gap4/list_proc.c:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], info[256];
data/staden-2.0.0+b11/gap4/newgap_cmds.c:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[DB_FILELEN], *p;
data/staden-2.0.0+b11/gap4/newgap_cmds.c:347:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1071:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1115:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "estimated length %d\n", length);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1158:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "estimated length %d\n",
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1161:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "observed length %d\n",
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/newgap_cmds.c:2131:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[i+1]);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:2655:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/newgap_cmds.c:2689:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inum = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:2717:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inum = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:2718:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
op = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:2767:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int inum = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:2982:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap4/newgap_cmds.c:2989:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{%d %d %d} ", type, num, c);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:3293:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (NULL == (buf = (char *)xmalloc(rargv[0].end - rargv[0].start + 2)))
data/staden-2.0.0+b11/gap4/newgap_cmds.c:3338:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
con = (char *)xmalloc((rargv[0].end - rargv[0].start + 2) *
data/staden-2.0.0+b11/gap4/newgap_cmds.c:3340:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
qualc = (char *)xmalloc((rargv[0].end - rargv[0].start + 2) *
data/staden-2.0.0+b11/gap4/newgap_cmds.c:3397:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
con = (char *)xmalloc((rargv[0].end - rargv[0].start + 2) *
data/staden-2.0.0+b11/gap4/newgap_cmds.c:3401:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
con1 = (char *)xmalloc((rargv[0].end - rargv[0].start + 2) *
data/staden-2.0.0+b11/gap4/newgap_cmds.c:3405:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
con2 = (char *)xmalloc((rargv[0].end - rargv[0].start + 2) *
data/staden-2.0.0+b11/gap4/newgap_cmds.c:3650:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap4/newgap_cmds.c:3652:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4046:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4256:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4262:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c_num = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4443:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(args.filename, "r"))) {
data/staden-2.0.0+b11/gap4/notedb.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_path[2000];
data/staden-2.0.0+b11/gap4/notedb.c:80:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp_path, "/NOTEDB");
data/staden-2.0.0+b11/gap4/notedb.h:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/staden-2.0.0+b11/gap4/notes.c:527:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&n2, &n1, sizeof(n1));
data/staden-2.0.0+b11/gap4/notes.c:793:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ident[100];
data/staden-2.0.0+b11/gap4/notes.c:794:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/notes.c:799:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ident, "#%d", num);
data/staden-2.0.0+b11/gap4/notes.c:803:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ident, "=%d", num);
data/staden-2.0.0+b11/gap4/notes.c:825:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1024];
data/staden-2.0.0+b11/gap4/notes.c:826:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/staden-2.0.0+b11/gap4/notes.c:883:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap4/notes.c:884:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctime[100], mtime[100];
data/staden-2.0.0+b11/gap4/notes.c:916:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
strp += sprintf(strp, "\nfrom=database");
data/staden-2.0.0+b11/gap4/notes.c:980:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_s[1024], name_s[1024];
data/staden-2.0.0+b11/gap4/oligo.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char verbosity[10]; /* space for string form of verbose */
data/staden-2.0.0+b11/gap4/oligo.c:432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[200];
data/staden-2.0.0+b11/gap4/oligo.c:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[100];
data/staden-2.0.0+b11/gap4/oligo.c:603:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char template_name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/oligo.c:689:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[100];
data/staden-2.0.0+b11/gap4/oligo.c:694:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statline[1024];
data/staden-2.0.0+b11/gap4/oligo.c:1028:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char status[100];
data/staden-2.0.0+b11/gap4/oligo.c:1118:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *REL_STR[8] = { "?","",">",">=","<","<=","<>","<=>" };
data/staden-2.0.0+b11/gap4/oligo.c:1429:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/staden-2.0.0+b11/gap4/oligo_sel.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *gelname, tmpbuf[100];
data/staden-2.0.0+b11/gap4/oligo_sel.c:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempname[DB_NAMELEN + 1];
data/staden-2.0.0+b11/gap4/oligo_sel.c:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbname[DB_FILELEN + 1], *cp;
data/staden-2.0.0+b11/gap4/oligo_sel.c:125:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(consensus, &con[olis-lreg], olilen);
data/staden-2.0.0+b11/gap4/oligo_sel.c:146:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oligo, &consensus[state->primers[choice].start],
data/staden-2.0.0+b11/gap4/oligo_sel.c:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[1024], *gelname, dbname[DB_FILELEN+1];
data/staden-2.0.0+b11/gap4/oligo_sel.c:359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempname[DB_NAMELEN+1], comment[MAXCOMLEN];
data/staden-2.0.0+b11/gap4/oligo_sel.c:435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[MAXCOMLEN];
data/staden-2.0.0+b11/gap4/parse_ft.h:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[20]; /* feature type in string form */
data/staden-2.0.0+b11/gap4/plot_quality.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/plot_quality.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char q_name[FRAME_LEN];
data/staden-2.0.0+b11/gap4/preass.c:99:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(cp);
data/staden-2.0.0+b11/gap4/preass.c:102:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sense = atoi(cp);
data/staden-2.0.0+b11/gap4/preass.c:232:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opos, si->origpos, sizeof(int2) * length);
data/staden-2.0.0+b11/gap4/preass.c:246:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conf, si->confidence, sizeof(int1) * length);
data/staden-2.0.0+b11/gap4/preass.c:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap4/preass.c:329:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(exp_get_entry(si->e, EFLT_SL));
data/staden-2.0.0+b11/gap4/preass.c:342:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = atoi(exp_get_entry(si->e, EFLT_SR));
data/staden-2.0.0+b11/gap4/preass.c:522:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fofn[1024];
data/staden-2.0.0+b11/gap4/primlib.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[256];
data/staden-2.0.0+b11/gap4/primlib.c:208:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->gc_clamp = atoi(tmpbuf);
data/staden-2.0.0+b11/gap4/primlib.c:210:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->max_poly_x = atoi(tmpbuf);
data/staden-2.0.0+b11/gap4/probe.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence[MAX_OLIGO_LEN+1];
data/staden-2.0.0+b11/gap4/probe.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oligo[MAX_OLIGO_LEN+1];
data/staden-2.0.0+b11/gap4/probe.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oligo[MAX_OLIGO_LEN+1], con_tmp[MAX_OLIGO_LEN];
data/staden-2.0.0+b11/gap4/probe.c:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scan[MAX_SCAN_REGION+1];
data/staden-2.0.0+b11/gap4/probe.c:268:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scan, &ci->con_item[contig-1][from], len);
data/staden-2.0.0+b11/gap4/probe.c:337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], *name;
data/staden-2.0.0+b11/gap4/probe.c:399:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %d", rejected);
data/staden-2.0.0+b11/gap4/qual.c:76:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char StringBuffer[200];
data/staden-2.0.0+b11/gap4/qual.c:79:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char q_lookup[3][3][2] = {
data/staden-2.0.0+b11/gap4/qual.c:472:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qual_ind[sizeof(qual_char)]={
data/staden-2.0.0+b11/gap4/qual.c:483:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qual_val[sizeof(qual_char)]={
data/staden-2.0.0+b11/gap4/qual.c:1061:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wdet_tab[256];
data/staden-2.0.0+b11/gap4/qualIO.c:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[100];
data/staden-2.0.0+b11/gap4/qualIO.c:241:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%g", err_rate);
data/staden-2.0.0+b11/gap4/qualP.h:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char q_lookup[3][3][2]; /* defined in qual.c */
data/staden-2.0.0+b11/gap4/quality_plot.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fieldName[100];
data/staden-2.0.0+b11/gap4/quality_plot.c:94:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fieldName, "TEMPLATE.QUALITY.BOTH_COLOUR");
data/staden-2.0.0+b11/gap4/quality_plot.c:96:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fieldName, "TEMPLATE.QUALITY.PLUS_COLOUR");
data/staden-2.0.0+b11/gap4/quality_plot.c:98:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fieldName, "TEMPLATE.QUALITY.MINUS_COLOUR");
data/staden-2.0.0+b11/gap4/quality_plot.c:100:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fieldName, "TEMPLATE.QUALITY.BAD_COLOUR");
data/staden-2.0.0+b11/gap4/quality_plot.c:102:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fieldName, "TEMPLATE.QUALITY.DISAGREE_COLOUR");
data/staden-2.0.0+b11/gap4/quality_plot.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/quality_plot.c:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000], *linep;
data/staden-2.0.0+b11/gap4/quality_plot.c:195:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
linep += sprintf(linep, "%11d", i+10);
data/staden-2.0.0+b11/gap4/quality_plot.c:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/quality_plot.c:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/quality_plot.c:436:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Calculate quality");
data/staden-2.0.0+b11/gap4/quality_plot.c:662:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/quality_plot.c:675:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->world->visible, q->world->total, sizeof(d_box));
data/staden-2.0.0+b11/gap4/quality_plot.c:731:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/quality_plot.c:786:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Calculate quality");
data/staden-2.0.0+b11/gap4/quality_plot.c:937:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scroll_args[20];
data/staden-2.0.0+b11/gap4/quality_plot.c:941:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scroll_args, "scroll 0 units");
data/staden-2.0.0+b11/gap4/quality_plot.h:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window[100];
data/staden-2.0.0+b11/gap4/quality_plot.h:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap4/quality_plot.h:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window[100];
data/staden-2.0.0+b11/gap4/quality_plot.h:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap4/reactions.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/reactions.c:437:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ap2, ap, sizeof(GAnnotations));
data/staden-2.0.0+b11/gap4/reactions.c:487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[5];
data/staden-2.0.0+b11/gap4/reactions.c:491:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char solution[100];
data/staden-2.0.0+b11/gap4/reading_coverage.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/reading_coverage.c:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/reading_coverage.c:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/reading_coverage.c:434:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/reading_coverage.c:442:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
canvas->y = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/gap4/reading_coverage.c:491:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Reading coverage histogram");
data/staden-2.0.0+b11/gap4/reading_coverage.c:556:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100];
data/staden-2.0.0+b11/gap4/reading_coverage.c:599:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/reading_coverage.h:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap4/reading_coverage.h:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_win[100];
data/staden-2.0.0+b11/gap4/reading_coverage.h:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour1[30]; /* forward */
data/staden-2.0.0+b11/gap4/reading_coverage.h:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour2[30]; /* reverse */
data/staden-2.0.0+b11/gap4/readpair.c:46:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap4/readpair.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/readpair.c:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_list[1024];
data/staden-2.0.0+b11/gap4/readpair.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_list[1024];
data/staden-2.0.0+b11/gap4/readpair.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c1_name[100];
data/staden-2.0.0+b11/gap4/readpair.c:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c2_name[100];
data/staden-2.0.0+b11/gap4/readpair.c:173:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(r_list, "%d %d", obj->read1, obj->read2);
data/staden-2.0.0+b11/gap4/readpair.c:235:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Read pair: %c#%d@%d with %c#%d@%d, len %d",
data/staden-2.0.0+b11/gap4/readpair.c:257:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Find read pairs");
data/staden-2.0.0+b11/gap4/readpair.c:529:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(template->params, "none");
data/staden-2.0.0+b11/gap4/readpair.c:560:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DB_NAMELEN + 1];
data/staden-2.0.0+b11/gap4/readpair_coverage.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/readpair_coverage.c:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/readpair_coverage.c:240:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/readpair_coverage.c:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/readpair_coverage.c:399:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
canvas->y = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/gap4/readpair_coverage.c:439:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Readpair coverage histogram");
data/staden-2.0.0+b11/gap4/readpair_coverage.c:505:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100];
data/staden-2.0.0+b11/gap4/readpair_coverage.c:548:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:293:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Restriction enzyme");
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:505:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:624:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Restriction enzymes");
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scroll_args[20];
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:782:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scroll_args, "scroll 0 units");
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:860:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:993:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1061:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->world->visible, r->world->total, sizeof(d_box));
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comments[1024];
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[4];
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1226:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item = atoi(item_str); /* convert to integer */
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1267:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%d", r->r_enzyme[item].cut_site[j]);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1281:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item = atoi(item_str); /* convert to integer */
data/staden-2.0.0+b11/gap4/restriction_enzymes.h:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window[100];
data/staden-2.0.0+b11/gap4/restriction_enzymes.h:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char names_win[100];
data/staden-2.0.0+b11/gap4/restriction_enzymes.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap4/restriction_enzymes.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap4/restriction_enzymes.h:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window[100];
data/staden-2.0.0+b11/gap4/ruler_display.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/ruler_display.c:60:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CArray[i].type, "{contig c_%d num_%d hl_%d S}",
data/staden-2.0.0+b11/gap4/ruler_display.c:62:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(CArray[i].arrow, "none");
data/staden-2.0.0+b11/gap4/ruler_display.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/searchUtils.c:77:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gel = atoi(s);
data/staden-2.0.0+b11/gap4/searchUtils.c:1051:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = positionInContig(xx,cseq,cpos) + atoi(text_pos);
data/staden-2.0.0+b11/gap4/searchUtils.c:1072:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = DB_RelPos(xx,cseq) + atoi(++text_pos) - 1;
data/staden-2.0.0+b11/gap4/searchUtils.c:1075:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(text_pos);
data/staden-2.0.0+b11/gap4/searchUtils.c:1148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SEARCH_CHUNKS+1];
data/staden-2.0.0+b11/gap4/searchUtils.c:1192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SEARCH_CHUNKS+1];
data/staden-2.0.0+b11/gap4/searchUtils.c:1238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SEARCH_CHUNKS+1];
data/staden-2.0.0+b11/gap4/searchUtils.c:1287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SEARCH_CHUNKS+1];
data/staden-2.0.0+b11/gap4/searchUtils.c:1763:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SEARCH_CHUNKS+1];
data/staden-2.0.0+b11/gap4/searchUtils.c:1802:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SEARCH_CHUNKS+1];
data/staden-2.0.0+b11/gap4/searchUtils.c:2135:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mismatches = atoi(p+1);
data/staden-2.0.0+b11/gap4/searchUtils.c:2140:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
where = atoi(p+1);
data/staden-2.0.0+b11/gap4/searchUtils.c:2168:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
found = findNextConsQual(xx, atoi(value));
data/staden-2.0.0+b11/gap4/searchUtils.c:2171:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
found = findNextDiscrepancy(xx, atoi(value));
data/staden-2.0.0+b11/gap4/searchUtils.c:2174:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
found = findNextConsDiscrep(xx, atoi(value));
data/staden-2.0.0+b11/gap4/searchUtils.c:2189:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mismatches = atoi(p+1);
data/staden-2.0.0+b11/gap4/searchUtils.c:2194:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
where = atoi(p+1);
data/staden-2.0.0+b11/gap4/searchUtils.c:2222:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
found = findPrevConsQual(xx, atoi(value));
data/staden-2.0.0+b11/gap4/searchUtils.c:2225:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
found = findPrevDiscrepancy(xx, atoi(value));
data/staden-2.0.0+b11/gap4/searchUtils.c:2228:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
found = findPrevConsDiscrep(xx, atoi(value));
data/staden-2.0.0+b11/gap4/seqInfo.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/staden-2.0.0+b11/gap4/seqInfo.c:246:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap4/seqInfo.c:269:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CS_from = atoi(&line[2+4+1]);
data/staden-2.0.0+b11/gap4/seqInfo.c:313:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"%d",left);
data/staden-2.0.0+b11/gap4/seqInfo.c:319:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"%d",left+len+1);
data/staden-2.0.0+b11/gap4/seqInfo.c:332:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"%d..%d",CS_from,CS_to);
data/staden-2.0.0+b11/gap4/seqInfo.c:339:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"%d",left+len+1);
data/staden-2.0.0+b11/gap4/seqInfo.c:352:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(arr(char *,e->entries[EFLT_TG],i)+5)+left,
data/staden-2.0.0+b11/gap4/seqInfo.c:462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_type[5];
data/staden-2.0.0+b11/gap4/seqInfo.c:525:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tag_type, "F---"); /* default */
data/staden-2.0.0+b11/gap4/seqInfo.c:527:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmp[1024];
data/staden-2.0.0+b11/gap4/seqInfo.c:533:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag_type, tag_db[t].id, 4);
data/staden-2.0.0+b11/gap4/seqInfo.c:539:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comment+9, "%06d", feat_num);
data/staden-2.0.0+b11/gap4/seqInfo.c:543:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comment+24, "%03d", ele_num);
data/staden-2.0.0+b11/gap4/seqInfo.c:692:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/seqInfo.c:729:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], *name;
data/staden-2.0.0+b11/gap4/seqInfo.c:757:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conf, si->confidence, sizeof(int1) * length);
data/staden-2.0.0+b11/gap4/seqInfo.c:777:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opos, si->origpos, sizeof(int2) * length);
data/staden-2.0.0+b11/gap4/shuffle_pads.c:485:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LLEN];
data/staden-2.0.0+b11/gap4/shuffle_pads.c:733:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&newseq[j], cl->mseg->seq, cl->mseg->length);
data/staden-2.0.0+b11/gap4/stack_dump.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[1024];
data/staden-2.0.0+b11/gap4/stack_dump.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1024];
data/staden-2.0.0+b11/gap4/stack_dump.c:186:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf1, "%lx", &sp[i]);
data/staden-2.0.0+b11/gap4/stack_dump.c:187:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%016lx %016lx %016lx %016lx",
data/staden-2.0.0+b11/gap4/stack_dump.c:193:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf1, "%2d(%2d)", frame, counter);
data/staden-2.0.0+b11/gap4/stack_dump.c:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024], *cp;
data/staden-2.0.0+b11/gap4/stack_dump.c:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/staden-2.0.0+b11/gap4/stack_dump.c:241:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "/usr/proc/bin/pstack %d\n", (int)getpid());
data/staden-2.0.0+b11/gap4/stop_codon.c:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/stop_codon.c:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rf[6];
data/staden-2.0.0+b11/gap4/stop_codon.c:243:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->world->visible, s->world->total, sizeof(d_box));
data/staden-2.0.0+b11/gap4/stop_codon.c:280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/stop_codon.c:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/stop_codon.c:499:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Stop codons");
data/staden-2.0.0+b11/gap4/stop_codon.c:567:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/stop_codon.c:582:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/stop_codon.c:653:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scroll_args[20];
data/staden-2.0.0+b11/gap4/stop_codon.c:657:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scroll_args, "scroll 0 units");
data/staden-2.0.0+b11/gap4/stop_codon.h:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window[100]; /* stop codon plot window */
data/staden-2.0.0+b11/gap4/stop_codon.h:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char names_win[100]; /* frame name window */
data/staden-2.0.0+b11/gap4/stop_codon.h:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100]; /* parent frame */
data/staden-2.0.0+b11/gap4/strand_coverage.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/strand_coverage.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/strand_coverage.c:218:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/strand_coverage.c:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/strand_coverage.c:442:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Strand coverage");
data/staden-2.0.0+b11/gap4/strand_coverage.h:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap4/strand_coverage.h:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_win[100];
data/staden-2.0.0+b11/gap4/strand_coverage.h:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour1[30];
data/staden-2.0.0+b11/gap4/strand_coverage.h:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour2[30];
data/staden-2.0.0+b11/gap4/tagEditor.c:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window[100]; /* Name of the tag editor window */
data/staden-2.0.0+b11/gap4/tagEditor.c:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array[100]; /* Name of the tag data array in tcl*/
data/staden-2.0.0+b11/gap4/tagEditor.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[256]; /* Name of the tag command in tcl */
data/staden-2.0.0+b11/gap4/tagEditor.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap4/tagEditor.c:235:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
te->sense = atoi(p);
data/staden-2.0.0+b11/gap4/tagEditor.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2], *pname;
data/staden-2.0.0+b11/gap4/tagEditor.c:294:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", sense);
data/staden-2.0.0+b11/gap4/tagU2.c:383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5], *comment;
data/staden-2.0.0+b11/gap4/tagU2.c:587:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[fn_len];
data/staden-2.0.0+b11/gap4/tagU2.c:588:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[l_line];
data/staden-2.0.0+b11/gap4/tagU2.c:602:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "r")))
data/staden-2.0.0+b11/gap4/tagU2.c:807:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char type[5];
data/staden-2.0.0+b11/gap4/tagU2.c:1784:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], com[100], n1[DB_NAMELEN+1], n2[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/tagU2.c:1808:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Repeat number %d, end 1", i);
data/staden-2.0.0+b11/gap4/tagU2.c:1819:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Repeat number %d, end 2", i);
data/staden-2.0.0+b11/gap4/tagdb.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, tmp_path[2000];
data/staden-2.0.0+b11/gap4/tagdb.c:84:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_path, "GTAGDB");
data/staden-2.0.0+b11/gap4/tagdb.h:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/staden-2.0.0+b11/gap4/template_display.c:502:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t_pos[cnt].t, t, sizeof(template_c));
data/staden-2.0.0+b11/gap4/template_display.c:888:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DB_NAMELEN + 1];
data/staden-2.0.0+b11/gap4/template_display.c:889:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[DB_NAMELEN + 1];
data/staden-2.0.0+b11/gap4/template_display.c:1090:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(TArray[cnt].arrow, "none");
data/staden-2.0.0+b11/gap4/template_display.c:1372:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(TArray[cnt].type, "{template te_%d c_%d S}",
data/staden-2.0.0+b11/gap4/template_display.c:1530:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(RArray[i].type, "{reading r_%d num_%d S}", i, contig_num);
data/staden-2.0.0+b11/gap4/template_display.c:1532:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(RArray[i].arrow, "first");
data/staden-2.0.0+b11/gap4/template_display.c:1534:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(RArray[i].arrow, "last");
data/staden-2.0.0+b11/gap4/template_display.c:1709:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/template_display.c:1768:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char old_contig_name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/template_display.c:1769:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char new_contig_name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap4/template_display.c:1770:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/template_display.c:1889:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/template_display.c:1897:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Template display");
data/staden-2.0.0+b11/gap4/template_display.c:1923:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "%d", *handle_io(io));
data/staden-2.0.0+b11/gap4/template_display.c:2061:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/template_display.c:2169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scroll_args[20];
data/staden-2.0.0+b11/gap4/template_display.c:2174:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scroll_args, "scroll 0 units");
data/staden-2.0.0+b11/gap4/template_display.c:2333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100];
data/staden-2.0.0+b11/gap4/template_display.c:2370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[1024];
data/staden-2.0.0+b11/gap4/template_display.c:2381:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_array[TEMPLATES] = atoi(Tcl_GetVar(interp, config, TCL_GLOBAL_ONLY));
data/staden-2.0.0+b11/gap4/template_display.c:2386:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_array[READINGS] = atoi(Tcl_GetVar(interp, config, TCL_GLOBAL_ONLY));
data/staden-2.0.0+b11/gap4/template_display.c:2391:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_array[MULTI_TEMPLATES] = atoi(Tcl_GetVar(interp, config,
data/staden-2.0.0+b11/gap4/template_display.c:2397:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_array[READ_PAIRS] = atoi(Tcl_GetVar(interp,config,TCL_GLOBAL_ONLY));
data/staden-2.0.0+b11/gap4/template_display.c:2402:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_array[RULER] = atoi(Tcl_GetVar(interp, config, TCL_GLOBAL_ONLY));
data/staden-2.0.0+b11/gap4/template_display.c:2407:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_array[TICKS] = atoi(Tcl_GetVar(interp, config, TCL_GLOBAL_ONLY));
data/staden-2.0.0+b11/gap4/template_display.c:2412:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_array[SPAN_READ_PAIRS] = atoi(Tcl_GetVar(interp,config,TCL_GLOBAL_ONLY));
data/staden-2.0.0+b11/gap4/template_display.c:2417:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_array[CONSIST_READ_PAIRS] = atoi(Tcl_GetVar(interp,config,TCL_GLOBAL_ONLY));
data/staden-2.0.0+b11/gap4/template_display.c:2423:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_array[CALC_CONTIG_POS] = atoi(Tcl_GetVar(interp,config,TCL_GLOBAL_ONLY));
data/staden-2.0.0+b11/gap4/template_display.c:2671:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/template_display.c:2800:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "SelectReadingList %d ", *handle_io(io));
data/staden-2.0.0+b11/gap4/template_display.c:2855:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[30];
data/staden-2.0.0+b11/gap4/template_display.c:2857:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024], str[5];
data/staden-2.0.0+b11/gap4/template_display.c:3117:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->world->visible, t->world->total, sizeof(d_box));
data/staden-2.0.0+b11/gap4/template_display.h:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap4/template_display.h:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window[100];
data/staden-2.0.0+b11/gap4/template_display.h:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_win[100];
data/staden-2.0.0+b11/gap4/tk-io-reg.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/tk-io-reg.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap4/tk-io-reg.c:225:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "result_list_update %d", *handle_io(io));
data/staden-2.0.0+b11/gap4/tk-io-reg.c:240:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/tk-io-reg.c:316:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/tk-io-reg.c:710:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[1024];
data/staden-2.0.0+b11/gap4/tk-io-reg.c:714:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "GENERIC ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:716:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "NUMBER_CHANGE ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:718:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "JOIN_TO ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:720:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "ORDER ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:722:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "LENGTH ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:724:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "QUERY_NAME ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:726:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "DELETE ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:728:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "GET_LOCK ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:730:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "SET_LOCK ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:732:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "COMPLEMENT ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:734:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "PARAMS ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:736:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "QUIT ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:738:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "CURSOR_NOTIFY ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:740:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "GET_OPS ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:742:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "INVOKE_OP ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:744:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "ANNO ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:746:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "REGISTER ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:748:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "DEREGISTER ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:750:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "HIGHLIGHT_READ ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:752:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "BUFFER_START ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:754:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "BUFFER_END ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:756:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "NOTE ");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:942:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/tk-io-reg.c:945:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{contig_num %d} ", contig);
data/staden-2.0.0+b11/gap4/tk-io-reg.c:950:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{number %d}",
data/staden-2.0.0+b11/gap4/tk-io-reg.c:956:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{contig %d} {offset %d}",
data/staden-2.0.0+b11/gap4/tk-io-reg.c:963:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{pos %d}",
data/staden-2.0.0+b11/gap4/tk-io-reg.c:969:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{length %d}",
data/staden-2.0.0+b11/gap4/tk-io-reg.c:989:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{lock %d}",
data/staden-2.0.0+b11/gap4/tk-io-reg.c:999:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{op %d}",
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1009:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job[1024];
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1015:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(job, "MOVE");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1053:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{seq %d} {val %d}",
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1072:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", crt->id);
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1081:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1025];
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1083:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.80s", Tcl_GetStringResult(crt->interp));
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1108:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1024s", Tcl_GetStringResult(crt->interp));
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1155:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp = find_contig_cursor(args.io, &cnum, atoi(reg_get_arg("id")));
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1160:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnum, atoi(reg_get_arg("id")));
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1165:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
abspos = atoi(reg_get_arg("abspos"));
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1178:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp->seq = atoi(reg_get_arg("seq"));
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1179:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp->pos = atoi(reg_get_arg("pos"));
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1181:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp->sent_by = atoi(reg_get_arg("sent_by"));
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1209:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rn.note = atoi(reg_get_arg("note"));
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1247:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *arg_names[100];
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1248:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *arg_values[100];
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1257:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char targs_a[8192];
data/staden-2.0.0+b11/gap4/tkAppInit.c:91:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lib, buf[1025];
data/staden-2.0.0+b11/gap4/tkAppInit.c:142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, c[10];
data/staden-2.0.0+b11/gap4/tkAppInit.c:151:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/gap4/tkAppInit.c:151:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/gap4/tkEdUtils.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap4/tkEdUtils.c:122:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %.20f %.20f",
data/staden-2.0.0+b11/gap4/tkEdUtils.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap4/tkEdUtils.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap4/tkEdUtils.c:229:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %.20f %.20f",
data/staden-2.0.0+b11/gap4/tkEdUtils.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/tkEdUtils.c:259:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %.20f %.20f", fract1, fract2);
data/staden-2.0.0+b11/gap4/tkEdUtils.c:324:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(paper_base, &paper_base[srcx-dstx],
data/staden-2.0.0+b11/gap4/tkEdUtils.c:326:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ink_base, &ink_base[srcx-dstx],
data/staden-2.0.0+b11/gap4/tkEdUtils.c:329:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&paper_base[dstx-srcx], paper_base,
data/staden-2.0.0+b11/gap4/tkEdUtils.c:331:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ink_base[dstx-srcx], ink_base,
data/staden-2.0.0+b11/gap4/tkEdUtils.c:453:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(k, "%10d", unpadded2);
data/staden-2.0.0+b11/gap4/tkEdUtils.c:474:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(k,"%10d",lower);
data/staden-2.0.0+b11/gap4/tkEdUtils.c:486:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(k, "%10d", unpadded);
data/staden-2.0.0+b11/gap4/tkEdUtils.c:637:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, buf[NAMELEN+2];
data/staden-2.0.0+b11/gap4/tkEdUtils.c:766:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/staden-2.0.0+b11/gap4/tkEdUtils.c:1034:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_str[MAX_DISPLAY_WIDTH+21];
data/staden-2.0.0+b11/gap4/tkEdUtils.c:1086:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blank[MAX_DISPLAY_WIDTH+1];
data/staden-2.0.0+b11/gap4/tkEdUtils.c:1298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spare[MAX_DISPLAY_WIDTH+1];
data/staden-2.0.0+b11/gap4/tkEdUtils.c:1699:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qual[MAX_DISPLAY_WIDTH];
data/staden-2.0.0+b11/gap4/tkEdUtils.c:1752:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp_msg[1025];
data/staden-2.0.0+b11/gap4/tkEdUtils.c:1832:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
edid = atoi(argv[1]);
data/staden-2.0.0+b11/gap4/tkEditor.c:356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/tkEditor.c:367:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.20f %.20f", f1, f2);
data/staden-2.0.0+b11/gap4/tkEditor.c:569:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode |= atoi(s_argv[0]) * SUPEREDIT_INS_READ;
data/staden-2.0.0+b11/gap4/tkEditor.c:570:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode |= atoi(s_argv[1]) * SUPEREDIT_DEL_READ;
data/staden-2.0.0+b11/gap4/tkEditor.c:571:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode |= atoi(s_argv[2]) * SUPEREDIT_INS_ANY_CON;
data/staden-2.0.0+b11/gap4/tkEditor.c:572:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode |= atoi(s_argv[3]) * SUPEREDIT_DEL_DASH_CON;
data/staden-2.0.0+b11/gap4/tkEditor.c:573:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode |= atoi(s_argv[4]) * SUPEREDIT_DEL_ANY_CON;
data/staden-2.0.0+b11/gap4/tkEditor.c:574:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode |= atoi(s_argv[5]) * SUPEREDIT_REPLACE_CON;
data/staden-2.0.0+b11/gap4/tkEditor.c:575:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode |= atoi(s_argv[6]) * SUPEREDIT_SHIFT_READ;
data/staden-2.0.0+b11/gap4/tkEditor.c:576:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode |= atoi(s_argv[7]) * SUPEREDIT_TRANSPOSE_ANY;
data/staden-2.0.0+b11/gap4/tkEditor.c:577:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode |= atoi(s_argv[8]) * SUPEREDIT_UPPERCASE;
data/staden-2.0.0+b11/gap4/tkEditor.c:578:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode |= atoi(s_argv[9]) * SUPEREDIT_MODIFY_CONF;
data/staden-2.0.0+b11/gap4/tkEditor.c:846:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
edSetCursorConsensus(ed->xx, atoi(argv[2]));
data/staden-2.0.0+b11/gap4/tkEditor.c:936:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
saveAnnotation(ed->xx, argv[2], argv[3], atoi(argv[4]));
data/staden-2.0.0+b11/gap4/tkEditor.c:1002:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[2]), atoi(argv[3]), atoi(argv[4]),
data/staden-2.0.0+b11/gap4/tkEditor.c:1002:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[2]), atoi(argv[3]), atoi(argv[4]),
data/staden-2.0.0+b11/gap4/tkEditor.c:1002:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[2]), atoi(argv[3]), atoi(argv[4]),
data/staden-2.0.0+b11/gap4/tkEditor.c:1003:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
argv[5], argv[6], atoi(argv[7]));
data/staden-2.0.0+b11/gap4/tkEditor.c:1046:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/tkEditor.c:1234:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[3]) /* sense */,
data/staden-2.0.0+b11/gap4/tkEditor.c:1235:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[4]) /* fwd */,
data/staden-2.0.0+b11/gap4/tkEditor.c:1236:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[5]) /* bwd */,
data/staden-2.0.0+b11/gap4/tkEditor.c:1237:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[6]) /* readlen */,
data/staden-2.0.0+b11/gap4/tkEditor.c:1288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/gap4/tkEditor.c:1303:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", num);
data/staden-2.0.0+b11/gap4/tkEditor.c:1307:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", ed->xx->cursorSeq);
data/staden-2.0.0+b11/gap4/tkEditor.c:1312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/gap4/tkEditor.c:1327:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", num);
data/staden-2.0.0+b11/gap4/tkEditor.c:1331:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", DB_Number(ed->xx, ed->xx->cursorSeq));
data/staden-2.0.0+b11/gap4/tkEditor.c:1443:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ed->xx->compare_trace_match = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/tkEditor.c:1444:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ed->xx->compare_trace_select = atoi(argv[3]);
data/staden-2.0.0+b11/gap4/tkEditor.c:1445:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ed->xx->compare_trace_algorithm = atoi(argv[4]);
data/staden-2.0.0+b11/gap4/tkEditor.c:1446:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ed->xx->compare_trace_yscale = atoi(argv[5]);
data/staden-2.0.0+b11/gap4/tkEditor.c:1500:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/gap4/tkEditor.c:1501:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", (int)(100 * ed->xx->con_cut + 0.1));
data/staden-2.0.0+b11/gap4/tkEditor.c:1519:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/gap4/tkEditor.c:1520:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", ed->xx->qual_cut);
data/staden-2.0.0+b11/gap4/tkEditor.c:1538:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/gap4/tkEditor.c:1539:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", ed->xx->diff_qual);
data/staden-2.0.0+b11/gap4/tkEditor.c:1557:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/gap4/tkEditor.c:1558:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", ed->xx->consensus_mode);
data/staden-2.0.0+b11/gap4/tkEditor.c:1583:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/gap4/tkEditor.c:1592:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d",
data/staden-2.0.0+b11/gap4/tkEditor.c:1616:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap4/tkEditor.c:1635:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.20f %d %d", perc, tgood, tbad);
data/staden-2.0.0+b11/gap4/tkEditor.c:1665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/gap4/tkEditor.c:1674:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", editsMade(ed->xx));
data/staden-2.0.0+b11/gap4/tkEditor.c:1718:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
edStatusAdd(ed->xx, atoi(argv[3]));
data/staden-2.0.0+b11/gap4/tkEditor.c:1720:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
edStatusDelete(ed->xx, atoi(argv[3]));
data/staden-2.0.0+b11/gap4/tkEditor.c:1731:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
edStatusTransMode(ed->xx, atoi(argv[2]));
data/staden-2.0.0+b11/gap4/tkEditor.c:1743:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
edShowQuality(ed->xx, atoi(argv[2]));
data/staden-2.0.0+b11/gap4/tkEditor.c:1754:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
edShowCQuality(ed->xx, atoi(argv[2]));
data/staden-2.0.0+b11/gap4/tkEditor.c:1764:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
edShowEdits(ed->xx, atoi(argv[2]));
data/staden-2.0.0+b11/gap4/tkEditor.c:1797:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/staden-2.0.0+b11/gap4/tkEditor.c:1799:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "#%d ", reads[i++]);
data/staden-2.0.0+b11/gap4/tkEditor.c:1807:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/staden-2.0.0+b11/gap4/tkEditor.c:1816:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", *handle_io(DBI_io(ed->xx)));
data/staden-2.0.0+b11/gap4/tkEditor.c:1822:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(argv[2]);
data/staden-2.0.0+b11/gap4/tkEditor.c:1861:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/staden-2.0.0+b11/gap4/tkEditor.c:1879:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", nviews);
data/staden-2.0.0+b11/gap4/tkEditor.c:1966:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flag_str[1024];
data/staden-2.0.0+b11/gap4/tkEditor.c:1981:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flag_str, "REFTRACE_NEG ");
data/staden-2.0.0+b11/gap4/tkEditor.c:1984:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flag_str, "REFTRACE_POS ");
data/staden-2.0.0+b11/gap4/tkEditor.c:1987:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flag_str, "REFSEQ ");
data/staden-2.0.0+b11/gap4/tman_cons.c:468:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[256];
data/staden-2.0.0+b11/gap4/tman_cons.c:469:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_type[5];
data/staden-2.0.0+b11/gap4/tman_cons.c:598:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/tman_cons.c:622:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Cons %d", cons_counter++);
data/staden-2.0.0+b11/gap4/tman_diff.c:230:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], name[1024];
data/staden-2.0.0+b11/gap4/tman_diff.c:251:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, " {diffs: #%d #%d}",
data/staden-2.0.0+b11/gap4/tman_diff.c:254:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, " {diffs: =%d #%d}",
data/staden-2.0.0+b11/gap4/tman_diff.c:263:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Diffs %d", diff_counter++);
data/staden-2.0.0+b11/gap4/tman_display.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/tman_display.c:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/tman_display.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqbuf[1024];
data/staden-2.0.0+b11/gap4/tman_display.c:216:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(seqbuf, "%d %d", small_seq, xx->lines_per_seq-1);
data/staden-2.0.0+b11/gap4/tman_display.c:267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/tman_display.h:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[FILE_NAME_LENGTH];
data/staden-2.0.0+b11/gap4/tman_display.h:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/staden-2.0.0+b11/gap4/tman_interface.c:815:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/gap4/tman_interface.c:829:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", cols);
data/staden-2.0.0+b11/gap4/tman_interface.c:1069:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *com_argv_tmp[5];
data/staden-2.0.0+b11/gap4/tman_interface.c:1086:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(command);
data/staden-2.0.0+b11/gap4/tman_interface.c:1135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/staden-2.0.0+b11/gap4/tman_interface.c:1259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *user_comment[4];
data/staden-2.0.0+b11/gap4/tman_interface.c:1310:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trace_pos = atoi(Tcl_GetStringResult(EDINTERP(xx->ed)));
data/staden-2.0.0+b11/gap4/tman_interface.c:1569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap4/undo.c:50:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ps->data.ptr, opos, len * 2);
data/staden-2.0.0+b11/gap4/undo.c:51:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ps->data.ptr + 2*len, bases, len);
data/staden-2.0.0+b11/gap4/undo.c:52:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ps->data.ptr + 3*len, conf, len);
data/staden-2.0.0+b11/gap4/undo.c:54:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ps->data.array, opos, len * 2);
data/staden-2.0.0+b11/gap4/undo.c:55:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ps->data.array + 2*len, bases, len);
data/staden-2.0.0+b11/gap4/undo.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ps->data.array + 3*len, conf, len);
data/staden-2.0.0+b11/gap4/undo.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array[sizeof(char *)];
data/staden-2.0.0+b11/gap4/vseqs.c:475:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_seq, vr->vseq->seq, len);
data/staden-2.0.0+b11/gap4/vseqs.c:476:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_conf, vr->vseq->conf, len);
data/staden-2.0.0+b11/gap5/ace.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[MAX_NAME];
data/staden-2.0.0+b11/gap5/ace.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rname[MAX_NAME];
data/staden-2.0.0+b11/gap5/ace.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rname[MAX_NAME];
data/staden-2.0.0+b11/gap5/ace.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rname[MAX_NAME];
data/staden-2.0.0+b11/gap5/ace.c:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chromat[MAX_NAME];
data/staden-2.0.0+b11/gap5/ace.c:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phd[MAX_NAME];
data/staden-2.0.0+b11/gap5/ace.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAX_NAME];
data/staden-2.0.0+b11/gap5/ace.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_LEN];
data/staden-2.0.0+b11/gap5/ace.c:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[256];
data/staden-2.0.0+b11/gap5/ace.c:305:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt, "%%%ds %%c %%d", MAX_NAME);
data/staden-2.0.0+b11/gap5/ace.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[256];
data/staden-2.0.0+b11/gap5/ace.c:319:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt, "%%%ds %%d %%d %%d", MAX_NAME);
data/staden-2.0.0+b11/gap5/ace.c:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME];
data/staden-2.0.0+b11/gap5/ace.c:459:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[1024];
data/staden-2.0.0+b11/gap5/ace.c:570:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq.seq, ai->rd.seq, ai->rd.nbases);
data/staden-2.0.0+b11/gap5/actf.c:78:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_RDONLY, 0)) != -1) {
data/staden-2.0.0+b11/gap5/actf.c:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[1024];
data/staden-2.0.0+b11/gap5/actf.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content[1024];
data/staden-2.0.0+b11/gap5/actf.c:246:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_CREAT | O_RDWR | O_TRUNC, 0666)) == -1) {
data/staden-2.0.0+b11/gap5/actf.c:256:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(content, "unknown");
data/staden-2.0.0+b11/gap5/actf.c:260:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(content, "unknown");
data/staden-2.0.0+b11/gap5/actf.c:264:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(content + namelen, " %d\n", (int)getpid());
data/staden-2.0.0+b11/gap5/actf.c:320:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lock_files[i].pathname, &lock_files[i+1].pathname,
data/staden-2.0.0+b11/gap5/afg.c:142:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long val = atol(value);
data/staden-2.0.0+b11/gap5/afg.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255];
data/staden-2.0.0+b11/gap5/afg.c:205:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tle->src = atol(value);
data/staden-2.0.0+b11/gap5/afg.c:207:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tle->off = atol(value);
data/staden-2.0.0+b11/gap5/afg.c:209:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tle->start = atol(value);
data/staden-2.0.0+b11/gap5/afg.c:211:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tle->end = atol(value);
data/staden-2.0.0+b11/gap5/afg.c:467:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq.seq, read, seq.len);
data/staden-2.0.0+b11/gap5/afg.c:470:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq.conf, qual, seq.len);
data/staden-2.0.0+b11/gap5/afg.c:581:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "r"))) {
data/staden-2.0.0+b11/gap5/auto_break.c:266:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[WS+2];
data/staden-2.0.0+b11/gap5/auto_break.c:288:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[WS+2];
data/staden-2.0.0+b11/gap5/auto_break.c:516:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filt, seq, len);
data/staden-2.0.0+b11/gap5/auto_break.c:640:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char legal_chars[256];
data/staden-2.0.0+b11/gap5/auto_break.c:700:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fseq, seq, len);
data/staden-2.0.0+b11/gap5/b+tree2.c:1172:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lines[1000000];
data/staden-2.0.0+b11/gap5/b+tree2.c:1174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/staden-2.0.0+b11/gap5/b+tree2.c:1176:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = argc == 1 ? stdin : fopen(argv[1], "r");
data/staden-2.0.0+b11/gap5/b+tree2.c:1200:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srandom(atoi(argv[2]));
data/staden-2.0.0+b11/gap5/b+tree2.h:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keys[BTREE_MAX+1];
data/staden-2.0.0+b11/gap5/baf.c:122:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char type[3];
data/staden-2.0.0+b11/gap5/baf.c:291:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ap = atoi(cp);
data/staden-2.0.0+b11/gap5/baf.c:299:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cleft = atoi(cp);
data/staden-2.0.0+b11/gap5/baf.c:304:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cright = atoi(cp);
data/staden-2.0.0+b11/gap5/baf.c:309:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dir = atoi(cp);
data/staden-2.0.0+b11/gap5/baf.c:314:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = atoi(cp);
data/staden-2.0.0+b11/gap5/baf.c:319:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mq = atoi(cp);
data/staden-2.0.0+b11/gap5/baf.c:387:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->seq, seq, len);
data/staden-2.0.0+b11/gap5/baf.c:390:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->conf, qual, (s->format == SEQ_FORMAT_CNF4 ? 4 : 1) * len);
data/staden-2.0.0+b11/gap5/baf.c:531:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
an_pos = atoi(loc+1);
data/staden-2.0.0+b11/gap5/baf.c:535:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
an_pos = last_cnt_pos + atoi(loc)-1;
data/staden-2.0.0+b11/gap5/baf.c:537:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
an_pos = last_cnt_pos - (atoi(loc)-1)
data/staden-2.0.0+b11/gap5/baf.c:538:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
- (len ? atoi(len)-1 : 0);
data/staden-2.0.0+b11/gap5/baf.c:541:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
an_pos = last_obj_pos + atoi(loc)-1;
data/staden-2.0.0+b11/gap5/baf.c:543:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
an_pos = last_obj_pos - (atoi(loc)-1)
data/staden-2.0.0+b11/gap5/baf.c:544:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
- (len ? atoi(len)-1 : 0);
data/staden-2.0.0+b11/gap5/baf.c:550:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r.end = an_pos + (len ? atoi(len)-1 : 0);
data/staden-2.0.0+b11/gap5/break_contig.c:1344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[1024], *cname_end;
data/staden-2.0.0+b11/gap5/break_contig.c:1391:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cname_end, "#%d", cid++);
data/staden-2.0.0+b11/gap5/caf.c:693:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*annotation)[*anno_count].start = atoi(anno_entry);
data/staden-2.0.0+b11/gap5/caf.c:697:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*annotation)[*anno_count].end = atoi(anno_entry);
data/staden-2.0.0+b11/gap5/caf.c:896:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qual->qual[i++] = (char) atoi(value);
data/staden-2.0.0+b11/gap5/caf.c:924:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lib_name[1024], lig_name[1024], *lig_str;
data/staden-2.0.0+b11/gap5/caf.c:1066:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_size = atoi(value);
data/staden-2.0.0+b11/gap5/caf.c:1069:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_size = atoi(cp+1);
data/staden-2.0.0+b11/gap5/caf.c:1167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq.seq, sq.seq, sq.s_len);
data/staden-2.0.0+b11/gap5/caf.c:1170:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq.conf, sq.qual, sq.s_len);
data/staden-2.0.0+b11/gap5/caf.c:1353:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
NULL == (fp = fopen(fn, "rb"))) {
data/staden-2.0.0+b11/gap5/check_assembly.c:135:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[160];
data/staden-2.0.0+b11/gap5/check_assembly.c:213:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/staden-2.0.0+b11/gap5/check_assembly.c:241:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Check Assembly");
data/staden-2.0.0+b11/gap5/check_assembly.c:402:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ca->params, "Unknown at present");
data/staden-2.0.0+b11/gap5/consen.c:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char standard_to_masked[256];
data/staden-2.0.0+b11/gap5/consen.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char standard_to_marked[256];
data/staden-2.0.0+b11/gap5/consen.c:57:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char marked_to_masked[256];
data/staden-2.0.0+b11/gap5/consen.c:58:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char masked_to_marked[256];
data/staden-2.0.0+b11/gap5/consen.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/staden-2.0.0+b11/gap5/consen.c:135:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(consensus, "<%.*s.%.*"PRIrec"%.*s>",
data/staden-2.0.0+b11/gap5/consen.c:693:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy ( hidden_seq,
data/staden-2.0.0+b11/gap5/consen.c:723:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (t_hidden_seq,
data/staden-2.0.0+b11/gap5/consen.c:841:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy ( hidden_seq,
data/staden-2.0.0+b11/gap5/consen.c:873:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (t_hidden_seq,
data/staden-2.0.0+b11/gap5/consen.c:985:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rseq[MAXGEL_PLUS], rcons[MAXGEL_PLUS];
data/staden-2.0.0+b11/gap5/consen.c:1009:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rcons, cons, MAXGEL_PLUS);
data/staden-2.0.0+b11/gap5/consen.c:1012:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rcons, cons, r[i].start + s->left-1 - start);
data/staden-2.0.0+b11/gap5/consen.c:1018:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rseq, s->seq + s->left-1 - MAXGEL_PLUS, MAXGEL_PLUS);
data/staden-2.0.0+b11/gap5/consen.c:1021:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rseq, s->seq, s->left-1);
data/staden-2.0.0+b11/gap5/consen.c:1078:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hidden_seq, &s->seq[lclip-1], ext);
data/staden-2.0.0+b11/gap5/consen.c:1239:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hidden_seq, &s->seq[rfrom], ext);
data/staden-2.0.0+b11/gap5/consen.c:1497:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy ( &consensus[contig_start], hidden_seq,
data/staden-2.0.0+b11/gap5/consen.c:1528:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy ( &consensus[*consensus_length], hidden_seq,
data/staden-2.0.0+b11/gap5/consen.c:1606:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
left_gel = atoi ( ++dot );
data/staden-2.0.0+b11/gap5/consen.c:1831:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], *name;
data/staden-2.0.0+b11/gap5/consen.c:1933:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[21];
data/staden-2.0.0+b11/gap5/consen.c:1934:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &seq[contig_ends[contig_index]], 20);
data/staden-2.0.0+b11/gap5/consen.c:1948:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[1024], *entry_name_ptr;
data/staden-2.0.0+b11/gap5/consen.c:1949:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap5/consensus.c:37:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char logodds2phred[256];
data/staden-2.0.0+b11/gap5/consensus.c:469:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&con[bstart - start], s->seq,
data/staden-2.0.0+b11/gap5/consensus.c:482:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(con, &s->seq[start - bstart],
data/staden-2.0.0+b11/gap5/consensus.c:2411:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[WLEN+1];
data/staden-2.0.0+b11/gap5/consensus.c:2424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cons[WLEN*4+1];
data/staden-2.0.0+b11/gap5/contig_extend.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cons[CSZ], new_cons[ESZ];
data/staden-2.0.0+b11/gap5/contig_selector.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/contig_selector.c:184:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inum = atoi(GetInterpResult());
data/staden-2.0.0+b11/gap5/contig_selector.c:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/contig_selector.c:274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aname[1024], aele[50];
data/staden-2.0.0+b11/gap5/contig_selector.c:276:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(aele, "%d", i+1);
data/staden-2.0.0+b11/gap5/contig_selector.c:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/contig_selector.c:589:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[100];
data/staden-2.0.0+b11/gap5/contig_selector.c:591:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024], str[5];
data/staden-2.0.0+b11/gap5/contig_selector.c:628:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[5];
data/staden-2.0.0+b11/gap5/contig_selector.c:747:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/contig_selector.c:750:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
win_ht = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/gap5/contig_selector.c:762:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->world->visible, cs->world->total, sizeof(d_box));
data/staden-2.0.0+b11/gap5/contig_selector.c:791:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/contig_selector.c:794:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
win_wd = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/gap5/contig_selector.c:964:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/contig_selector.c:1004:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Contig selector");
data/staden-2.0.0+b11/gap5/contig_selector.c:1090:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scroll_args[20];
data/staden-2.0.0+b11/gap5/contig_selector.c:1095:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scroll_args, "scroll 0 units");
data/staden-2.0.0+b11/gap5/contig_selector.h:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hori[100];
data/staden-2.0.0+b11/gap5/contig_selector.h:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vert[100];
data/staden-2.0.0+b11/gap5/contig_selector.h:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap5/contig_selector.h:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window[100];
data/staden-2.0.0+b11/gap5/cs-object.c:612:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(fn, "w");
data/staden-2.0.0+b11/gap5/cs-object.c:687:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192];
data/staden-2.0.0+b11/gap5/cs-object.c:692:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(fn, "r")))
data/staden-2.0.0+b11/gap5/cs-object.h:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagname[20];
data/staden-2.0.0+b11/gap5/cs-object.h:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour[COLOUR_LEN];
data/staden-2.0.0+b11/gap5/cs-object.h:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagname[20];
data/staden-2.0.0+b11/gap5/cs-object.h:181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour[COLOUR_LEN];
data/staden-2.0.0+b11/gap5/cs-object.h:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagname[20];
data/staden-2.0.0+b11/gap5/cs-object.h:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour[COLOUR_LEN];
data/staden-2.0.0+b11/gap5/depad_seq_tree.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, seq, next->pos - last);
data/staden-2.0.0+b11/gap5/depad_seq_tree.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, seq, slen-last);
data/staden-2.0.0+b11/gap5/depth_track.c:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64 + TCL_INTEGER_SPACE];
data/staden-2.0.0+b11/gap5/depth_track.c:238:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "wrong # coordinates: expected 2, got %d", objc);
data/staden-2.0.0+b11/gap5/depth_track.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64 + TCL_INTEGER_SPACE];
data/staden-2.0.0+b11/gap5/depth_track.c:255:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "wrong # coordinates: expected 0 or 2, got %d", objc);
data/staden-2.0.0+b11/gap5/dis_readings.c:700:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8192];
data/staden-2.0.0+b11/gap5/do_fij.c:496:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024],name1[10],name2[10];
data/staden-2.0.0+b11/gap5/do_fij.c:563:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/staden-2.0.0+b11/gap5/do_fij.c:602:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024],name1[10],name2[10];
data/staden-2.0.0+b11/gap5/do_fij.c:667:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/staden-2.0.0+b11/gap5/do_fij.c:850:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(contig_list_depadded,
data/staden-2.0.0+b11/gap5/editor_join.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/editor_join.c:325:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name0[100];
data/staden-2.0.0+b11/gap5/editor_join.c:326:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[100];
data/staden-2.0.0+b11/gap5/editor_join.c:476:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/staden-2.0.0+b11/gap5/editor_join.c:1832:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/staden-2.0.0+b11/gap5/editor_search.c:39:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(value+1);
data/staden-2.0.0+b11/gap5/editor_search.c:45:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(value+1);
data/staden-2.0.0+b11/gap5/editor_search.c:70:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(value);
data/staden-2.0.0+b11/gap5/editor_search.c:79:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int upos = atoi(value), ppos;
data/staden-2.0.0+b11/gap5/editor_search.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cons[WIN_WIDTH+1];
data/staden-2.0.0+b11/gap5/editor_search.c:108:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mismatches = atoi(p+1);
data/staden-2.0.0+b11/gap5/editor_search.c:111:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
where = atoi(p+1);
data/staden-2.0.0+b11/gap5/editor_search.c:271:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mismatches = atoi(p+1);
data/staden-2.0.0+b11/gap5/editor_search.c:274:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
where = atoi(p+1);
data/staden-2.0.0+b11/gap5/editor_search.c:387:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos, i, qval = atoi(value);
data/staden-2.0.0+b11/gap5/editor_search.c:456:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos, i, qval = atoi(value);
data/staden-2.0.0+b11/gap5/editor_search.c:535:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos, i, qval = atoi(value);
data/staden-2.0.0+b11/gap5/editor_view.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/editor_view.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/editor_view.c:134:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xx->reg_id = cp ? atoi(cp) : 0;
data/staden-2.0.0+b11/gap5/editor_view.c:277:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%*.*d", l1, l2, val);
data/staden-2.0.0+b11/gap5/editor_view.c:279:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%*d", l1, val);
data/staden-2.0.0+b11/gap5/editor_view.c:282:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%.*d", l2, val);
data/staden-2.0.0+b11/gap5/editor_view.c:284:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%d", val);
data/staden-2.0.0+b11/gap5/editor_view.c:303:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%*.*f", l1, l2, val);
data/staden-2.0.0+b11/gap5/editor_view.c:305:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%*f", l1, val);
data/staden-2.0.0+b11/gap5/editor_view.c:308:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%.*f", l2, val);
data/staden-2.0.0+b11/gap5/editor_view.c:310:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%f", val);
data/staden-2.0.0+b11/gap5/editor_view.c:316:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%*.*s", l1, l2, str);
data/staden-2.0.0+b11/gap5/editor_view.c:321:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%.*s", l2, str);
data/staden-2.0.0+b11/gap5/editor_view.c:328:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%*c", l1, chr);
data/staden-2.0.0+b11/gap5/editor_view.c:330:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*j += sprintf(buf + *j, "%c", chr);
data/staden-2.0.0+b11/gap5/editor_view.c:349:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char status_buf[8192]; /* NB: no bounds checking! */
data/staden-2.0.0+b11/gap5/editor_view.c:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap5/editor_view.c:480:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char status_buf[8192]; /* NB: no bounds checking! */
data/staden-2.0.0+b11/gap5/editor_view.c:559:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/editor_view.c:608:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[2];
data/staden-2.0.0+b11/gap5/editor_view.c:784:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char status_buf[8192]; /* NB: no bounds checking! */
data/staden-2.0.0+b11/gap5/editor_view.c:861:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[2];
data/staden-2.0.0+b11/gap5/editor_view.c:988:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3];
data/staden-2.0.0+b11/gap5/editor_view.c:1185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap5/editor_view.c:1191:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %.20f %.20f",
data/staden-2.0.0+b11/gap5/editor_view.c:1206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap5/editor_view.c:1210:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %.20f %.20f",
data/staden-2.0.0+b11/gap5/editor_view.c:1214:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %.20f %.20f",
data/staden-2.0.0+b11/gap5/editor_view.c:1232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/editor_view.c:1247:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %.20f %.20f", fract1, fract2);
data/staden-2.0.0+b11/gap5/editor_view.c:1256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap5/editor_view.c:1343:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srec[20], list[1024];
data/staden-2.0.0+b11/gap5/editor_view.c:1355:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return v ? atoi(v)+1 : 0;
data/staden-2.0.0+b11/gap5/editor_view.c:1373:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seq_a[MAX_SEQ_LEN+1], *seq = seq_a;
data/staden-2.0.0+b11/gap5/editor_view.c:1375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_DISPLAY_WIDTH+1], nline[MAX_NAME_WIDTH];
data/staden-2.0.0+b11/gap5/editor_view.c:1452:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq, s->seq, l);
data/staden-2.0.0+b11/gap5/editor_view.c:1634:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nline[1], s->name + xx->names_xPos,
data/staden-2.0.0+b11/gap5/editor_view.c:1704:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_DISPLAY_WIDTH];
data/staden-2.0.0+b11/gap5/editor_view.c:1793:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diff[MAX_DISPLAY_WIDTH+1];
data/staden-2.0.0+b11/gap5/editor_view.c:1880:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(k, "%10d", unpadded2);
data/staden-2.0.0+b11/gap5/editor_view.c:1904:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(k, "%10d", unpadded);
data/staden-2.0.0+b11/gap5/editor_view.c:1919:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(k,"%10d",lower);
data/staden-2.0.0+b11/gap5/editor_view.c:1938:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&k[i-(len-1)], "%.*d", len, rpos[i]);
data/staden-2.0.0+b11/gap5/editor_view.c:1953:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ruler[MAX_DISPLAY_WIDTH+21];
data/staden-2.0.0+b11/gap5/editor_view.c:2202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap5/editor_view.c:2239:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", pos);
data/staden-2.0.0+b11/gap5/editor_view.c:2897:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nline[MAX_NAME_WIDTH];
data/staden-2.0.0+b11/gap5/editor_view.c:3518:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s->seq+start, len);
data/staden-2.0.0+b11/gap5/editor_view.c:3556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cons0[1024], cons1[1024];
data/staden-2.0.0+b11/gap5/editor_view.c:3611:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cons0[1024], cons1[1024];
data/staden-2.0.0+b11/gap5/editor_view.h:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edname[20];
data/staden-2.0.0+b11/gap5/editor_view.h:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_win[WIN_NAME_SIZE];
data/staden-2.0.0+b11/gap5/editor_view.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_win[WIN_NAME_SIZE];
data/staden-2.0.0+b11/gap5/editor_view.h:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displayedConsensus[MAX_DISPLAY_WIDTH];
data/staden-2.0.0+b11/gap5/export_contigs.c:324:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char false_name[1024];
data/staden-2.0.0+b11/gap5/export_contigs.c:346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len_buf[100];
data/staden-2.0.0+b11/gap5/export_contigs.c:375:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(len_buf, "%d", len);
data/staden-2.0.0+b11/gap5/export_contigs.c:396:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(len_buf, "%d", len);
data/staden-2.0.0+b11/gap5/export_contigs.c:413:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap5/export_contigs.c:793:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap5/export_contigs.c:893:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rg_buf[1024];
data/staden-2.0.0+b11/gap5/export_contigs.c:1249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap5/export_contigs.c:1642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap5/export_contigs.c:1720:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap5/export_contigs.c:1774:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, *cp, name_buf[1024];
data/staden-2.0.0+b11/gap5/export_contigs.c:1779:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name_buf, s->name, s->name_len);
data/staden-2.0.0+b11/gap5/export_contigs.c:1857:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap5/export_contigs.c:2006:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap5/export_contigs.c:2316:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fn1[PATH_MAX], fn2[PATH_MAX];
data/staden-2.0.0+b11/gap5/export_contigs.c:2324:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp1 = fopen(fn1, "w")))
data/staden-2.0.0+b11/gap5/export_contigs.c:2326:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp2 = fopen(fn2, "w")))
data/staden-2.0.0+b11/gap5/export_contigs.c:2476:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "w"))) {
data/staden-2.0.0+b11/gap5/export_contigs.c:2624:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap5/export_contigs.c:2661:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char score[100];
data/staden-2.0.0+b11/gap5/export_contigs.c:2663:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gff_type[1024];
data/staden-2.0.0+b11/gap5/export_contigs.c:2750:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gff_type, "remark");
data/staden-2.0.0+b11/gap5/export_contigs.c:2766:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1024], val[8192];
data/staden-2.0.0+b11/gap5/export_contigs.c:2777:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(score, "%.10g", atof(val));
data/staden-2.0.0+b11/gap5/export_contigs.c:2868:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "w"))) {
data/staden-2.0.0+b11/gap5/export_snps.c:104:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ins[1024];
data/staden-2.0.0+b11/gap5/export_snps.c:327:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fn, "w");
data/staden-2.0.0+b11/gap5/fasta.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[BLK_SIZE];
data/staden-2.0.0+b11/gap5/fasta.c:122:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->name + pos, start, cp - start);
data/staden-2.0.0+b11/gap5/fij.c:30:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[160];
data/staden-2.0.0+b11/gap5/fij.c:148:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/staden-2.0.0+b11/gap5/fij.c:191:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Find Internal Joins");
data/staden-2.0.0+b11/gap5/fij.c:781:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap5/fij.c:875:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Number of potential joins found %d", counter);
data/staden-2.0.0+b11/gap5/find_oligo.c:37:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[160];
data/staden-2.0.0+b11/gap5/find_oligo.c:156:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/staden-2.0.0+b11/gap5/find_oligo.c:176:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[160];
data/staden-2.0.0+b11/gap5/find_oligo.c:254:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/staden-2.0.0+b11/gap5/find_oligo.c:287:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Find oligo");
data/staden-2.0.0+b11/gap5/find_oligo.c:461:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(find_oligo->params, "Unknown at present");
data/staden-2.0.0+b11/gap5/find_oligo.c:544:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char seq[1024];
data/staden-2.0.0+b11/gap5/find_oligo.c:653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[1024];
data/staden-2.0.0+b11/gap5/find_oligo.c:654:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[10];
data/staden-2.0.0+b11/gap5/find_oligo.c:655:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[10];
data/staden-2.0.0+b11/gap5/find_oligo.c:728:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(title, "Match found between tag on contig "
data/staden-2.0.0+b11/gap5/find_oligo.c:733:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name1, "%d", ABS(c1[cnt]));
data/staden-2.0.0+b11/gap5/find_oligo.c:734:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name2, "%d", ABS(c2[cnt]));
data/staden-2.0.0+b11/gap5/find_oligo.c:825:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[1024];
data/staden-2.0.0+b11/gap5/find_oligo.c:826:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[10];
data/staden-2.0.0+b11/gap5/find_oligo.c:957:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name1, "%"PRIrec"", ABS(c1[j]));
data/staden-2.0.0+b11/gap5/find_oligo.c:958:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(title, "Match found with contig #%"PRIrec
data/staden-2.0.0+b11/gap5/find_oligo.c:986:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/staden-2.0.0+b11/gap5/find_repeats.c:26:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[160];
data/staden-2.0.0+b11/gap5/find_repeats.c:135:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Repeat: %c=%"PRIrec"@%d with %c=%"PRIrec"@%d, len %d",
data/staden-2.0.0+b11/gap5/find_repeats.c:162:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Repeat search");
data/staden-2.0.0+b11/gap5/find_repeats.c:314:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(repeat->params, "Unknown at present");
data/staden-2.0.0+b11/gap5/g-alloc.c:122:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[24];
data/staden-2.0.0+b11/gap5/g-alloc.c:179:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[PB_SIZE];
data/staden-2.0.0+b11/gap5/g-alloc.c:252:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h2, header, 20);
data/staden-2.0.0+b11/gap5/g-alloc.c:407:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (fd = open(file, mode))) {
data/staden-2.0.0+b11/gap5/g-alloc.c:424:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (fd = open(file, O_RDWR|O_CREAT|O_TRUNC, 0666)))
data/staden-2.0.0+b11/gap5/g-alloc.c:899:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type[256];
data/staden-2.0.0+b11/gap5/g-alloc.c:900:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *comp_mode[4];
data/staden-2.0.0+b11/gap5/g-alloc.c:931:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/staden-2.0.0+b11/gap5/g-alloc.c:935:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, &prev, 4);
data/staden-2.0.0+b11/gap5/g-alloc.c:1066:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[256];
data/staden-2.0.0+b11/gap5/g-alloc.c:1079:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srand(atoi(argv[1]));
data/staden-2.0.0+b11/gap5/g-files.c:291:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (read_only || (gfile->fd = open(fndb,O_RDWR|O_BINARY)) == -1 )
data/staden-2.0.0+b11/gap5/g-files.c:292:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !read_only || (gfile->fd = open(fndb,O_RDONLY|O_BINARY)) == -1 )
data/staden-2.0.0+b11/gap5/g-files.c:296:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (read_only || (gfile->fdaux = open(fnaux,O_RDWR|O_BINARY)) == -1 )
data/staden-2.0.0+b11/gap5/g-files.c:297:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !read_only || (gfile->fdaux = open(fnaux,O_RDONLY|O_BINARY)) == -1 )
data/staden-2.0.0+b11/gap5/g-files.c:738:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (fd = open(gfile->fnaux, O_RDONLY|O_BINARY))) {
data/staden-2.0.0+b11/gap5/g-io.c:214:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recv, &rec, sizeof(rec));
data/staden-2.0.0+b11/gap5/g-io.c:273:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(headerv, &rec, sizeof(AuxHeader));
data/staden-2.0.0+b11/gap5/g-request.c:294:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, addr+image, in);
data/staden-2.0.0+b11/gap5/g-request.c:353:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset((char *)v[parti].buf+partj,'\0',v[parti].len-partj);
data/staden-2.0.0+b11/gap5/g-request.c:384:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v[parti].buf, addr+image+count, partj);
data/staden-2.0.0+b11/gap5/g-request.c:396:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset((char *)v[parti].buf+partj,'\0',v[parti].len-partj);
data/staden-2.0.0+b11/gap5/gap-error.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/staden-2.0.0+b11/gap5/gap-error.c:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/staden-2.0.0+b11/gap5/gap4_compat.c:195:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/gap5/gap4_compat.c:203:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "(unknown contig)");
data/staden-2.0.0+b11/gap5/gap4_compat.c:718:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/staden-2.0.0+b11/gap5/gap_canvas_box.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/gap_canvas_box.c:81:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "moveto %.20f", fract);
data/staden-2.0.0+b11/gap5/gap_canvas_box.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/gap_canvas_box.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/gap_cli_arg.c:26:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((int *)&store[a->offset]) = atoi(val);
data/staden-2.0.0+b11/gap5/gap_cli_arg.c:58:3: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(Tcl_GetStringFromObj(val, NULL));
data/staden-2.0.0+b11/gap5/gap_cli_arg.c:107:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset((char *)&((char *)store)[a->offset], 0, a->value); /* YUK */
data/staden-2.0.0+b11/gap5/gap_globals.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/gap_globals.c:90:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", note_db_count);
data/staden-2.0.0+b11/gap5/gap_globals.c:94:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d,type", i);
data/staden-2.0.0+b11/gap5/gap_globals.c:98:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d,id", i);
data/staden-2.0.0+b11/gap5/gap_globals.c:102:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d,dt", i);
data/staden-2.0.0+b11/gap5/gap_globals.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/gap_range.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[30];
data/staden-2.0.0+b11/gap5/gap_range.c:108:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "grange=%p", gr);
data/staden-2.0.0+b11/gap5/hache_table.c:341:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[100];
data/staden-2.0.0+b11/gap5/hache_table.c:345:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "%p", h);
data/staden-2.0.0+b11/gap5/hache_table.c:913:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hi->key, key, key_len);
data/staden-2.0.0+b11/gap5/hache_table.c:967:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hi->key, key, key_len);
data/staden-2.0.0+b11/gap5/hash_lib.c:1538:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overlap_out->S1, S1, n1*sizeof(*S1));
data/staden-2.0.0+b11/gap5/hash_lib.c:1539:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overlap_out->S2, S2, n2*sizeof(*S2));
data/staden-2.0.0+b11/gap5/import_gff.c:156:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gff->start = atoi(tmp);
data/staden-2.0.0+b11/gap5/import_gff.c:164:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gff->end = atoi(tmp);
data/staden-2.0.0+b11/gap5/import_gff.c:198:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gff->phase = isdigit(*tmp) ? atoi(tmp) : -1;
data/staden-2.0.0+b11/gap5/import_gff.c:270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_a[5];
data/staden-2.0.0+b11/gap5/import_gff.c:289:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type_a, "GF00");
data/staden-2.0.0+b11/gap5/import_gff.c:292:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int c = atoi(col);
data/staden-2.0.0+b11/gap5/import_gff.c:506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_GFF_LINE];
data/staden-2.0.0+b11/gap5/interval_tree.c:601:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
st = argc>1?atoi(argv[1]):500;
data/staden-2.0.0+b11/gap5/interval_tree.c:602:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
en = argc>2?atoi(argv[2]):st;
data/staden-2.0.0+b11/gap5/list_proc.c:78:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_list[100];
data/staden-2.0.0+b11/gap5/maq.c:107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[1024];
data/staden-2.0.0+b11/gap5/maq.c:149:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m128.seq, m64.seq, 64);
data/staden-2.0.0+b11/gap5/maq.c:162:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m128.name, m64.name, MAX_NAMELEN);
data/staden-2.0.0+b11/gap5/maq.c:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/staden-2.0.0+b11/gap5/maq.c:200:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "Contig=%d", cnum++);
data/staden-2.0.0+b11/gap5/maqmap.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAMELEN];
data/staden-2.0.0+b11/gap5/maqmap.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAMELEN];
data/staden-2.0.0+b11/gap5/mkdefs.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/staden-2.0.0+b11/gap5/newgap5_cmds.c:265:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inum = atoi(argv[2]);
data/staden-2.0.0+b11/gap5/newgap5_cmds.c:293:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inum = atoi(argv[1]);
data/staden-2.0.0+b11/gap5/newgap5_cmds.c:294:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
op = atoi(argv[2]);
data/staden-2.0.0+b11/gap5/newgap5_cmds.c:343:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int inum = atoi(argv[1]);
data/staden-2.0.0+b11/gap5/newgap5_cmds.c:392:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(args.filename, "r"))) {
data/staden-2.0.0+b11/gap5/newgap5_cmds.c:819:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/newgap5_cmds.c:1151:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (NULL == (buf = (char *)ckalloc(rargv[0].end - rargv[0].start + 2)))
data/staden-2.0.0+b11/gap5/notedb.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_path[2000];
data/staden-2.0.0+b11/gap5/notedb.c:80:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp_path, "/NOTEDB");
data/staden-2.0.0+b11/gap5/notedb.h:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/staden-2.0.0+b11/gap5/primlib.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[256];
data/staden-2.0.0+b11/gap5/primlib.c:237:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->gc_clamp = atoi(tmpbuf);
data/staden-2.0.0+b11/gap5/primlib.c:239:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args->max_poly_x = atoi(tmpbuf);
data/staden-2.0.0+b11/gap5/qual.c:77:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char StringBuffer[200];
data/staden-2.0.0+b11/gap5/qual.c:80:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char q_lookup[3][3][2] = {
data/staden-2.0.0+b11/gap5/qual.c:474:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qual_ind[sizeof(qual_char)]={
data/staden-2.0.0+b11/gap5/qual.c:485:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qual_val[sizeof(qual_char)]={
data/staden-2.0.0+b11/gap5/qual.c:1069:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wdet_tab[256];
data/staden-2.0.0+b11/gap5/qualIO.c:56:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gel_seq->gel_seq, s->seq, gel_seq->gel_length);
data/staden-2.0.0+b11/gap5/qualIO.c:60:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gel_seq->gel_conf, s->conf, gel_seq->gel_length);
data/staden-2.0.0+b11/gap5/qualIO.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[100];
data/staden-2.0.0+b11/gap5/qualIO.c:232:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%g", err_rate);
data/staden-2.0.0+b11/gap5/qualP.h:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char q_lookup[3][3][2]; /* defined in qual.c */
data/staden-2.0.0+b11/gap5/quality_plot.c:108:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/staden-2.0.0+b11/gap5/quality_plot.c:145:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/staden-2.0.0+b11/gap5/quality_plot.c:148:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "io=%p", io);
data/staden-2.0.0+b11/gap5/quality_plot.c:555:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64 + TCL_INTEGER_SPACE];
data/staden-2.0.0+b11/gap5/quality_plot.c:557:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "wrong # coordinates: expected 0 or 2, got %d", objc);
data/staden-2.0.0+b11/gap5/readpair.c:45:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200];
data/staden-2.0.0+b11/gap5/readpair.c:179:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Find read pairs");
data/staden-2.0.0+b11/gap5/readpair.c:392:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(template->params, "none");
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:260:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Restriction enzymes");
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scroll_args[20];
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:418:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scroll_args, "scroll 0 units");
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:563:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->world->visible, r->world->total, sizeof(d_box));
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:705:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comments[1024];
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:707:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[4];
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:729:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item = atoi(item_str); /* convert to integer */
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:770:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%d", r->r_enzyme[item].cut_site[j]);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:784:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item = atoi(item_str); /* convert to integer */
data/staden-2.0.0+b11/gap5/restriction_enzymes.h:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window[100];
data/staden-2.0.0+b11/gap5/restriction_enzymes.h:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char names_win[100];
data/staden-2.0.0+b11/gap5/restriction_enzymes.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap5/restriction_enzymes.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/gap5/restriction_enzymes.h:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window[100];
data/staden-2.0.0+b11/gap5/sam_index.c:354:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128], *ct;
data/staden-2.0.0+b11/gap5/sam_index.c:507:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128], *ct;
data/staden-2.0.0+b11/gap5/sam_index.c:509:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_line[8192], *out = max_line;
data/staden-2.0.0+b11/gap5/sam_index.c:603:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
out += sprintf(out, "%f", d);
data/staden-2.0.0+b11/gap5/sam_index.c:611:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
out += sprintf(out, "%g", d);
data/staden-2.0.0+b11/gap5/sam_index.c:676:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char str[8192];
data/staden-2.0.0+b11/gap5/sam_index.c:759:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, s+3, 4);
data/staden-2.0.0+b11/gap5/sam_index.c:761:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf((char *) cp, "%f", f);
data/staden-2.0.0+b11/gap5/sam_index.c:769:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, s+3, 8);
data/staden-2.0.0+b11/gap5/sam_index.c:771:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf((char *) cp, "%f", d);
data/staden-2.0.0+b11/gap5/sam_index.c:796:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char str[8192];
data/staden-2.0.0+b11/gap5/sam_index.c:891:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, s+3, 4);
data/staden-2.0.0+b11/gap5/sam_index.c:893:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf((char *) cp, "%f", f);
data/staden-2.0.0+b11/gap5/sam_index.c:901:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, s+3, 8);
data/staden-2.0.0+b11/gap5/sam_index.c:903:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf((char *) cp, "%f", d);
data/staden-2.0.0+b11/gap5/sam_index.c:940:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[8192];
data/staden-2.0.0+b11/gap5/sam_index.c:1057:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[1024];
data/staden-2.0.0+b11/gap5/sam_index.c:1187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s.sam_aux, aux, s.aux_len);
data/staden-2.0.0+b11/gap5/sam_index.c:1440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[1024];
data/staden-2.0.0+b11/gap5/sam_index.c:1450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *handle, aux_key[2];
data/staden-2.0.0+b11/gap5/sam_index.c:1588:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s.seq, bs->seq, s.len);
data/staden-2.0.0+b11/gap5/sam_index.c:1593:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s.conf, bs->conf, s.len);
data/staden-2.0.0+b11/gap5/sam_index.c:1603:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s.sam_aux, aux, s.aux_len);
data/staden-2.0.0+b11/gap5/sam_index.c:1682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_type[5];
data/staden-2.0.0+b11/gap5/sam_index.c:1765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_type[5];
data/staden-2.0.0+b11/gap5/sam_index.c:1828:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tokens[4], *cp, *tag_text, tag_type[5];
data/staden-2.0.0+b11/gap5/sam_index.c:1849:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tag_pos = ntok >= 2 ? atoi(tokens[1]) : 0;
data/staden-2.0.0+b11/gap5/sam_index.c:1850:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tag_len = ntok >= 3 ? atoi(tokens[2]) : 0;
data/staden-2.0.0+b11/gap5/sam_pileup.c:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tab[256][2];
data/staden-2.0.0+b11/gap5/sam_pileup.c:584:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strand_char[2][256];
data/staden-2.0.0+b11/gap5/sam_pileup.c:597:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[MAX_DEPTH*3], *sp = seq, qual[MAX_DEPTH], *qp = qual;
data/staden-2.0.0+b11/gap5/sam_pileup.c:598:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_DEPTH*2+100], *cp = buf;
data/staden-2.0.0+b11/gap5/sam_pileup.c:625:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, seq, sp-seq); cp += sp-seq; *cp++ = '\t';
data/staden-2.0.0+b11/gap5/sam_pileup.c:626:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, qual, qp-qual); cp += qp-qual; *cp++ = '\0';
data/staden-2.0.0+b11/gap5/sam_pileup.c:638:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[MAX_DEPTH*3], *sp = seq, qual[MAX_DEPTH], *qp = qual;
data/staden-2.0.0+b11/gap5/sam_pileup.c:639:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_DEPTH*4+100], *cp = buf, *rp;
data/staden-2.0.0+b11/gap5/shuffle_pads.c:779:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LLEN];
data/staden-2.0.0+b11/gap5/shuffle_pads.c:1202:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newseq, s->seq, s->left-1);
data/staden-2.0.0+b11/gap5/shuffle_pads.c:1203:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newconf, s->conf, s->left-1);
data/staden-2.0.0+b11/gap5/shuffle_pads.c:1205:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&newseq[s->left-1], cl->mseg->seq, cl->mseg->length);
data/staden-2.0.0+b11/gap5/shuffle_pads.c:1342:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sorig, s, sizeof(seq_t));
data/staden-2.0.0+b11/gap5/shuffle_pads.c:1353:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sorig->name, s->name, s->name_len+1);
data/staden-2.0.0+b11/gap5/shuffle_pads.c:1355:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sorig->trace_name, s->trace_name, s->trace_name_len+1);
data/staden-2.0.0+b11/gap5/shuffle_pads.c:1357:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sorig->alignment, s->alignment, s->alignment_len+1);
data/staden-2.0.0+b11/gap5/shuffle_pads.c:1358:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sorig->seq, s->seq, ABS(s->len));
data/staden-2.0.0+b11/gap5/shuffle_pads.c:1359:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sorig->conf, s->conf, ABS(s->len));
data/staden-2.0.0+b11/gap5/shuffle_pads.c:2214:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(comment, "SNPs=%d\nAvg. depth=%5.1f\n"
data/staden-2.0.0+b11/gap5/shuffle_pads.c:2222:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(comment, "Consensus N");
data/staden-2.0.0+b11/gap5/shuffle_pads.c:3005:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[ADAPTER_WORD+1];
data/staden-2.0.0+b11/gap5/stack_dump.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[1024];
data/staden-2.0.0+b11/gap5/stack_dump.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1024];
data/staden-2.0.0+b11/gap5/stack_dump.c:186:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf1, "%lx", &sp[i]);
data/staden-2.0.0+b11/gap5/stack_dump.c:187:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%016lx %016lx %016lx %016lx",
data/staden-2.0.0+b11/gap5/stack_dump.c:193:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf1, "%2d(%2d)", frame, counter);
data/staden-2.0.0+b11/gap5/stack_dump.c:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024], *cp;
data/staden-2.0.0+b11/gap5/stack_dump.c:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/staden-2.0.0+b11/gap5/stack_dump.c:241:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "/usr/proc/bin/pstack %d\n", (int)getpid());
data/staden-2.0.0+b11/gap5/tag_plot.c:498:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap5/tag_plot.c:648:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64 + TCL_INTEGER_SPACE];
data/staden-2.0.0+b11/gap5/tag_plot.c:650:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "wrong # coordinates: expected 2, got %d", objc);
data/staden-2.0.0+b11/gap5/tag_plot.c:665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64 + TCL_INTEGER_SPACE];
data/staden-2.0.0+b11/gap5/tag_plot.c:667:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "wrong # coordinates: expected 0 or 2, got %d", objc);
data/staden-2.0.0+b11/gap5/tagdb.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, tmp_path[2000];
data/staden-2.0.0+b11/gap5/tagdb.c:84:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_path, "GTAGDB");
data/staden-2.0.0+b11/gap5/tagdb.h:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/staden-2.0.0+b11/gap5/template_display.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64 + TCL_INTEGER_SPACE];
data/staden-2.0.0+b11/gap5/template_display.c:280:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "wrong # coordinates: expected 2, got %d", objc);
data/staden-2.0.0+b11/gap5/template_display.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64 + TCL_INTEGER_SPACE];
data/staden-2.0.0+b11/gap5/template_display.c:297:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "wrong # coordinates: expected 0 or 2, got %d", objc);
data/staden-2.0.0+b11/gap5/template_draw.c:37:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[sizeof(short)];
data/staden-2.0.0+b11/gap5/tg_anno.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stype[5];
data/staden-2.0.0+b11/gap5/tg_anno.c:408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[5];
data/staden-2.0.0+b11/gap5/tg_bin.c:1633:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(int, fake->data), depth, bin->size * sizeof(int));
data/staden-2.0.0+b11/gap5/tg_bin.c:1667:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(int, track->data), ArrayBase(int, child->data),
data/staden-2.0.0+b11/gap5/tg_cache.c:2364:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(scaffold_member_t, c->contig),
data/staden-2.0.0+b11/gap5/tg_cache.c:2690:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key1[100], key2[100];
data/staden-2.0.0+b11/gap5/tg_cache.c:2705:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key1, "%p-%d", item, ci->hi->ref_count-1 - ci->updated);
data/staden-2.0.0+b11/gap5/tg_cache.c:2706:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key2, "%p-%d", new, ci->hi->ref_count-1 - ci->updated);
data/staden-2.0.0+b11/gap5/tg_cache.c:2733:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[100];
data/staden-2.0.0+b11/gap5/tg_cache.c:2746:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "%p-%d", &ci->data, ci->hi->ref_count - ci->updated);
data/staden-2.0.0+b11/gap5/tg_cache.c:2758:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[100];
data/staden-2.0.0+b11/gap5/tg_cache.c:2766:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "%p-%d", &ci->data, ci->hi->ref_count-1 - ci->updated);
data/staden-2.0.0+b11/gap5/tg_cache.c:2832:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ci_new, ci, sizeof(*ci) + ci->data_size);
data/staden-2.0.0+b11/gap5/tg_cache.c:2869:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(int, s->anno),
data/staden-2.0.0+b11/gap5/tg_cache.c:2887:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(scaffold_member_t, f->contig),
data/staden-2.0.0+b11/gap5/tg_cache.c:2925:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(contig_link_t, c->link),
data/staden-2.0.0+b11/gap5/tg_cache.c:2946:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(range_t, nb->rng),
data/staden-2.0.0+b11/gap5/tg_cache.c:2953:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(bin_track_t, nb->track),
data/staden-2.0.0+b11/gap5/tg_cache.c:2967:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(char, nb->data),
data/staden-2.0.0+b11/gap5/tg_cache.c:3005:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(char, na->ele),
data/staden-2.0.0+b11/gap5/tg_cache.c:3048:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sub_new, sub_ci, sizeof(*ci) + sub_ci->data_size);
data/staden-2.0.0+b11/gap5/tg_cache.c:3057:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(int, s->anno),
data/staden-2.0.0+b11/gap5/tg_cache.c:3083:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sub_new, sub_ci, sizeof(*ci) + sub_ci->data_size);
data/staden-2.0.0+b11/gap5/tg_cache.c:3092:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(scaffold_member_t, f->contig),
data/staden-2.0.0+b11/gap5/tg_cache.c:3120:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sub_new, sub_ci, sizeof(*ci) + sub_ci->data_size);
data/staden-2.0.0+b11/gap5/tg_cache.c:3127:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(contig_link_t, c->link),
data/staden-2.0.0+b11/gap5/tg_cache.c:3161:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sub_new, sub_ci, sizeof(*ci) + sub_ci->data_size);
data/staden-2.0.0+b11/gap5/tg_cache.c:3268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[100];
data/staden-2.0.0+b11/gap5/tg_cache.c:3277:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "%p-%d", &ci->data, ci->hi->ref_count - ci->updated);
data/staden-2.0.0+b11/gap5/tg_cache.c:3297:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "%p-%d", &ci->data, ci->hi->ref_count - ci->updated);
data/staden-2.0.0+b11/gap5/tg_check.c:48:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char isbase[256], init_done = 0;
data/staden-2.0.0+b11/gap5/tg_contig.c:1940:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char n2[1024];
data/staden-2.0.0+b11/gap5/tg_contig.c:1942:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(n2, "%.*s", name_len, name);
data/staden-2.0.0+b11/gap5/tg_contig.c:2330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char template1[2048];
data/staden-2.0.0+b11/gap5/tg_contig.c:2331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char template2[2048];
data/staden-2.0.0+b11/gap5/tg_contig.c:5304:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gv = fopen(fn, "w+");
data/staden-2.0.0+b11/gap5/tg_contig.c:5436:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(fn, "w+");
data/staden-2.0.0+b11/gap5/tg_gio.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_buf[1024];
data/staden-2.0.0+b11/gap5/tg_gio.c:66:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logfn, fn, name_len + 1);
data/staden-2.0.0+b11/gap5/tg_gio.c:73:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(logfn + name_len, ".log");
data/staden-2.0.0+b11/gap5/tg_gio.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data, size);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:140:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, cdata, csize);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1031:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[2];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1250:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbfn[1024];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auxfn[1024];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1629:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(*db)*2], *cp = buf;
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1862:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->name, cp, nlen);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1904:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, c->name, nlen);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2032:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ci->data, ar, sizeof(*ar));
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->comment, cp, comment_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2139:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[1024], *cp = block, *cpstart;
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, e->comment, comment_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2303:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lib, &l, sizeof(l));
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2325:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cpstart[LIB_BINS*5*3+100], *cp = cpstart;
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2329:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[2];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2389:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *cp[12], *cp_orig[12], *out;
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2605:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, cp_orig[i], len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2640:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *cp[12], *zpacked = NULL;
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, fmt[2];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3230:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "/tmp/jkb/rng.%d", bin->rec);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3231:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3306:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cpstart[12*5+2], *cp = cpstart;
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3329:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3330:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "/tmp/jkb/bin.%d", bin->rec);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3331:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3583:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(char, track->data), cp,
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3624:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, ArrayBase(char, track->data),
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3790:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq->data, cp, len - (cp-buf));
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3899:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[1024], *cp = block, *cpstart;
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3900:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char base2val_maq[256] = { /* ACGT => 0123, else 9 */
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3919:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char base2val_cnf1[256] = { /* ACGTN* => 012345, else 4 */
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4547:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->name, cp, s->name_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4565:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->name, cp, s->name_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4583:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2->name, cp, s2->name_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4595:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->seq[i]->name, cp, b->seq[i]->name_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4607:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->seq[i]->trace_name, b->seq[i]->name, tlen);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4608:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&b->seq[i]->trace_name[tlen], cp,
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4619:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->seq[i]->alignment, cp, b->seq[i]->alignment_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4628:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->seq[i]->seq, cp, ABS(b->seq[i]->len));
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4640:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->conf, cp, ABS(s->len));
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4655:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->conf, cp, ABS(s->len));
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4668:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2->conf, cp, ABS(s2->len));
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4679:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->seq[i]->conf, cp, ABS(b->seq[i]->len));
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4694:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->seq[i]->sam_aux, cp, b->seq[i]->aux_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4723:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *out[19], *out_start[19], *out_malloc;
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4727:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[2];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4828:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[12], s->name, s->name_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4835:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
0 == memcpy(s->trace_name, s->name, s->name_len))) {
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4847:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[13], &s->trace_name[j], s->trace_name_len-j);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4855:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[14], s->alignment, s->alignment_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4861:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[18], s->sam_aux, s->aux_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4869:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[15], s->seq, ABS(s->len)); out[15] += ABS(s->len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4872:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[15], s->seq, ABS(s->len)); out[15] += ABS(s->len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4881:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[16], s->conf, ABS(s->len)); out[16] += ABS(s->len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4931:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[16], s->conf, ABS(s->len)); out[16] += ABS(s->len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4936:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[12], s->name, s->name_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4949:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[16], s2->conf, ABS(s2->len)); out[16] += ABS(s2->len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4954:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[12], s2->name, s2->name_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:4985:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, out_start[i], out_size[i]);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5233:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->contig[i]->name, cp, name_len[i]);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5365:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *out[20], *out_start[20];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[2];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5473:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[11], c->name, name_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5520:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, out_start[i], out_size[i]);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5680:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->scaffold[i]->name, cp, name_len[i]);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5738:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *out[8], *out_start[8];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5741:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[2];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5791:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[3], c->name, name_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5816:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, out_start[i], out_size[i]);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:6054:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->ae[i]->comment, cp, comment_len[i]);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:6072:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *out[8], *out_start[8];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:6076:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[2];
data/staden-2.0.0+b11/gap5/tg_iface_g.c:6149:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[7], e->comment, comment_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:6152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out[6], e->comment, comment_len);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:6169:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, out_start[i], out_size[i]);
data/staden-2.0.0+b11/gap5/tg_index.c:267:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a.version = atoi(optarg);
data/staden-2.0.0+b11/gap5/tg_index.c:301:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(a.out_fn, ".0");
data/staden-2.0.0+b11/gap5/tg_index_common.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[L_tmpnam];
data/staden-2.0.0+b11/gap5/tg_index_common.c:123:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (fd = open(tmp->name, O_RDWR|O_CREAT|O_EXCL, 0666))) {
data/staden-2.0.0+b11/gap5/tg_index_common.c:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_tmp[L_tmpnam];
data/staden-2.0.0+b11/gap5/tg_index_common.c:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100+2*L_tmpnam];
data/staden-2.0.0+b11/gap5/tg_index_common.c:186:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp->fp = fopen(tmp->name, "rb+");
data/staden-2.0.0+b11/gap5/tg_index_common.c:198:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[8192];
data/staden-2.0.0+b11/gap5/tg_index_common.c:224:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bs->que[bs->index].file->fp = fopen(bs->que[bs->index].file->name, "r");
data/staden-2.0.0+b11/gap5/tg_index_common.c:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[1024];
data/staden-2.0.0+b11/gap5/tg_index_common.c:276:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(entry, "%.*s %"PRIrec"", (int)name_len, name, rec);
data/staden-2.0.0+b11/gap5/tg_index_common.c:562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/staden-2.0.0+b11/gap5/tg_index_common.c:701:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char holder[255];
data/staden-2.0.0+b11/gap5/tg_index_common.c:703:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(holder,
data/staden-2.0.0+b11/gap5/tg_index_common.c:954:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname2[1024];
data/staden-2.0.0+b11/gap5/tg_index_common.c:978:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100];
data/staden-2.0.0+b11/gap5/tg_index_common.c:1054:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[11];
data/staden-2.0.0+b11/gap5/tg_index_common.c:1312:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100];
data/staden-2.0.0+b11/gap5/tg_index_common.c:1342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8192];
data/staden-2.0.0+b11/gap5/tg_index_common.c:1351:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, hi->key, hi->key_len);
data/staden-2.0.0+b11/gap5/tg_index_common.c:1417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/staden-2.0.0+b11/gap5/tg_index_common.c:1540:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/staden-2.0.0+b11/gap5/tg_register.c:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], buf2[1024];
data/staden-2.0.0+b11/gap5/tg_register.c:798:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/tg_register.c:974:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap5/tg_register.c:1076:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/tg_register.c:1078:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "tk_messageBox \
data/staden-2.0.0+b11/gap5/tg_register.h:299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80];
data/staden-2.0.0+b11/gap5/tg_scaffold.c:307:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192];
data/staden-2.0.0+b11/gap5/tg_scaffold.c:312:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "r"))) {
data/staden-2.0.0+b11/gap5/tg_scaffold.c:332:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp = strtok(NULL, "\t"); gap_size = atoi(cp);
data/staden-2.0.0+b11/gap5/tg_scaffold.c:361:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "w+"))) {
data/staden-2.0.0+b11/gap5/tg_sequence.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->seq, f->seq, ABS(f->len));
data/staden-2.0.0+b11/gap5/tg_sequence.c:90:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->conf, f->conf, ABS(f->len)*
data/staden-2.0.0+b11/gap5/tg_sequence.c:94:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->sam_aux, f->sam_aux, s->aux_len);
data/staden-2.0.0+b11/gap5/tg_sequence.c:98:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(int, s->anno),
data/staden-2.0.0+b11/gap5/tg_sequence.c:394:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, n->seq, ABS(n->len));
data/staden-2.0.0+b11/gap5/tg_sequence.c:396:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, n->conf, ABS(n->len) * sequence_conf_size(n));
data/staden-2.0.0+b11/gap5/tg_sequence.c:399:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, n->sam_aux, n->aux_len);
data/staden-2.0.0+b11/gap5/tg_sequence.c:400:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&n->data, tmp, extra_len);
data/staden-2.0.0+b11/gap5/tg_sequence.c:444:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, n->seq, ABS(n->len));
data/staden-2.0.0+b11/gap5/tg_sequence.c:446:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, n->conf, ABS(n->len) * sequence_conf_size(n));
data/staden-2.0.0+b11/gap5/tg_sequence.c:449:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, n->sam_aux, n->aux_len);
data/staden-2.0.0+b11/gap5/tg_sequence.c:450:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&n->data, tmp, extra_len);
data/staden-2.0.0+b11/gap5/tg_sequence.c:552:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, s, len);
data/staden-2.0.0+b11/gap5/tg_sequence.c:558:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ArrayBase(int, d->anno),
data/staden-2.0.0+b11/gap5/tg_sequence.c:600:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char n2[1024];
data/staden-2.0.0+b11/gap5/tg_sequence.c:1068:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char logodds2phred[256];
data/staden-2.0.0+b11/gap5/tg_struct.h:311:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1]; /* packed memory struct; names/al/seq/conf are here */
data/staden-2.0.0+b11/gap5/tg_struct.h:378:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/staden-2.0.0+b11/gap5/tg_struct.h:423:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/staden-2.0.0+b11/gap5/tg_struct.h:601:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1]; /* location of packed comment */
data/staden-2.0.0+b11/gap5/tg_struct.h:674:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/staden-2.0.0+b11/gap5/tg_tcl.c:84:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/gap5/tg_tcl.c:85:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "io=%p", io);
data/staden-2.0.0+b11/gap5/tg_tcl.c:426:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obj->length = sprintf(obj->bytes, "contig=%p", c);
data/staden-2.0.0+b11/gap5/tg_tcl.c:1773:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obj->length = sprintf(obj->bytes, "scaffold=%p", c);
data/staden-2.0.0+b11/gap5/tg_tcl.c:1952:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obj->length = sprintf(obj->bytes, "sequence=%p", ts);
data/staden-2.0.0+b11/gap5/tg_tcl.c:2476:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obj->length = sprintf(obj->bytes, "anno_ele=%p", te);
data/staden-2.0.0+b11/gap5/tg_tcl.c:2756:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/gap5/tg_tcl.c:2913:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obj->length = sprintf(obj->bytes, "library=%p", l);
data/staden-2.0.0+b11/gap5/tg_tcl.c:3025:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap5/tg_tcl.c:3157:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
obj->length = sprintf(obj->bytes, "database=%p", io);
data/staden-2.0.0+b11/gap5/tg_utils.c:204:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(str);
data/staden-2.0.0+b11/gap5/tg_utils.c:206:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atol(str);
data/staden-2.0.0+b11/gap5/tg_view.c:40:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char lookup[256], lookup_done = 0;
data/staden-2.0.0+b11/gap5/tg_view.c:210:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[1024];
data/staden-2.0.0+b11/gap5/tg_view.c:296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], *lp;
data/staden-2.0.0+b11/gap5/tg_view.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cons[1024];
data/staden-2.0.0+b11/gap5/tg_view.c:336:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lp, "%10d", i-10);
data/staden-2.0.0+b11/gap5/tg_view.c:357:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seq_a[MAX_SEQ_LEN], *seq = seq_a;
data/staden-2.0.0+b11/gap5/tg_view.c:374:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq, s->seq, l);
data/staden-2.0.0+b11/gap5/tg_view.c:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/staden-2.0.0+b11/gap5/tg_view.c:533:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/staden-2.0.0+b11/gap5/tg_view.c:770:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cons[CONS_LEN+1];
data/staden-2.0.0+b11/gap5/tg_view.c:790:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cons[10000];
data/staden-2.0.0+b11/gap5/tg_view.c:818:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/staden-2.0.0+b11/gap5/tg_view.c:820:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "%.*s", s->name_len, s->name);
data/staden-2.0.0+b11/gap5/tg_view.c:871:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lp_mode = atoi(optarg);
data/staden-2.0.0+b11/gap5/tg_view.c:875:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnum = atoi(optarg)-1;
data/staden-2.0.0+b11/gap5/tg_view.c:904:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xpos = atoi(argv[optind]);
data/staden-2.0.0+b11/gap5/tk-io-reg.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/tk-io-reg.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap5/tk-io-reg.c:505:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[1024];
data/staden-2.0.0+b11/gap5/tk-io-reg.c:509:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "GENERIC ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:511:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "NUMBER_CHANGE ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:513:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "JOIN_TO ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:515:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "ORDER ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:517:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "LENGTH ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:519:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "RENAME ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:521:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "CHILD_EDIT ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:523:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "QUERY_NAME ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:525:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "DELETE ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:527:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "GET_LOCK ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:529:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "SET_LOCK ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:531:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "COMPLEMENT ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:533:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "PARAMS ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:535:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "QUIT ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:537:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "CURSOR_NOTIFY ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:539:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "GET_OPS ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:541:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "INVOKE_OP ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:543:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "ANNO ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:545:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "REGISTER ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:547:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "DEREGISTER ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:549:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "HIGHLIGHT_READ ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:551:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "BUFFER_START ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:553:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "BUFFER_END ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:555:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "NOTE ");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:615:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(str);
data/staden-2.0.0+b11/gap5/tk-io-reg.c:869:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/tk-io-reg.c:872:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{contig_num %"PRIrec"} ", contig);
data/staden-2.0.0+b11/gap5/tk-io-reg.c:877:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{number %d}",
data/staden-2.0.0+b11/gap5/tk-io-reg.c:883:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{contig %"PRIrec"} {offset %d}",
data/staden-2.0.0+b11/gap5/tk-io-reg.c:890:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{pos %d}",
data/staden-2.0.0+b11/gap5/tk-io-reg.c:896:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{length %d}",
data/staden-2.0.0+b11/gap5/tk-io-reg.c:923:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{lock %d}",
data/staden-2.0.0+b11/gap5/tk-io-reg.c:933:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{op %d}",
data/staden-2.0.0+b11/gap5/tk-io-reg.c:943:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job[1024];
data/staden-2.0.0+b11/gap5/tk-io-reg.c:949:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(job, "MOVE");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:987:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "{seq %"PRIrec"} {val %d}",
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1012:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", crt->id);
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1023:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1025];
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1025:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "%.80s", Tcl_GetStringResult(crt->interp));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1048:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jdata->glock.lock = atoi(Tcl_GetStringResult(crt->interp));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1052:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1024s", Tcl_GetStringResult(crt->interp));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1058:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(Tcl_GetStringResult(crt->interp)) == 0) {
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1092:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cursor_t *cp = find_contig_cursor(io, cnum, atoi(reg_get_arg("id")));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1097:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
abspos = atoi(reg_get_arg("abspos"));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1106:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp->pos = atoi(reg_get_arg("pos"));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1107:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp->sent_by = atoi(reg_get_arg("sent_by"));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1117:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rd->note.note = atoi(reg_get_arg("note"));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1148:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[81];
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1167:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi(reg_get_arg("data"));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1174:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi(reg_get_arg("data"));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1188:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rd->highlight.val = atoi(reg_get_arg("highlight"));
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1278:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *arg_names[100];
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1279:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *arg_values[100];
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1288:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char targs_a[8192];
data/staden-2.0.0+b11/gap5/tkAppInit.c:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lib, buf[1025];
data/staden-2.0.0+b11/gap5/tkAppInit.c:140:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, c[10];
data/staden-2.0.0+b11/gap5/tkAppInit.c:149:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/gap5/tkAppInit.c:149:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/gap5/tkEdNames.c:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap5/tkEdNames.c:286:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %"PRIrec" %d", type, rec, pos);
data/staden-2.0.0+b11/gap5/tkEdNames.c:290:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %"PRIrec" %d",
data/staden-2.0.0+b11/gap5/tkEdNames.c:312:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
from_rec = atol(argv[2]);
data/staden-2.0.0+b11/gap5/tkEdNames.c:313:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
to_rec = atol(argv[3]);
data/staden-2.0.0+b11/gap5/tkEditor.c:328:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xx = edview_new(io, atorec(argv[3]), atorec(argv[4]), atoi(argv[5]),
data/staden-2.0.0+b11/gap5/tkEditor.c:640:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reload_seq = atoi(argv[2]);
data/staden-2.0.0+b11/gap5/tkEditor.c:667:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi(argv[2]);
data/staden-2.0.0+b11/gap5/tkEditor.c:749:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/gap5/tkEditor.c:761:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int exact = argc == 5 ? atoi(argv[4]) : 1;
data/staden-2.0.0+b11/gap5/tkEditor.c:762:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int seq_only = argc == 6 ? atoi(argv[5]) : 0;
data/staden-2.0.0+b11/gap5/tkEditor.c:768:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %"PRIrec" %d", type, rec, pos);
data/staden-2.0.0+b11/gap5/tkEditor.c:772:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %"PRIrec" %d",
data/staden-2.0.0+b11/gap5/tkEditor.c:800:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type = atoi(argv[2]);
data/staden-2.0.0+b11/gap5/tkEditor.c:802:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(argv[4]);
data/staden-2.0.0+b11/gap5/tkEditor.c:831:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
edSetCursorPos(ed->xx, atoi(argv[2]), atorec(argv[3]), atoi(argv[4]),
data/staden-2.0.0+b11/gap5/tkEditor.c:831:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
edSetCursorPos(ed->xx, atoi(argv[2]), atorec(argv[3]), atoi(argv[4]),
data/staden-2.0.0+b11/gap5/tkEditor.c:944:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(argv[2])) {
data/staden-2.0.0+b11/gap5/tkEditor.c:946:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msg = edGetBriefSeq(ed->xx, atorec(argv[3]), atoi(argv[4]), argv[5]);
data/staden-2.0.0+b11/gap5/tkEditor.c:950:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msg = edGetBriefCon(ed->xx, atorec(argv[3]), atoi(argv[4]), argv[5]);
data/staden-2.0.0+b11/gap5/tkEditor.c:1169:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bs = atoi(argv[3]);
data/staden-2.0.0+b11/gap5/tkEditor.c:1170:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
be = atoi(argv[4]);
data/staden-2.0.0+b11/gap5/tkEditor.c:1173:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bs = atoi(argv[5]);
data/staden-2.0.0+b11/gap5/tkEditor.c:1174:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
be = atoi(argv[6]);
data/staden-2.0.0+b11/gap5/tkEditor.c:1236:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[2]) /* is_fwds? */,
data/staden-2.0.0+b11/gap5/tkEditor.c:1237:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[3]) /* fwd */,
data/staden-2.0.0+b11/gap5/tkEditor.c:1238:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[4]) /* bwd */,
data/staden-2.0.0+b11/gap5/tkEditor.c:1239:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[5]) /* readlen */,
data/staden-2.0.0+b11/gap5/tkEditor.c:1268:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[2]), &dir, &rid);
data/staden-2.0.0+b11/gap5/tman_display.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/tman_display.c:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/tman_display.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqbuf[1024];
data/staden-2.0.0+b11/gap5/tman_display.c:219:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(seqbuf, "%d %d", small_seq, 3);
data/staden-2.0.0+b11/gap5/tman_display.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/gap5/tman_display.h:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[FILE_NAME_LENGTH];
data/staden-2.0.0+b11/gap5/tman_display.h:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/staden-2.0.0+b11/gap5/tman_interface.c:815:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/gap5/tman_interface.c:819:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", cols);
data/staden-2.0.0+b11/gap5/tman_interface.c:1062:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *com_argv_tmp[5];
data/staden-2.0.0+b11/gap5/tman_interface.c:1079:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(command);
data/staden-2.0.0+b11/gap5/tman_interface.c:1128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000];
data/staden-2.0.0+b11/hetins/hetins.c:414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/staden-2.0.0+b11/hetins/hetins.c:441:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.window = atoi(optarg);
data/staden-2.0.0+b11/hetins/hetins.c:475:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qr = atoi(exp_get_entry ( exp_file, EFLT_QR ));
data/staden-2.0.0+b11/hetins/hetins.c:511:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "HETI = %d..%d\n %d %5.3f %5.3f %6.3f",
data/staden-2.0.0+b11/hetins/hetins.c:521:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", ret+1);
data/staden-2.0.0+b11/init_exp/init_exp.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/staden-2.0.0+b11/init_exp/init_exp.c:91:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%f", aq = avg_qual(r));
data/staden-2.0.0+b11/make_weights/make_weights.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE], *comment, *name = NULL, *seq = NULL;
data/staden-2.0.0+b11/make_weights/make_weights.c:424:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[120],char_type[2];
data/staden-2.0.0+b11/make_weights/make_weights.c:601:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mark_pos = atoi(optarg);
data/staden-2.0.0+b11/make_weights/make_weights.c:633:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_i = fopen(fn_i, "r");
data/staden-2.0.0+b11/make_weights/make_weights.c:642:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_o = fopen(fn_o, "w");
data/staden-2.0.0+b11/make_weights/make_weights.c:650:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_w = fopen(fn_w, "r");
data/staden-2.0.0+b11/mutlib/align.cpp:303:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
std::FILE* pOut = std::fopen( s, "wb" );
data/staden-2.0.0+b11/mutlib/array.hpp:139:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( m_pArray, p, sizeof(T)*nLength );
data/staden-2.0.0+b11/mutlib/array.hpp:273:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs.open( pFileName, ios_base::out | ios_base::app );
data/staden-2.0.0+b11/mutlib/array.hpp:275:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs.open( pFileName, ios_base::out | ios_base::trunc );
data/staden-2.0.0+b11/mutlib/caller_base.hpp:61:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_nCall[3];
data/staden-2.0.0+b11/mutlib/caller_level.hpp:51:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_cBase[4];
data/staden-2.0.0+b11/mutlib/dnatable.hpp:36:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char m_IndexTable[4][4];
data/staden-2.0.0+b11/mutlib/matrix.hpp:199:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs.open( fname, ios_base::out | ios_base::trunc );
data/staden-2.0.0+b11/mutlib/mutationtag.cpp:91:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf( m_pComment, "%c->%c, SNR=%0.2fdB, PKD=%0.2f",
data/staden-2.0.0+b11/mutlib/mutationtag.cpp:98:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf( m_pComment, "%c->%c, SNR=%0.2fdB",
data/staden-2.0.0+b11/mutlib/mutationtag.hpp:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_cBaseInp[3]; // Input sequence basecalls
data/staden-2.0.0+b11/mutlib/mutationtag.hpp:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_pName[8]; // Tag name, HETE, MUTA
data/staden-2.0.0+b11/mutlib/mutationtag.hpp:83:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_pComment[MAX_STRING]; // Tag comment field
data/staden-2.0.0+b11/mutlib/mutlib.h:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Type[5];
data/staden-2.0.0+b11/mutlib/mutscan.cpp:310:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/staden-2.0.0+b11/mutlib/mutscan.cpp:312:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
std::strcat( buffer, "_diff.ztr" );
data/staden-2.0.0+b11/mutlib/mutscan.cpp:400:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy( ms->ResultString, "Not enough memory available to complete the operation.\n" );
data/staden-2.0.0+b11/mutlib/mutscan.cpp:406:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy( ms->ResultString, "An unexpected fatal exception has occurred, please "
data/staden-2.0.0+b11/mutlib/mutscan_analysis.cpp:258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[3];
data/staden-2.0.0+b11/mutlib/mutscan_preprocess.cpp:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/staden-2.0.0+b11/mutlib/mutscan_preprocess.cpp:176:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf( name, "peaks_and_noise%d.ztr", n+1 );
data/staden-2.0.0+b11/mutlib/mutscan_validate.cpp:37:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy( ms->ResultString, "Uninitialised input structure.\n" );
data/staden-2.0.0+b11/mutlib/muttag.cpp:187:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf( &m_pComment[slen], " Sensitivity=%5.2f, Alignment=%4.2f, Width=%4.2f, Amplitude=%d",
data/staden-2.0.0+b11/mutlib/muttag.cpp:196:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf( &m_pComment[slen], " Ratio=%4.2f, Alignment=%4.2f, Amplitude1=%4.2f, Amplitude2=%4.2f",
data/staden-2.0.0+b11/mutlib/muttag.hpp:136:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_pName[8]; // Tag name
data/staden-2.0.0+b11/mutlib/muttag.hpp:137:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_pComment[MAX_COMMENT]; // Tag comment field
data/staden-2.0.0+b11/mutlib/pathutil.cpp:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pBuffer[512];
data/staden-2.0.0+b11/mutlib/read_matrix.cpp:35:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char lookup[256];
data/staden-2.0.0+b11/mutlib/read_matrix.cpp:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], *linep;
data/staden-2.0.0+b11/mutlib/read_matrix.cpp:38:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char cols[256];
data/staden-2.0.0+b11/mutlib/read_matrix.cpp:41:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "r")))
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_seq[51];
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:467:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[61];
data/staden-2.0.0+b11/mutlib/sp_alignment.cpp:252:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_pad_sym, char new_pad_sym,
data/staden-2.0.0+b11/mutlib/sp_alignment.cpp:252:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_pad_sym, char new_pad_sym,
data/staden-2.0.0+b11/mutlib/sp_alignment.cpp:442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_seq[51];
data/staden-2.0.0+b11/mutlib/sp_alignment.h:69:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_pad_sym, char new_pad_sym,
data/staden-2.0.0+b11/mutlib/sp_alignment.h:69:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_pad_sym, char new_pad_sym,
data/staden-2.0.0+b11/mutlib/trace.cpp:1170:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cProbability[4];
data/staden-2.0.0+b11/mutlib/tracealign.cpp:381:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileName[256];
data/staden-2.0.0+b11/mutlib/tracealign.cpp:383:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf( FileName, "qenvelope.align.txt" );
data/staden-2.0.0+b11/mutlib/tracealign.cpp:430:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy( ta->ResultString, "Not enough memory available to complete the operation.\n" );
data/staden-2.0.0+b11/mutlib/tracealign.cpp:436:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy( ta->ResultString, "An unexpected fatal exception has occurred, please "
data/staden-2.0.0+b11/mutlib/tracealign_validate.cpp:36:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf( ta->ResultString, "Uninitialised input structure.\n" );
data/staden-2.0.0+b11/mutlib/tracediff.cpp:324:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy( td->ResultString, "Not enough memory available to complete the operation.\n" );
data/staden-2.0.0+b11/mutlib/tracediff.cpp:330:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy( td->ResultString, "An unexpected fatal exception has occurred, please "
data/staden-2.0.0+b11/mutscan/main.cpp:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pBuffer[BUFSIZE];
data/staden-2.0.0+b11/mutscan/main.cpp:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pFileOfFiles[BUFSIZE] = { 0 };
data/staden-2.0.0+b11/mutscan/main.cpp:338:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
proximityThreshold = std::atoi( pBuffer );
data/staden-2.0.0+b11/mutscan/main.cpp:372:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
std::FILE* pFOFN = std::fopen( pFileOfFiles, "rt" );
data/staden-2.0.0+b11/mutscan/main.cpp:593:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf( pBuffer, "%d", nRightmostTag+1 );
data/staden-2.0.0+b11/mutscan/pathutil.cpp:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pBuffer[512];
data/staden-2.0.0+b11/polyA_clip/polyA_clip.c:174:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i1 = atoi ( expline );
data/staden-2.0.0+b11/polyA_clip/polyA_clip.c:178:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i2 = atoi ( expline );
data/staden-2.0.0+b11/polyA_clip/polyA_clip.c:186:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i1 = atoi ( expline );
data/staden-2.0.0+b11/polyA_clip/polyA_clip.c:190:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i2 = atoi ( expline );
data/staden-2.0.0+b11/polyA_clip/polyA_clip.c:207:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(file, "a"))) {
data/staden-2.0.0+b11/polyA_clip/polyA_clip.c:235:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(file, "a"))) {
data/staden-2.0.0+b11/polyA_clip/polyA_clip.c:287:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.min_len = atoi(optarg);
data/staden-2.0.0+b11/polyA_clip/polyA_clip.c:291:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.window_len = atoi(optarg);
data/staden-2.0.0+b11/polyA_clip/seqInfo.c:244:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/polyA_clip/seqInfo.c:283:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conf, si->confidence, sizeof(int1) * length);
data/staden-2.0.0+b11/polyA_clip/seqInfo.c:314:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opos, si->origpos, sizeof(int2) * length);
data/staden-2.0.0+b11/prefinish/dust.c:113:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(depadded, s, len);
data/staden-2.0.0+b11/prefinish/finish.c:483:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/staden-2.0.0+b11/prefinish/finish.c:486:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(skip_template_file, "r"))) {
data/staden-2.0.0+b11/prefinish/finish.c:1061:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fin->out_fp = fopen(fin->args.output_file, "w"))) {
data/staden-2.0.0+b11/prefinish/finish.c:1127:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fin->orig_qual, fin->qual, io_clength(fin->io, fin->contig)
data/staden-2.0.0+b11/prefinish/finish.c:1360:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/prefinish/finish.c:1457:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/prefinish/finish.c:1657:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/prefinish/finish.c:1682:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-2.0.0+b11/prefinish/finish.c:1757:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
con_bits[i].bit = atoi(argv[0]);
data/staden-2.0.0+b11/prefinish/finish.c:1768:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
con_bits[i].arg = argc > 2 ? atoi(argv[2]) : 2;
data/staden-2.0.0+b11/prefinish/finish.c:1772:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
con_bits[i].arg = argc > 2 ? atoi(argv[2]) : 3;
data/staden-2.0.0+b11/prefinish/finish.c:1776:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
con_bits[i].arg = argc > 2 ? atoi(argv[2]) : 1;
data/staden-2.0.0+b11/prefinish/finish.c:1780:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
con_bits[i].arg = argc > 2 ? atoi(argv[2]) : 2;
data/staden-2.0.0+b11/prefinish/finish.c:1784:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
con_bits[i].arg = argc > 2 ? atoi(argv[2]) : 14;
data/staden-2.0.0+b11/prefinish/finish.c:1788:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
con_bits[i].arg = argc > 2 ? atoi(argv[2]) : 15;
data/staden-2.0.0+b11/prefinish/finish.c:1792:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
con_bits[i].arg = argc > 2 ? atoi(argv[2]) : 17;
data/staden-2.0.0+b11/prefinish/finish.h:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char primer[100]; /* DNA sequence, complemented if appropriate */
data/staden-2.0.0+b11/prefinish/finish_filter.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fin->filtered, fin->cons, clen);
data/staden-2.0.0+b11/prefinish/finish_filter.c:100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, seq, len);
data/staden-2.0.0+b11/prefinish/finish_hash.c:128:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_buf,
data/staden-2.0.0+b11/prefinish/finish_hash.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcopy[FIN_MAXPRIMERLEN];
data/staden-2.0.0+b11/prefinish/finish_hash.c:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_buf[1024], best_msg_buf[1024];
data/staden-2.0.0+b11/prefinish/finish_hash.c:182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcopy, prim, lprim);
data/staden-2.0.0+b11/prefinish/finish_hash.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], *tmp_buf;
data/staden-2.0.0+b11/prefinish/finish_hash.c:315:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_buf, seq1, len1);
data/staden-2.0.0+b11/prefinish/finish_long.c:11:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/prefinish/finish_long.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/prefinish/finish_main.c:677:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(probs1, &fin->prob_bits[pos-fin->start], len * sizeof(int));
data/staden-2.0.0+b11/prefinish/finish_main.c:711:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_cons, &fin->cons[pos-1], len+1);
data/staden-2.0.0+b11/prefinish/finish_main.c:712:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_qual, &fin->qual[pos-1], (len+1)*sizeof(float));
data/staden-2.0.0+b11/prefinish/finish_main.c:931:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fin->cons[pos-1], old_cons, len+1);
data/staden-2.0.0+b11/prefinish/finish_main.c:932:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fin->qual[pos-1], old_qual, (len+1)*sizeof(float));
data/staden-2.0.0+b11/prefinish/finish_pcr.h:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[2][MAX_PRIMER_LEN+1]; /* unpadded primer sequence */
data/staden-2.0.0+b11/prefinish/finish_utils.c:133:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char complementary_base[256];
data/staden-2.0.0+b11/prefinish/finish_utils.c:484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char primer[100];
data/staden-2.0.0+b11/prefinish/finish_walk.c:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unpadded_cons[MAX_PRIMER_SEQ];
data/staden-2.0.0+b11/prefinish/finish_walk.c:378:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/prefinish/finish_walk.c:382:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tagfp = fopen("tags", "w+");
data/staden-2.0.0+b11/prefinish/gap_cli_arg.c:22:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int handle = atoi(val);
data/staden-2.0.0+b11/prefinish/gap_cli_arg.c:30:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((int *)&store[a->offset]) = atoi(val);
data/staden-2.0.0+b11/prefinish/gap_cli_arg.c:61:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset((char *)&((char *)store)[a->offset], 0, a->value); /* YUK */
data/staden-2.0.0+b11/prefinish/gap_cli_arg.c:163:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset((char *)&((char *)store)[a->offset], 0, a->value); /* YUK */
data/staden-2.0.0+b11/prefinish/insert_size_dist.c:171:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_size = atoi(argv[1]);
data/staden-2.0.0+b11/prefinish/insert_size_dist.c:172:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_size = atoi(argv[2]);
data/staden-2.0.0+b11/prefinish/main.c:8:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lib, buf[1025];
data/staden-2.0.0+b11/prefinish/read_conf_dist.c:114:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chemistry = atoi(argv[1]);
data/staden-2.0.0+b11/prefinish/test.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcopy[MAXPRIMER];
data/staden-2.0.0+b11/prefinish/test.c:80:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcopy, prim, lprim);
data/staden-2.0.0+b11/prefinish/test.c:175:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[MAXSEQ];
data/staden-2.0.0+b11/prefinish/test.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prim[21];
data/staden-2.0.0+b11/prefinish/test.c:192:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/staden-2.0.0+b11/prefinish/test.c:210:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iter = atoi(argv[2]);
data/staden-2.0.0+b11/prefinish/testbak.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[MAXSEQ];
data/staden-2.0.0+b11/prefinish/testbak.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vec[21];
data/staden-2.0.0+b11/prefinish/testbak.c:138:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/staden-2.0.0+b11/prefinish/testbak.c:149:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iter = atoi(argv[2]);
data/staden-2.0.0+b11/prefinish/tkMain.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TCL_INTEGER_SPACE];
data/staden-2.0.0+b11/prefinish/tkMain.c:168:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", argc-1);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:819:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file = fopen(lib->repeat_file,"r")) == NULL) {
data/staden-2.0.0+b11/primer3/src/boulder_input.c:1006:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lib->names[i], "reverse ");
data/staden-2.0.0+b11/primer3/src/dpal.c:25:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void print_align(const unsigned char *, const unsigned char *,
data/staden-2.0.0+b11/primer3/src/dpal.c:25:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void print_align(const unsigned char *, const unsigned char *,
data/staden-2.0.0+b11/primer3/src/dpal.c:905:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sx[3*DPAL_MAX_ALIGN],sy[3*DPAL_MAX_ALIGN],sxy[3*DPAL_MAX_ALIGN];
data/staden-2.0.0+b11/primer3/src/format_output.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[20];
data/staden-2.0.0+b11/primer3/src/format_output.c:155:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(l == OT_LEFT) strcpy(type, "LEFT_PRIMER");
data/staden-2.0.0+b11/primer3/src/format_output.c:156:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if(l == OT_RIGHT) strcpy(type, "RIGHT_PRIMER");
data/staden-2.0.0+b11/primer3/src/format_output.c:157:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(type, "INTERNAL_OLIGO");
data/staden-2.0.0+b11/primer3/src/format_output.c:659:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[20];
data/staden-2.0.0+b11/primer3/src/format_output.c:661:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(l == OT_LEFT) strcpy(type, "LEFT_PRIMER");
data/staden-2.0.0+b11/primer3/src/format_output.c:662:28: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if(l == OT_RIGHT) strcpy(type, "RIGHT_PRIMER");
data/staden-2.0.0+b11/primer3/src/format_output.c:663:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(type, "INTERNAL_OLIGO");
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:383:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[MAX_PRIMER_LENGTH+1];
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:397:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[MAX_PRIMER_LENGTH+1], s1[MAX_PRIMER_LENGTH+1];
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:524:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char M[UCHAR_MAX];
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:627:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *r = fopen(path, mode);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:949:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_PRIMER_LENGTH+1],s1[MAX_PRIMER_LENGTH+1];
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:1135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_PRIMER_LENGTH+1];
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:1216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[MAX_PRIMER_LENGTH+1], s1_rev[MAX_PRIMER_LENGTH+1];
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:1947:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[MAX_PRIMER_LENGTH+1], s2[MAX_PRIMER_LENGTH+1],
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2205:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s1[MAX_PRIMER_LENGTH+1];
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[1024];
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2418:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg, "Unrecognized base '%c' in input sequence "
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2711:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_PRIMER_LENGTH+1], s1[MAX_PRIMER_LENGTH+1];
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2775:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_PRIMER_LENGTH+1], s1[MAX_PRIMER_LENGTH+1];
data/staden-2.0.0+b11/primer3/src/primer3_main.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix [3];
data/staden-2.0.0+b11/primer3/src/primer3_main.c:234:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(suffix, "_%d", i);
data/staden-2.0.0+b11/primer3/src/primer3_main.c:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix [3], type[256];
data/staden-2.0.0+b11/primer3/src/primer3_main.c:402:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(l == OT_LEFT) strcpy(type, "PRIMER_LEFT");
data/staden-2.0.0+b11/primer3/src/primer3_main.c:403:28: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if(l == OT_RIGHT) strcpy(type, "PRIMER_RIGHT");
data/staden-2.0.0+b11/primer3/src/primer3_main.c:404:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(type, "PRIMER_INTERNAL_OLIGO");
data/staden-2.0.0+b11/primer3/src/primer3_main.c:416:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(suffix, "_%d", i);
data/staden-2.0.0+b11/qclip/qclip.c:225:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(file, "a"))) {
data/staden-2.0.0+b11/qclip/qclip.c:290:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.min = atoi(optarg);
data/staden-2.0.0+b11/qclip/qclip.c:294:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.max = atoi(optarg);
data/staden-2.0.0+b11/qclip/qclip.c:298:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.min_len = atoi(optarg);
data/staden-2.0.0+b11/qclip/qclip.c:311:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.qual_val = atoi(optarg);
data/staden-2.0.0+b11/qclip/qclip.c:315:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.window_len = atoi(optarg);
data/staden-2.0.0+b11/qclip/qclip.c:320:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.rwin1 = atoi(optarg);
data/staden-2.0.0+b11/qclip/qclip.c:324:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.rcnt1 = atoi(optarg);
data/staden-2.0.0+b11/qclip/qclip.c:328:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.lwin1 = atoi(optarg);
data/staden-2.0.0+b11/qclip/qclip.c:332:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.lcnt1 = atoi(optarg);
data/staden-2.0.0+b11/qclip/qclip.c:336:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.start = atoi(optarg);
data/staden-2.0.0+b11/qclip/seqInfo.c:243:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[DB_NAMELEN+1];
data/staden-2.0.0+b11/qclip/seqInfo.c:282:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conf, si->confidence, sizeof(int1) * length);
data/staden-2.0.0+b11/qclip/seqInfo.c:313:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opos, si->origpos, sizeof(int2) * length);
data/staden-2.0.0+b11/screen_seq/screen_seq.c:36:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file_names[MAX_READS];
data/staden-2.0.0+b11/screen_seq/screen_seq.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *vfile_names[MAX_VECTORS];
data/staden-2.0.0+b11/screen_seq/screen_seq.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[FILENAME_MAX+1];
data/staden-2.0.0+b11/screen_seq/screen_seq.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[FILENAME_MAX+1], tmp[FILENAME_MAX+1];
data/staden-2.0.0+b11/screen_seq/screen_seq.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expanded_fn[FILENAME_MAX+1], base_name[FILENAME_MAX+1];
data/staden-2.0.0+b11/screen_seq/screen_seq.c:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[FILENAME_MAX+1], tmp[FILENAME_MAX+1];
data/staden-2.0.0+b11/screen_seq/screen_seq.c:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_name[FILENAME_MAX+1];
data/staden-2.0.0+b11/screen_seq/screen_seq.c:628:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !(vf = fopen(vfile_names[vfile_num], "r"))) {
data/staden-2.0.0+b11/screen_seq/screen_seq.c:682:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ql = atoi ( expline );
data/staden-2.0.0+b11/screen_seq/screen_seq.c:686:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qr = atoi ( expline );
data/staden-2.0.0+b11/screen_seq/screen_seq.c:693:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sl = atoi ( expline );
data/staden-2.0.0+b11/screen_seq/screen_seq.c:697:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sr = atoi ( expline );
data/staden-2.0.0+b11/screen_seq/screen_seq.c:740:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mess[2048]; /* twice vfile_name ! */
data/staden-2.0.0+b11/screen_seq/screen_seq.c:787:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mess[2048]; /* twice vfile_name ! */
data/staden-2.0.0+b11/screen_seq/screen_seq.c:845:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/screen_seq/screen_seq.c:919:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_match = atoi(optarg);
data/staden-2.0.0+b11/screen_seq/screen_seq.c:922:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_vector = atoi(optarg);
data/staden-2.0.0+b11/screen_seq/screen_seq.c:961:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_i = fopen(fofn_i, "r");
data/staden-2.0.0+b11/screen_seq/screen_seq.c:980:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_s = fopen(fofn_s, "r");
data/staden-2.0.0+b11/screen_seq/screen_seq.c:999:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_p = fopen(fofn_p, "w");
data/staden-2.0.0+b11/screen_seq/screen_seq.c:1006:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_f = fopen(fofn_f, "w");
data/staden-2.0.0+b11/seq_utils/align.c:10:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_val[128] = {0};
data/staden-2.0.0+b11/seq_utils/align.h:70:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern FastInt align_sv(char *A, FastInt (*B)[6], FastInt M,
data/staden-2.0.0+b11/seq_utils/align.h:75:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern FastInt balign_sv(char *A, FastInt (*B)[6], FastInt M,
data/staden-2.0.0+b11/seq_utils/align.h:86:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void display_sv(char *A, FastInt (*B)[6], FastInt M, FastInt N,
data/staden-2.0.0+b11/seq_utils/align_lib.c:1356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_seq[51];
data/staden-2.0.0+b11/seq_utils/align_lib.c:1412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_seq[51];
data/staden-2.0.0+b11/seq_utils/align_lib.c:1489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[61];
data/staden-2.0.0+b11/seq_utils/align_lib_old.c:7:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char consen_6(FastInt B[6]) {
data/staden-2.0.0+b11/seq_utils/align_lib_old.c:83:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void expand_6(char *A, FastInt (*B)[6], int M, int N,
data/staden-2.0.0+b11/seq_utils/align_lib_old.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *A2, FastInt (*B2)[6], int *AL, int *BL, FastInt *S,
data/staden-2.0.0+b11/seq_utils/align_lib_old.c:90:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char base_val[128];
data/staden-2.0.0+b11/seq_utils/align_lib_old.h:7:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char consen_6(FastInt B[6]);
data/staden-2.0.0+b11/seq_utils/align_lib_old.h:11:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void expand_6(char *A, FastInt (*B)[6], int M, int N,
data/staden-2.0.0+b11/seq_utils/align_lib_old.h:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *A2, FastInt (*B2)[6], int *AL, int *BL, FastInt *S,
data/staden-2.0.0+b11/seq_utils/align_ss.c:323:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ALINE[51], BLINE[51], CLINE[51];
data/staden-2.0.0+b11/seq_utils/align_ss2.c:382:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ALINE[51], BLINE[51], CLINE[51];
data/staden-2.0.0+b11/seq_utils/align_sv.c:23:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char base_val[128];
data/staden-2.0.0+b11/seq_utils/align_sv.c:453:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ALINE[51], CLINE[51];
data/staden-2.0.0+b11/seq_utils/align_sv.c:478:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*b, B[++j], 6*sizeof(FastInt));
data/staden-2.0.0+b11/seq_utils/align_sv.c:486:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*b++, B[++j], 6*sizeof(FastInt));
data/staden-2.0.0+b11/seq_utils/base_comp.c:189:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void get_aa_comp ( char *seq, int seq_length, double aa_comp[25] ) {
data/staden-2.0.0+b11/seq_utils/base_comp.h:22:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void get_aa_comp (char *seq, int seq_length, double aa_comp[25]);
data/staden-2.0.0+b11/seq_utils/dna_utils.c:18:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char complementary_base[256] = {
data/staden-2.0.0+b11/seq_utils/dna_utils.c:678:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[1024];
data/staden-2.0.0+b11/seq_utils/dna_utils.c:1111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table[15][15] = {
data/staden-2.0.0+b11/seq_utils/dna_utils.h:48:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define copy_seq(C, O, L) memcpy((C), (O), (L))
data/staden-2.0.0+b11/seq_utils/dna_utils.h:91:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SEQ_UTILS_EXPORT unsigned char complementary_base[256];
data/staden-2.0.0+b11/seq_utils/filter_words.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq2[202];
data/staden-2.0.0+b11/seq_utils/filter_words.c:47:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq2, seq, MIN(100,seqlen));
data/staden-2.0.0+b11/seq_utils/filter_words.c:48:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq2+seqlen, seq, MIN(100,seqlen));
data/staden-2.0.0+b11/seq_utils/genetic_code.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char genetic_code [5][5][5];
data/staden-2.0.0+b11/seq_utils/genetic_code.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char std_genetic_code [5][5][5] = {
data/staden-2.0.0+b11/seq_utils/genetic_code.c:69:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void reset_genetic_code ( char new_genetic_code[5][5][5] ) {
data/staden-2.0.0+b11/seq_utils/genetic_code.c:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[60];
data/staden-2.0.0+b11/seq_utils/genetic_code.c:647:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int read_genetic_code ( FILE *in_file, char code_table[5][5][5] ) {
data/staden-2.0.0+b11/seq_utils/genetic_code.c:652:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[60];
data/staden-2.0.0+b11/seq_utils/genetic_code.c:744:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int write_screen_genetic_code (char code_table[5][5][5] ) {
data/staden-2.0.0+b11/seq_utils/genetic_code.c:769:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*get_global_genetic_code())[5][5] {
data/staden-2.0.0+b11/seq_utils/genetic_code.c:785:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/seq_utils/genetic_code.c:794:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(buf, "r")))
data/staden-2.0.0+b11/seq_utils/genetic_code.h:19:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int read_genetic_code ( FILE *in_file, char code_table[5][5][5] );
data/staden-2.0.0+b11/seq_utils/genetic_code.h:21:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void reset_genetic_code ( char new_genetic_code[5][5][5] );
data/staden-2.0.0+b11/seq_utils/genetic_code.h:22:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int write_screen_genetic_code (char code_table[5][5][5] );
data/staden-2.0.0+b11/seq_utils/genetic_code.h:26:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*get_global_genetic_code(void))[5][5];
data/staden-2.0.0+b11/seq_utils/genetic_code_old.c:20:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char genetic_code [5][5][5] = {
data/staden-2.0.0+b11/seq_utils/genetic_code_old.c:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[60];
data/staden-2.0.0+b11/seq_utils/genetic_code_old.c:287:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_file = fopen(file_name,"r");
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *protein, line[80];
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:119:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, ">%d", starts[frame]+1);
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:121:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&line[21], "%d..%d", starts[frame]+1, starts[frame]+len_open*3-3);
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *protein, line[80];
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:158:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, ">%d", starts[frame]+1);
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:160:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&line[21], "%d..%d", starts[frame]+1, starts[frame]+len_open*3-3);
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *protein, line[80];
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:198:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( line, "FT CDS");
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:200:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&line[21], "%d..%d", starts[frame]+1, starts[frame]+len_open*3-3);
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *protein, line[80];
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:236:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( line, "FT CDS");
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:238:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&line[21], "%d..%d", starts[frame]+1, starts[frame]+len_open*3-3);
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *protein, line[80];
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:301:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, ">%d", starts[frame]+1);
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:303:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&line[21], "complement(%d..%d)", starts[frame]+1, starts[frame]+len_open*3-3);
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *protein, line[80];
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:339:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, ">%d", starts[frame]+1);
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:341:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&line[21], "complement(%d..%d)", starts[frame]+1, starts[frame]+len_open*3-3);
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *protein, line[80];
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:379:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( line, "FT CDS");
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:381:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&line[21], "complement(%d..%d)", starts[frame]+1, starts[frame]+len_open*3-3);
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:403:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *protein, line[80];
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:417:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( line, "FT CDS");
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:419:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&line[21], "complement(%d..%d)", starts[frame]+1, starts[frame]+len_open*3-3);
data/staden-2.0.0+b11/seq_utils/read_matrix.c:34:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char lookup[256];
data/staden-2.0.0+b11/seq_utils/read_matrix.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], *linep;
data/staden-2.0.0+b11/seq_utils/read_matrix.c:37:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char cols[256];
data/staden-2.0.0+b11/seq_utils/read_matrix.c:40:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "r")))
data/staden-2.0.0+b11/seq_utils/renz_utils.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[2];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alternatives[4];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:59:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int neighbors ( char in_string[], char out_string[256][5] ) {
data/staden-2.0.0+b11/seq_utils/renz_utils.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[4],t_string[4];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:493:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end_seq[MAX_END_SEQ];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:547:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end_seq[MAX_END_SEQ];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:666:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[MAXLINE];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:667:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXLINE];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAXLINE];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:670:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res_seq[MAXRSEQ][MAXLINE];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:757:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXLINE];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:758:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAXLINE];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:793:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:795:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_filename[FILENAME_MAX];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:800:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(exp_filename, "r"))){
data/staden-2.0.0+b11/seq_utils/renz_utils.c:842:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:845:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_filename[FILENAME_MAX];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:854:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(exp_filename, "r"))){
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1034:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char colour[NUM_COL];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1049:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(colour, "#%02x%02x%02x", r, g, b);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_seq[MAXLINE];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuf[1024], lbuf[1024];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1206:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_match[cnt], &match[j], sizeof(R_Match));
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1234:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lengths, fragment, (num_matches + 1) *sizeof(int));
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1239:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lengths, fragment, (num_matches) *sizeof(int));
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1253:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuf, "%7d", fragment[k]);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1258:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lbuf, "%7d", lengths[k]);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_seq[MAXLINE];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuf[1024], lbuf[1024];
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1341:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_match, match, total_matches * sizeof(R_Match));
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1363:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lengths, fragment, (total_matches + 1) *sizeof(int));
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1368:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lengths, fragment, (total_matches) *sizeof(int));
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1387:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuf, "%7d", fragment[k]);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1392:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lbuf, "%7d", lengths[k]);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1429:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newseq[MAXLINE];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:18:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feat_quas[number_quas][20]={
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feat_key[number_keys][16]={
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:70:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char genetic_code_ft[16][10]={
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:338:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*identifier, "MISSING_ID");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:497:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
qual[k] = (char *)xrealloc(qual[k],
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:540:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:652:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:680:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*identifier, "MISSING_ID");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:822:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:891:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:939:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:977:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry_name[256];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1046:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry_name[256];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry_name[256], file_name[51];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_range[2]=" ";
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1403:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*start_pos = atoi(a);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1404:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*end_pos = atoi(b);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_range[2]=" ";
data/staden-2.0.0+b11/seq_utils/sequence_formats.h:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_range[2];
data/staden-2.0.0+b11/seq_utils/sequence_formats.h:20:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_loca[3];
data/staden-2.0.0+b11/seq_utils/sequence_formats.h:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *qualifier[number_quas];
data/staden-2.0.0+b11/seq_utils/sequence_formats.h:39:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SEQ_UTILS_EXPORT char feat_quas[number_quas][20];
data/staden-2.0.0+b11/seq_utils/sequence_formats.h:40:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SEQ_UTILS_EXPORT char feat_key[number_keys][16];
data/staden-2.0.0+b11/seq_utils/sequence_formats.h:41:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SEQ_UTILS_EXPORT char genetic_code_ft[16][10];
data/staden-2.0.0+b11/spin/codon_content.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*genetic_code)[5][5] = get_global_genetic_code();
data/staden-2.0.0+b11/spin/codon_content.c:335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char star[3];
data/staden-2.0.0+b11/spin/codon_content.c:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[1024];
data/staden-2.0.0+b11/spin/codon_content.c:399:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char star[3];
data/staden-2.0.0+b11/spin/codon_content.c:464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char star[3];
data/staden-2.0.0+b11/spin/codon_content.c:520:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int init_codon_pref (char *file_name,
data/staden-2.0.0+b11/spin/codon_content.c:538:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_file = fopen(file_name,"r");
data/staden-2.0.0+b11/spin/codon_content.c:767:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int init_author_test (char *file_name,
data/staden-2.0.0+b11/spin/codon_content.c:768:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq,
data/staden-2.0.0+b11/spin/codon_content.c:787:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_file = fopen(file_name,"r");
data/staden-2.0.0+b11/spin/codon_content.c:1187:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void calc_codon_usage(char *seq,
data/staden-2.0.0+b11/spin/codon_content.h:38:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int init_codon_pref (char *file_name, double codon_usage_table[4][4][4],
data/staden-2.0.0+b11/spin/codon_content.h:41:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int init_author_test (char *file_name, char *seq, int seq_length,
data/staden-2.0.0+b11/spin/codon_content.h:41:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int init_author_test (char *file_name, char *seq, int seq_length,
data/staden-2.0.0+b11/spin/codon_content.h:60:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void calc_codon_usage(char *seq, int seq_length, double codon_table[4][4][4]);
data/staden-2.0.0+b11/spin/compare_spans.c:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *error_mess_ptr, error_mess[MAXERRORMESS];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:35:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:45:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:145:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Emboss graph plot");
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:212:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[100];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plot_type[50];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[1025];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maintitle[1024];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subtitle[1024];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtitle[1024];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ytitle[1024];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj_type[100];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:385:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(filename, "r"))) {
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:632:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy1[100];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:651:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(filename, "r"))) {
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:712:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[5];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:760:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:951:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[7];
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:966:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:968:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opts[5], "round");
data/staden-2.0.0+b11/spin/init.c:11:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, c[20];
data/staden-2.0.0+b11/spin/init.c:21:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/spin/init.c:21:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/spin/nip_base_comp.c:31:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/nip_base_comp.c:40:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/nip_base_comp.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/nip_base_comp.c:110:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Plot base composition");
data/staden-2.0.0+b11/spin/nip_base_comp.c:114:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "base comp #%d", result->id);
data/staden-2.0.0+b11/spin/nip_base_comp.c:144:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/nip_canvas_box.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/nip_canvas_box.c:70:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "moveto %f", fract);
data/staden-2.0.0+b11/spin/nip_canvas_box.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/nip_canvas_box.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/nip_cmds.c:87:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result = result_data(atoi(result_id[i]), seq_num);
data/staden-2.0.0+b11/spin/nip_cmds.c:151:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(args.result_id),
data/staden-2.0.0+b11/spin/nip_cmds.c:152:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args.raster, atoi(args.raster_id),
data/staden-2.0.0+b11/spin/nip_cmds.c:432:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_file = fopen(args.codon_table,"r");
data/staden-2.0.0+b11/spin/nip_cmds.c:500:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(args.result_id),
data/staden-2.0.0+b11/spin/nip_cmds.c:501:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args.raster, atoi(args.raster_id),
data/staden-2.0.0+b11/spin/nip_cmds.c:696:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(args.raster_id),
data/staden-2.0.0+b11/spin/nip_cmds.c:779:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(args.raster_id),
data/staden-2.0.0+b11/spin/nip_cmds.c:780:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(args.result_id), args.seq_id,
data/staden-2.0.0+b11/spin/nip_cmds.c:856:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(args.result_id),
data/staden-2.0.0+b11/spin/nip_cmds.c:857:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
args.raster, atoi(args.raster_id),
data/staden-2.0.0+b11/spin/nip_cmds.c:944:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c_range[i].start = atoi(srange[0]);
data/staden-2.0.0+b11/spin/nip_cmds.c:945:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c_range[i].end = atoi(srange[1]);
data/staden-2.0.0+b11/spin/nip_cmds.c:956:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_totals[16];
data/staden-2.0.0+b11/spin/nip_cmds.c:957:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strand[8];
data/staden-2.0.0+b11/spin/nip_cmds.c:960:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(c_totals, "observed counts");
data/staden-2.0.0+b11/spin/nip_cmds.c:962:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(c_totals, "percentage");
data/staden-2.0.0+b11/spin/nip_cmds.c:966:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "forward");
data/staden-2.0.0+b11/spin/nip_cmds.c:968:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "reverse");
data/staden-2.0.0+b11/spin/nip_cmds.c:987:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(args.table, "r"))) {
data/staden-2.0.0+b11/spin/nip_cmds.c:1004:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(args.table, "r"))) {
data/staden-2.0.0+b11/spin/nip_cmds.c:1048:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(args.filename, "w"))) {
data/staden-2.0.0+b11/spin/nip_cmds.c:1177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/staden-2.0.0+b11/spin/nip_cmds.c:1358:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strand[8];
data/staden-2.0.0+b11/spin/nip_cmds.c:1360:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "forward");
data/staden-2.0.0+b11/spin/nip_cmds.c:1362:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "reverse");
data/staden-2.0.0+b11/spin/nip_cmds.c:1364:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "both");
data/staden-2.0.0+b11/spin/nip_cmds.c:1422:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(args.filename, "w"))) {
data/staden-2.0.0+b11/spin/nip_cmds.c:1431:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strand[8];
data/staden-2.0.0+b11/spin/nip_cmds.c:1433:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "forward");
data/staden-2.0.0+b11/spin/nip_cmds.c:1435:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "reverse");
data/staden-2.0.0+b11/spin/nip_cmds.c:1437:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "both");
data/staden-2.0.0+b11/spin/nip_cmds.c:1479:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(args.filename, "r"))) {
data/staden-2.0.0+b11/spin/nip_cmds.c:2026:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(tmp != NULL) return(atoi(tmp));
data/staden-2.0.0+b11/spin/nip_cmds.c:2038:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[1024];
data/staden-2.0.0+b11/spin/nip_cmds.c:2041:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( infile, "r" );
data/staden-2.0.0+b11/spin/nip_gene_search.c:33:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/nip_gene_search.c:45:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/nip_gene_search.c:71:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/nip_gene_search.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/nip_gene_search.c:121:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Plot gene search");
data/staden-2.0.0+b11/spin/nip_gene_search.c:126:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "gene f%d #%d", result->frame, result->id);
data/staden-2.0.0+b11/spin/nip_gene_search.c:129:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "gene #%d", result->id);
data/staden-2.0.0+b11/spin/nip_gene_search.c:167:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/nip_gene_search.c:467:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/staden-2.0.0+b11/spin/nip_restriction_enzymes.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/nip_restriction_enzymes.c:101:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Restriction enzyme map");
data/staden-2.0.0+b11/spin/nip_restriction_enzymes.h:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char re_win[100];
data/staden-2.0.0+b11/spin/nip_restriction_enzymes.h:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char names_win[100];
data/staden-2.0.0+b11/spin/nip_restriction_enzymes.h:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame[100];
data/staden-2.0.0+b11/spin/nip_splice_search.c:30:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/nip_splice_search.c:42:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/nip_splice_search.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/nip_splice_search.c:110:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Splice search");
data/staden-2.0.0+b11/spin/nip_splice_search.c:114:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "splice f%d #%d", result->frame,
data/staden-2.0.0+b11/spin/nip_splice_search.c:146:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/nip_splice_search.c:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[5];
data/staden-2.0.0+b11/spin/nip_splice_search.c:428:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/nip_splice_search.c:446:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/nip_splice_search.c:621:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(result_id[i]) > -1) {
data/staden-2.0.0+b11/spin/nip_splice_search.c:622:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nip_result = result_data(atoi(result_id[i]), seq_num);
data/staden-2.0.0+b11/spin/nip_splice_search.c:641:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (-1 == NipSpliceSearchPlot(interp, atoi(result_id[i]),
data/staden-2.0.0+b11/spin/nip_stop_codon.c:35:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/nip_stop_codon.c:44:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/nip_stop_codon.c:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/nip_stop_codon.c:110:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Plot stop codons");
data/staden-2.0.0+b11/spin/nip_stop_codon.c:112:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Plot start codons");
data/staden-2.0.0+b11/spin/nip_stop_codon.c:118:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "stop f%d #%d", result->frame,
data/staden-2.0.0+b11/spin/nip_stop_codon.c:121:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "start f%d #%d", result->frame,
data/staden-2.0.0+b11/spin/nip_stop_codon.c:158:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/nip_stop_codon.c:406:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*genetic_code)[5][5] = get_global_genetic_code();
data/staden-2.0.0+b11/spin/nip_stop_codon.c:423:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(codon[cnt++], "%c%c%c",
data/staden-2.0.0+b11/spin/nip_stop_codon.c:473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*genetic_code)[5][5] = get_global_genetic_code();
data/staden-2.0.0+b11/spin/nip_stop_codon.c:489:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(codon[cnt++], "%c%c%c",
data/staden-2.0.0+b11/spin/nip_stop_codon.c:538:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[5];
data/staden-2.0.0+b11/spin/nip_stop_codon.c:567:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/nip_stop_codon.c:843:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strand[8];
data/staden-2.0.0+b11/spin/nip_stop_codon.c:891:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "forward");
data/staden-2.0.0+b11/spin/nip_stop_codon.c:893:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "reverse");
data/staden-2.0.0+b11/spin/nip_stop_codon.c:895:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "both");
data/staden-2.0.0+b11/spin/nip_stop_codon.c:1033:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strand[8];
data/staden-2.0.0+b11/spin/nip_stop_codon.c:1067:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "forward");
data/staden-2.0.0+b11/spin/nip_stop_codon.c:1069:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "reverse");
data/staden-2.0.0+b11/spin/nip_stop_codon.c:1071:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "both");
data/staden-2.0.0+b11/spin/nip_stop_codon.c:1173:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_result = raster_id_to_result(atoi(raster_id[0]));
data/staden-2.0.0+b11/spin/nip_stop_codon.c:1176:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result = result_data(atoi(result_id[0]), seq_num);
data/staden-2.0.0+b11/spin/nip_stop_codon.c:1188:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (-1 == NipStopCodonsPlot(interp, atoi(result_id[i]), seq_num,
data/staden-2.0.0+b11/spin/nip_stop_codon.c:1198:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (-1 == NipStopCodonsPlotBoth(interp, atoi(result_id[i]), seq_num,
data/staden-2.0.0+b11/spin/nip_stop_codon.c:1215:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_result = raster_id_to_result(atoi(raster_id[i]));
data/staden-2.0.0+b11/spin/nip_string_search.c:34:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/nip_string_search.c:40:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/nip_string_search.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/nip_string_search.c:96:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "string search");
data/staden-2.0.0+b11/spin/nip_string_search.c:100:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "string #%d", result->id);
data/staden-2.0.0+b11/spin/nip_string_search.c:132:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/nip_string_search.c:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strand[8];
data/staden-2.0.0+b11/spin/nip_string_search.c:386:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "forward");
data/staden-2.0.0+b11/spin/nip_string_search.c:388:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(strand, "reverse");
data/staden-2.0.0+b11/spin/nip_string_search.c:392:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10];
data/staden-2.0.0+b11/spin/nip_string_search.c:394:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "iub");
data/staden-2.0.0+b11/spin/nip_string_search.c:396:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "literal");
data/staden-2.0.0+b11/spin/nip_trna_search.c:35:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/nip_trna_search.c:41:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/nip_trna_search.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/nip_trna_search.c:101:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "tRNA search");
data/staden-2.0.0+b11/spin/nip_trna_search.c:105:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "trna #%d", result->id);
data/staden-2.0.0+b11/spin/nip_trna_search.c:135:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/nip_wtmatrix_search.c:33:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/nip_wtmatrix_search.c:39:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/nip_wtmatrix_search.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/nip_wtmatrix_search.c:95:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "wtmatrix search");
data/staden-2.0.0+b11/spin/nip_wtmatrix_search.c:99:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "wtmatrix #%d", result->id);
data/staden-2.0.0+b11/spin/nip_wtmatrix_search.c:129:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/raster_cmds.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[5];
data/staden-2.0.0+b11/spin/raster_cmds.c:100:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", args.line_width);
data/staden-2.0.0+b11/spin/readpam.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/staden-2.0.0+b11/spin/readpam.c:147:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
j = atoi(&line[i]);
data/staden-2.0.0+b11/spin/readpam.c:224:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(file_name_ptr,"r"))) {
data/staden-2.0.0+b11/spin/rescan_matches.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[3];
data/staden-2.0.0+b11/spin/seq_plot_funcs.c:481:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(output->interp));
data/staden-2.0.0+b11/spin/seq_plot_funcs.c:593:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(output->interp));
data/staden-2.0.0+b11/spin/seq_raster.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *colour[NUM_COL];
data/staden-2.0.0+b11/spin/seq_raster.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:345:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (raster_id_to_result(atoi(Tcl_GetStringResult(interp))));
data/staden-2.0.0+b11/spin/seq_raster.c:478:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:556:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/seq_raster.c:589:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:614:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (NULL == (result = raster_id_to_result(atoi(id_list_argv[i]))))
data/staden-2.0.0+b11/spin/seq_raster.c:729:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:810:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[7];
data/staden-2.0.0+b11/spin/seq_raster.c:823:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", cursor->line_width);
data/staden-2.0.0+b11/spin/seq_raster.c:1004:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:1039:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
current_xmag_value = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/seq_raster.c:1068:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
current_ymag_value = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/seq_raster.c:1097:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:1275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:1293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:1322:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:1465:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zoom = GetRasterZoom(atoi(id_list_argv[i]));
data/staden-2.0.0+b11/spin/seq_raster.c:1546:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (NULL ==(raster_result = raster_id_to_result(atoi(id_list_argv[i]))))
data/staden-2.0.0+b11/spin/seq_raster.c:1896:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
FindRasterSize(atoi(id_list_argv[i]), &max_size);
data/staden-2.0.0+b11/spin/seq_raster.c:1910:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
FindRasterSize(atoi(id_list_argv[i]), &max_size);
data/staden-2.0.0+b11/spin/seq_raster.c:1987:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[5];
data/staden-2.0.0+b11/spin/seq_raster.c:1999:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_raster.c:2051:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", GetRasterLineWidth(interp, rasterold,
data/staden-2.0.0+b11/spin/seq_raster.c:2331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[5];
data/staden-2.0.0+b11/spin/seq_raster.c:2412:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", GetRasterLineWidth(interp, rasterold, output->env_index));
data/staden-2.0.0+b11/spin/seq_raster.c:2606:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id_orig = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/seq_raster.c:2683:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id_new = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/seq_raster.c:2710:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "raster plot");
data/staden-2.0.0+b11/spin/seq_raster.c:3701:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[5];
data/staden-2.0.0+b11/spin/seq_raster.c:3744:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/seq_raster.c:3809:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[5];
data/staden-2.0.0+b11/spin/seq_raster.c:3881:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/seq_raster.c:3932:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_result = raster_id_to_result(atoi(id_list[0]));
data/staden-2.0.0+b11/spin/seq_raster.c:3936:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seq_gene_search_plot(interp, atoi(result_id[i]), seq_num, win_list[i],
data/staden-2.0.0+b11/spin/seq_raster.c:3947:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_result = raster_id_to_result(atoi(id_list[i]));
data/staden-2.0.0+b11/spin/seq_raster.c:3972:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[5];
data/staden-2.0.0+b11/spin/seq_raster.c:4014:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/seq_raster.h:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raster_win[1024]; /* name of raster window */
data/staden-2.0.0+b11/spin/seq_raster.h:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour1[100]; /* colour of plot */
data/staden-2.0.0+b11/spin/seq_raster.h:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raster_win[1024];
data/staden-2.0.0+b11/spin/seq_reg.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cursor_colour[NUM_CURSOR_COL];
data/staden-2.0.0+b11/spin/seq_reg.c:545:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/seq_reg.c:618:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:272:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "set_range_d %d", GetSeqId(args.seq_num));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:278:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "copy_range_d %d", GetSeqId(args.seq_num));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:305:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "translate_d %d", GetSeqId(args.seq_num));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:330:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "rotate_d %d", GetSeqId(args.seq_num));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:336:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "file_save_d %d", GetSeqId(args.seq_num));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:344:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:345:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "seq_shutdown %d\n", GetSeqId(args.seq_num));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:408:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:434:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:701:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[20];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:757:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seq_num = GetSeqNum(atoi(argv[1]));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:771:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vTcl_SetResult(interp, "%s", GetSeqCdsExpr(seq_num,atoi(argv[3])));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:822:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:836:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "linear");
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:838:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "circular");
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:855:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vTcl_SetResult(interp, "%d", GetSeqId(atoi(argv[1])));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:868:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vTcl_SetResult(interp, "%d", GetSeqNum(atoi(argv[1])));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:897:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
direction = atoi(argv[1]);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:913:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
direction = atoi(argv[1]);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:986:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(args.file, "w"))) {
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1132:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "seq_shutdown %d\n", args.seq_id);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1309:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1348:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", GetSeqId(num[0]));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1352:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", GetSeqId(num[1]));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1356:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", GetSeqId(num[2]));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char direction[11];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1473:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(direction, "horizontal");
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1475:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(direction, "vertical");
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1671:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", GetSeqId(seq_num));
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1756:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1774:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d %d", result->seq[i].seq_id, result->seq[i].direction);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1779:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d %d", seq_result->seq_id[HORIZONTAL], HORIZONTAL);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1782:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d %d", seq_result->seq_id[VERTICAL], VERTICAL);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1912:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result = result_data(atoi(result_id[i]), seq_num);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:2280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raster_win[1024];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:2340:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seq_array[i].seq_id = atoi(array1[0]);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:2341:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seq_array[i].direction = atoi(array1[1]);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:2739:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, c[10];
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:2749:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:2749:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/spin/seq_results.c:424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/staden-2.0.0+b11/spin/seq_results.c:779:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq2, seq1, length);
data/staden-2.0.0+b11/spin/seq_results.c:839:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq2, seq1, length);
data/staden-2.0.0+b11/spin/seq_results.c:1070:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq2, seq1, length);
data/staden-2.0.0+b11/spin/seq_results.c:1133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq2, seq1, length);
data/staden-2.0.0+b11/spin/seq_results.c:1255:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(output->interp));
data/staden-2.0.0+b11/spin/seq_results.c:1316:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(output->interp));
data/staden-2.0.0+b11/spin/seq_results.h:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour[20];
data/staden-2.0.0+b11/spin/seq_sendto.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_sendto.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_sendto.c:103:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/seq_sendto.c:105:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[100];
data/staden-2.0.0+b11/spin/seq_sendto.c:106:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[1024];
data/staden-2.0.0+b11/spin/seq_sendto.c:107:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job[1024];
data/staden-2.0.0+b11/spin/seq_sendto.c:115:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(job, "MOVE");
data/staden-2.0.0+b11/spin/seq_sendto.c:150:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%d", cursor->id);
data/staden-2.0.0+b11/spin/seq_sendto.c:165:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("cid %d refs %d\n", atoi(list[0]), atoi(list[1]));
data/staden-2.0.0+b11/spin/seq_sendto.c:165:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("cid %d refs %d\n", atoi(list[0]), atoi(list[1]));
data/staden-2.0.0+b11/spin/seq_sendto.c:169:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("SIP refs %d GAP refs %d\n", cursor->refs, atoi(list[1]));
data/staden-2.0.0+b11/spin/seq_sendto.c:171:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(list[1]) > cursor->refs) {
data/staden-2.0.0+b11/spin/seq_sendto.c:172:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cursor->refs = atoi(list[1]);
data/staden-2.0.0+b11/spin/seqed.c:155:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "sequence editor");
data/staden-2.0.0+b11/spin/seqed.h:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqed_win[1024];
data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence[2*MAX_DISPLAY_WIDTH]; /* make large to accomodate overlaps */
data/staden-2.0.0+b11/spin/seqed_search.c:103:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10];
data/staden-2.0.0+b11/spin/seqed_search.c:104:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sstrand[10];
data/staden-2.0.0+b11/spin/seqed_search.c:105:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdirection[10];
data/staden-2.0.0+b11/spin/seqed_search.c:107:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sdirection, "backward");
data/staden-2.0.0+b11/spin/seqed_search.c:109:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sdirection, "forward");
data/staden-2.0.0+b11/spin/seqed_search.c:112:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sstrand, "reverse");
data/staden-2.0.0+b11/spin/seqed_search.c:114:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sstrand, "forward");
data/staden-2.0.0+b11/spin/seqed_search.c:117:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "iub");
data/staden-2.0.0+b11/spin/seqed_search.c:119:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "literal");
data/staden-2.0.0+b11/spin/seqed_translate.c:180:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "Frame %d%c", (frame-1)%3+1, frame>3 ? '-' : '+');
data/staden-2.0.0+b11/spin/seqed_translate.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codon[3];
data/staden-2.0.0+b11/spin/seqed_translate.c:264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st_str[3];
data/staden-2.0.0+b11/spin/seqed_translate.c:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codon[3];
data/staden-2.0.0+b11/spin/seqed_translate.c:522:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codon[3];
data/staden-2.0.0+b11/spin/seqed_write.c:44:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(k,"%10d",lower);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/sequence_pair_display.c:80:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "sequence display");
data/staden-2.0.0+b11/spin/sequence_pair_display.c:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10];
data/staden-2.0.0+b11/spin/sequence_pair_display.c:316:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%10d", i*10);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:344:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%10d", i*10);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/sequence_pair_display.c:481:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/sequence_pair_display.c:484:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/sequence_pair_display.c:486:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "SequencePairDisplay 1 1 %d %d -1 -1 %d\n",
data/staden-2.0.0+b11/spin/sequence_pair_display.c:502:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/sequence_pair_display.h:11:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_disp_win[1024];
data/staden-2.0.0+b11/spin/sim.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strchr(), *strcpy(), filename[1000];
data/staden-2.0.0+b11/spin/sim.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200], *p, *fgets(), alph[128];
data/staden-2.0.0+b11/spin/sim.c:1238:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fopen(), *fp;
data/staden-2.0.0+b11/spin/sim.c:1240:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(name, mode)) == NULL)
data/staden-2.0.0+b11/spin/sip_align.c:31:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/sip_align.c:41:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/sip_align.c:66:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/sip_align.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/sip_align.c:107:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Align sequences");
data/staden-2.0.0+b11/spin/sip_align.c:110:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "align #%d", result->id);
data/staden-2.0.0+b11/spin/sip_align.c:140:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/sip_align.c:394:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq, sequence, seq_len);
data/staden-2.0.0+b11/spin/sip_align.c:581:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[7];
data/staden-2.0.0+b11/spin/sip_align.c:596:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/sip_align.c:598:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opts[5], "round");
data/staden-2.0.0+b11/spin/sip_cmds.c:246:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result = result_data(atoi(result_id[i]), seq_num);
data/staden-2.0.0+b11/spin/sip_cmds.c:682:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_replot_temp(atoi(argv[1]));
data/staden-2.0.0+b11/spin/sip_cmds.c:712:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_max_matches(atoi(argv[1]));
data/staden-2.0.0+b11/spin/sip_cmds.c:738:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_def_matches(atoi(argv[1]));
data/staden-2.0.0+b11/spin/sip_cmds.c:773:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_remove_dup(atoi(argv[1]));
data/staden-2.0.0+b11/spin/sip_cmds.c:953:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, c[10];
data/staden-2.0.0+b11/spin/sip_cmds.c:962:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/spin/sip_cmds.c:962:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/spin/sip_find_identity.c:32:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/sip_find_identity.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/sip_find_identity.c:88:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Find matching words");
data/staden-2.0.0+b11/spin/sip_find_identity.c:92:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "matching words #%d", result->id);
data/staden-2.0.0+b11/spin/sip_find_identity.c:136:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/sip_find_identity.c:160:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(output->interp));
data/staden-2.0.0+b11/spin/sip_find_identity.c:241:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(output->interp));
data/staden-2.0.0+b11/spin/sip_find_identity.c:263:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(output->interp));
data/staden-2.0.0+b11/spin/sip_find_identity.c:735:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[7];
data/staden-2.0.0+b11/spin/sip_find_identity.c:750:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/sip_find_identity.c:752:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opts[5], "round");
data/staden-2.0.0+b11/spin/sip_quick_scan.c:33:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/sip_quick_scan.c:57:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/sip_quick_scan.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/sip_quick_scan.c:94:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Find best diagonals");
data/staden-2.0.0+b11/spin/sip_quick_scan.c:98:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "diagonals #%d", result->id);
data/staden-2.0.0+b11/spin/sip_quick_scan.c:132:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/sip_quick_scan.c:157:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/sip_quick_scan.c:186:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(output->interp));
data/staden-2.0.0+b11/spin/sip_quick_scan.c:267:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(output->interp));
data/staden-2.0.0+b11/spin/sip_quick_scan.c:290:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(output->interp));
data/staden-2.0.0+b11/spin/sip_quick_scan.c:665:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[7];
data/staden-2.0.0+b11/spin/sip_quick_scan.c:680:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/sip_quick_scan.c:682:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opts[5], "round");
data/staden-2.0.0+b11/spin/sip_results.c:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to->matrix[i], from->matrix[i],
data/staden-2.0.0+b11/spin/sip_sim.c:43:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/sip_sim.c:53:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/sip_sim.c:78:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/sip_sim.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/sip_sim.c:123:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Local alignment");
data/staden-2.0.0+b11/spin/sip_sim.c:126:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "local #%d", result->id);
data/staden-2.0.0+b11/spin/sip_sim.c:156:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/sip_sim.c:731:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[7];
data/staden-2.0.0+b11/spin/sip_sim.c:746:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/sip_sim.c:748:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opts[5], "round");
data/staden-2.0.0+b11/spin/sip_similar_spans.c:118:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/staden-2.0.0+b11/spin/sip_similar_spans.c:128:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/sip_similar_spans.c:155:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raster_id = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/spin/sip_similar_spans.c:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/spin/sip_similar_spans.c:198:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "Find similar spans");
data/staden-2.0.0+b11/spin/sip_similar_spans.c:202:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jdata->name.line, "similar spans #%d", result->id);
data/staden-2.0.0+b11/spin/sip_similar_spans.c:241:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SipRescanMatches(output->interp, result, id, atoi(Tcl_GetStringResult(output->interp)));
data/staden-2.0.0+b11/spin/sip_similar_spans.c:246:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "RasterConfig %d", id);
data/staden-2.0.0+b11/spin/sip_similar_spans.c:665:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opts[5];
data/staden-2.0.0+b11/spin/sip_similar_spans.c:678:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opts[3], "%d", line_width);
data/staden-2.0.0+b11/spin/splice_search.c:536:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[200],char_type[2];
data/staden-2.0.0+b11/spin/splice_search.c:623:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileexpand_ied[FILENAME_MAX+1];
data/staden-2.0.0+b11/spin/splice_search.c:624:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileexpand_eia[FILENAME_MAX+1];
data/staden-2.0.0+b11/spin/splice_search.c:635:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (file_p = fopen ( fileexpand_ied, "r"))) return -1;
data/staden-2.0.0+b11/spin/splice_search.c:667:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (file_p = fopen ( fileexpand_eia, "r"))) return -1;
data/staden-2.0.0+b11/spin/splice_search.c:959:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (file_p = fopen ( filename, "r"))) return -1;
data/staden-2.0.0+b11/spin/tkSeqed.c:356:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqed_add_renzyme(se, argv[3], argv[4], atoi(argv[5]));
data/staden-2.0.0+b11/spin/tkSeqed.c:385:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqedTranslateAdd(interp, se, atoi(argv[3]));
data/staden-2.0.0+b11/spin/tkSeqed.c:387:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqedTranslateDelete(se, atoi(argv[3]));
data/staden-2.0.0+b11/spin/tkSeqed.c:399:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqedTransMode(se, atoi(argv[2]));
data/staden-2.0.0+b11/spin/tkSeqed.c:489:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqed_showCursor(se, se->cursorSeq, atoi(argv[2]));
data/staden-2.0.0+b11/spin/tkSeqed.c:492:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqed_positionCursor(se, se->cursorSeq, atoi(argv[2]));
data/staden-2.0.0+b11/spin/tkSeqed.c:495:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqed_setCursorPos(se, atoi(argv[2]));
data/staden-2.0.0+b11/spin/tkSeqed.h:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cursorCol[10];
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sline[MAX_DISPLAY_WIDTH+1];
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sline[MAX_DISPLAY_WIDTH+1];
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sline[MAX_DISPLAY_WIDTH+1];
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sline[MAX_DISPLAY_WIDTH+1];
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:557:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:578:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %g %g", pos / (double)total,
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:599:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:631:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %f %f", start, end);
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:672:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colour[20];
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:675:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colour, "blue");
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:677:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colour, "red");
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:679:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colour, "green");
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:681:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colour, "purple");
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:683:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colour, "brown");
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:685:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colour, "yellow");
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:687:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colour, "cyan");
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:689:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colour, "hotpink");
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:691:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colour, "orange");
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:693:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colour, "yellowgreen");
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:695:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colour, "coral");
data/staden-2.0.0+b11/spin/tkSeqedUtils.c:1180:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename,"w")) != NULL ) {
data/staden-2.0.0+b11/spin/trna_search.c:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix[35][35], scores_v[5][5], scores_vh[5][5];
data/staden-2.0.0+b11/spin/trna_search.c:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix[35][35], scores_v[5][5], scores_vh[5][5];
data/staden-2.0.0+b11/stops/stops.c:361:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.signal_val = atoi(optarg);
data/staden-2.0.0+b11/stops/stops.c:365:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.window_len = atoi(optarg);
data/staden-2.0.0+b11/stops/stops.c:369:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.baseline = atoi(optarg);
data/staden-2.0.0+b11/tk_utils/canvas_box.c:41:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
canvas->width = atoi(Tcl_GetStringResult(interp)) - 1;
data/staden-2.0.0+b11/tk_utils/canvas_box.c:44:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
canvas->height = atoi(Tcl_GetStringResult(interp)) - 1;
data/staden-2.0.0+b11/tk_utils/canvas_box.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/canvas_box.c:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/canvas_box.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/canvas_box.c:331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/canvas_box.c:348:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
canvas->y = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/tk_utils/canvas_box.c:378:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(Tcl_GetStringResult(interp)) - 1;
data/staden-2.0.0+b11/tk_utils/canvas_box.c:381:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi(Tcl_GetStringResult(interp)) - 1;
data/staden-2.0.0+b11/tk_utils/canvas_box.c:486:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stack->data, visible, sizeof(d_box));
data/staden-2.0.0+b11/tk_utils/canvas_box.c:515:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp->data, stack1p->data, sizeof(d_box));
data/staden-2.0.0+b11/tk_utils/canvas_box.c:585:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/canvas_box.c:617:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/canvas_box.c:723:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(world->visible, examineZoom(*zoom_list), sizeof(d_box));
data/staden-2.0.0+b11/tk_utils/canvas_box.c:969:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/canvas_box.c:994:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/canvas_box.c:1019:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/canvas_box.c:1023:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(Tcl_GetStringResult(interp)));
data/staden-2.0.0+b11/tk_utils/canvas_box.c:1030:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/canvas_box.c:1034:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(Tcl_GetStringResult(interp)));
data/staden-2.0.0+b11/tk_utils/canvas_box.h:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arrow[6]; /* arrow type: none, first, last, both */
data/staden-2.0.0+b11/tk_utils/canvas_box.h:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arrow[6]; /* arrow type: none, first, last, both */
data/staden-2.0.0+b11/tk_utils/cli_arg.c:15:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((int *) &store[a->offset]) = atoi(val);
data/staden-2.0.0+b11/tk_utils/cli_arg.c:42:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset((char *)&((char *)store)[a->offset], 0, a->value); /* YUK */
data/staden-2.0.0+b11/tk_utils/container.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/container.c:438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/container.c:442:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(Tcl_GetStringResult(interp)));
data/staden-2.0.0+b11/tk_utils/container.c:448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/container.c:452:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(Tcl_GetStringResult(interp)));
data/staden-2.0.0+b11/tk_utils/container.c:808:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/container.c:831:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!atoi(Tcl_GetStringResult(c->interp))) {
data/staden-2.0.0+b11/tk_utils/container.c:835:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!atoi(Tcl_GetStringResult(c->interp))) {
data/staden-2.0.0+b11/tk_utils/container.c:1961:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->world->visible, examineZoom(e->zoom), sizeof(d_box));
data/staden-2.0.0+b11/tk_utils/container.c:1996:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pixel_column, e->c->column[e->column_index]->pixel, sizeof(CanvasPtr));
data/staden-2.0.0+b11/tk_utils/container.c:2005:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pixel_row, e->c->row[e->row_index]->pixel, sizeof(CanvasPtr));
data/staden-2.0.0+b11/tk_utils/container.c:2600:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/container.c:2626:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/container.h:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tags[10];
data/staden-2.0.0+b11/tk_utils/container_cmds.c:433:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e = get_element(atoi(argv[1]));
data/staden-2.0.0+b11/tk_utils/container_cmds.c:492:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e = get_element(atoi(argv[1]));
data/staden-2.0.0+b11/tk_utils/container_ruler.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/container_ruler.c:59:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ruler_id = atoi(list[0]);
data/staden-2.0.0+b11/tk_utils/container_ruler.c:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/container_ruler.c:221:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row_num = atoi(list[0]);
data/staden-2.0.0+b11/tk_utils/container_ruler.c:222:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
column_num = atoi(list[1]);
data/staden-2.0.0+b11/tk_utils/container_ruler.c:244:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ruler_id = atoi(list[0]);
data/staden-2.0.0+b11/tk_utils/element_canvas.c:70:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return(atoi(Tcl_GetStringResult(interp)));
data/staden-2.0.0+b11/tk_utils/element_canvas.c:78:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return(atoi(Tcl_GetStringResult(interp)));
data/staden-2.0.0+b11/tk_utils/element_canvas.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/element_canvas.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/element_canvas.c:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/element_canvas.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/element_canvas.c:332:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/element_canvas.c:350:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "id%d", e->results[i]->result_id);
data/staden-2.0.0+b11/tk_utils/element_canvas.c:418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orient[2];
data/staden-2.0.0+b11/tk_utils/element_canvas.c:499:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/element_canvas.c:571:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/element_canvas.c:638:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/element_canvas.c:648:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cx = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/tk_utils/element_canvas.c:664:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cy = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/tk_utils/init.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, c[20], *lib = NULL, buf[1024];
data/staden-2.0.0+b11/tk_utils/init.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/staden-2.0.0+b11/tk_utils/init.c:104:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/tk_utils/init.c:104:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(c, "%d", atoi(s)|2);
data/staden-2.0.0+b11/tk_utils/misc.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_filename[FILENAME_MAX+1];
data/staden-2.0.0+b11/tk_utils/postscript.c:79:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options->dash[i] = atoi(dash_list[i]);
data/staden-2.0.0+b11/tk_utils/postscript.c:106:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ps_file = fopen(filename, "w");
data/staden-2.0.0+b11/tk_utils/postscript.c:245:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ps_text->text, "%c", c);
data/staden-2.0.0+b11/tk_utils/postscript.c:258:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ps_text->text, "%d", num);
data/staden-2.0.0+b11/tk_utils/restriction_enzyme_map.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/restriction_enzyme_map.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/restriction_enzyme_map.c:167:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(world->visible, world->total, sizeof(d_box));
data/staden-2.0.0+b11/tk_utils/ruler_tick.c:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/ruler_tick.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/ruler_tick.c:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/staden-2.0.0+b11/tk_utils/sheet.c:300:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/staden-2.0.0+b11/tk_utils/stash.c:26:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tcl_lib[8192], tk_lib[8192], stad_lib[8192];
data/staden-2.0.0+b11/tk_utils/tclCanvGraph.c:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10];
data/staden-2.0.0+b11/tk_utils/tclCanvGraph.c:118:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "hello");
data/staden-2.0.0+b11/tk_utils/tclExtdInt.h:19:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
((char *) memcpy (ckalloc (length + 1), sourceStr, length + 1))
data/staden-2.0.0+b11/tk_utils/tcl_io_lib.c:17:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sanitized[256];
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:28:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[8192];
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[8192], *stringp = string;
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[8192], *stringp = string;
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:116:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[8192];
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:124:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[8192];
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:156:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/staden-2.0.0+b11/tk_utils/tcl_utils.c:157:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "p_%p", ptr);
data/staden-2.0.0+b11/tk_utils/text_output.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stdout_win[100], stderr_win[100];
data/staden-2.0.0+b11/tk_utils/text_output.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cur_tag[100];
data/staden-2.0.0+b11/tk_utils/text_output.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[1], *merged;
data/staden-2.0.0+b11/tk_utils/text_output.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[100];
data/staden-2.0.0+b11/tk_utils/text_output.c:119:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hname[256];
data/staden-2.0.0+b11/tk_utils/text_output.c:141:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fn, "a");
data/staden-2.0.0+b11/tk_utils/text_output.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_list[1024];
data/staden-2.0.0+b11/tk_utils/text_output.c:261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[100], buf[100+8192];
data/staden-2.0.0+b11/tk_utils/text_output.c:267:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cur_tag, "%d", atoi(cur_tag)+1);
data/staden-2.0.0+b11/tk_utils/text_output.c:267:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(cur_tag, "%d", atoi(cur_tag)+1);
data/staden-2.0.0+b11/tk_utils/text_output.c:317:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192+1];
data/staden-2.0.0+b11/tk_utils/text_output.c:551:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stdout_scroll = atoi(argv[2]);
data/staden-2.0.0+b11/tk_utils/text_output.c:553:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stderr_scroll = atoi(argv[2]);
data/staden-2.0.0+b11/tk_utils/text_output.c:583:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (*argv[2] && NULL == (*fp = fopen(argv[2], "w"))) {
data/staden-2.0.0+b11/tk_utils/text_output.c:608:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = pipe_mania(argv[2], strlen(argv[2]), argv[1], atoi(argv[3]));
data/staden-2.0.0+b11/tk_utils/text_output.c:627:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], *p2 = buf, *p = buf, *z;
data/staden-2.0.0+b11/tk_utils/text_output.c:681:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/staden-2.0.0+b11/tk_utils/text_output.c:714:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], tbuf[100], *p, *bufp = buf;
data/staden-2.0.0+b11/tk_utils/text_output.c:808:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
funcgroup(atoi(argv[1]), argv[2]);
data/staden-2.0.0+b11/tk_utils/text_output.c:825:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
noisy = atoi(argv[1]);
data/staden-2.0.0+b11/tk_utils/text_output.c:834:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char small_buf[1024];
data/staden-2.0.0+b11/tk_utils/text_output.c:863:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, str, string_len);
data/staden-2.0.0+b11/tk_utils/text_output.c:934:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], tbuf[100], *bufp = buf;
data/staden-2.0.0+b11/tk_utils/text_output.c:1003:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], *bufp = buf;
data/staden-2.0.0+b11/tk_utils/text_output.c:1033:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], *bufp = buf;
data/staden-2.0.0+b11/tk_utils/text_output.c:1063:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8192], *namep = name;
data/staden-2.0.0+b11/tk_utils/text_output.c:1097:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8192], *namep = name;
data/staden-2.0.0+b11/tk_utils/text_output.c:1124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char params[8192], *paramsp = params;
data/staden-2.0.0+b11/tk_utils/text_output.c:1155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mess[1024];
data/staden-2.0.0+b11/tk_utils/text_output.c:1156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/staden-2.0.0+b11/tk_utils/tkCanvGraph.c:656:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64 + TCL_INTEGER_SPACE];
data/staden-2.0.0+b11/tk_utils/tkCanvGraph.c:658:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "wrong # coordinates: expected 2, got %d", argc);
data/staden-2.0.0+b11/tk_utils/tkCanvGraph.c:675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64 + TCL_INTEGER_SPACE];
data/staden-2.0.0+b11/tk_utils/tkCanvGraph.c:677:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "wrong # coordinates: expected 0 or 2, got %d", argc);
data/staden-2.0.0+b11/tk_utils/tkCanvGraph.c:2455:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/tk_utils/tkCanvGraph.c:2463:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(Tcl_GetStringResult(interp)));
data/staden-2.0.0+b11/tk_utils/tkRaster.c:622:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) RasterPtr, argv[2], 0);
data/staden-2.0.0+b11/tk_utils/tkRaster.c:631:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) RasterPtr, argv[2], 0);
data/staden-2.0.0+b11/tk_utils/tkRaster.c:1824:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args [200];
data/staden-2.0.0+b11/tk_utils/tkRaster.c:1834:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(args, " %.20f %.20f",
data/staden-2.0.0+b11/tk_utils/tkRaster.c:1849:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args [200];
data/staden-2.0.0+b11/tk_utils/tkRaster.c:1862:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(args, " %.20f %.20f",
data/staden-2.0.0+b11/tk_utils/tkRaster.c:3022:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result = atoi(Tcl_GetStringResult(interp));
data/staden-2.0.0+b11/tk_utils/tkRaster.c:3055:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char colour[10];
data/staden-2.0.0+b11/tk_utils/tkRaster.c:3064:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(colour, "#%02x%02x%02x", drawEnvPtr->fgColor->red/256,
data/staden-2.0.0+b11/tk_utils/tkSheet_common.c:151:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sw->configSpecs, (char *)sw,
data/staden-2.0.0+b11/tk_utils/tkTrace.c:423:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
configSpecs, (char *) tracePtr,
data/staden-2.0.0+b11/tk_utils/tkTrace.c:477:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (-1 == trace_save(tracePtr, (char *)nativepath, argv[3])) {
data/staden-2.0.0+b11/tk_utils/tkTrace.c:488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/tk_utils/tkTrace.c:498:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", tracePtr->read ? 1 : 0);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:511:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[256];
data/staden-2.0.0+b11/tk_utils/tkTrace.c:515:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( ibuf, "POINTS=%d\nBASES=%d\nBASELINE=%d\nMAXVAL=%d",
data/staden-2.0.0+b11/tk_utils/tkTrace.c:531:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-2.0.0+b11/tk_utils/tkTrace.c:535:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%g %g", f1, f2);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:548:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = trace_get_pos(tracePtr, atoi(ap+1));
data/staden-2.0.0+b11/tk_utils/tkTrace.c:550:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi(ap);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:679:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/tk_utils/tkTrace.c:681:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", tracePtr->cursor_pos);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:693:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(&argv[2][1]), 0);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:695:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tracePtr->cursor_pos = atoi(argv[2]);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:761:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pixel_to_base(tracePtr, atoi(&argv[2][1]), 1);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:763:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tracePtr->read->leftCutoff = atoi(argv[2]);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:807:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pixel_to_base(tracePtr,atoi(&argv[2][1]), 1) + 1;
data/staden-2.0.0+b11/tk_utils/tkTrace.c:809:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tracePtr->read->rightCutoff = atoi(argv[2]);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:842:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pixel_to_base(tracePtr, atoi(&argv[2][1]), 1);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:844:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tracePtr->leftVector = atoi(argv[2]);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:874:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pixel_to_base(tracePtr, atoi(&argv[2][1]), 1) + 1;
data/staden-2.0.0+b11/tk_utils/tkTrace.c:876:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tracePtr->rightVector = atoi(argv[2]) + 1;
data/staden-2.0.0+b11/tk_utils/tkTrace.c:913:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/staden-2.0.0+b11/tk_utils/tkTrace.c:927:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %d", tracePtr->disp_offset, tracePtr->disp_width);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:936:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %d", st, en - st);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:949:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %d", st, en - st);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:955:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4096];
data/staden-2.0.0+b11/tk_utils/tkTrace.c:1118:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pos = atoi(&argv[2][1]);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:1143:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(argv[2]);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:1914:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[100];
data/staden-2.0.0+b11/tk_utils/tkTrace.c:1918:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, " %d %d %d %d", t->read->NPoints, t->disp_width,
data/staden-2.0.0+b11/tk_utils/tkTrace.c:1924:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, " %g %g", start, end);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:2243:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(filename, "wb")))
data/staden-2.0.0+b11/tk_utils/tkTraceComp.c:20:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char opp[256]; /* complement of any given base */
data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[5];
data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c:143:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b, "%02d", conf);
data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c:145:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(b, "XX");
data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[5];
data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c:190:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b, "%02d", conf);
data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c:192:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(b, "XX");
data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c:699:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[10];
data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c:746:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number, "%d", cind);
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:276:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->edBases, t->read->base, t->read->NBases);
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:484:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%d", t->leftVector );
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:489:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%d", t->rightVector );
data/staden-2.0.0+b11/tracediff/main.cpp:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pBuffer[BUFSIZE];
data/staden-2.0.0+b11/tracediff/main.cpp:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pFileOfFiles[BUFSIZE] = { 0 };
data/staden-2.0.0+b11/tracediff/main.cpp:261:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
std::FILE* pFOFN = std::fopen( pFileOfFiles, "rt" );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE], *file_name, *vector_name = NULL, *f_primer_seq = NULL,*r_primer_seq = NULL;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:820:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[FILENAME_MAX+1],*cp, *seq;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:826:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:871:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ql = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:875:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:912:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", x);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:961:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[FILENAME_MAX+1],*cp, *seq;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:965:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:971:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vector_file_name[FILENAME_MAX+1];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:972:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_vector_file_name[FILENAME_MAX+1];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1028:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ql = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1034:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1042:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sl = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1048:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1053:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sc = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1068:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1080:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1120:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vf = fopen(vector_file_name, "r");
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1219:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", sl);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1225:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", sr);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[FILENAME_MAX+1],*cp, *seq;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pstat[1024];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1330:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ql = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1336:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1344:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sl = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1350:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1475:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", sl);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1480:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", sr);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1489:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", pr_type);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1612:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[FILENAME_MAX+1],*cp, *seq;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1616:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1637:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vector_file_name[FILENAME_MAX+1], *vfn;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1638:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_vector_file_name[FILENAME_MAX+1];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1721:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ql = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1727:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1735:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sl = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1741:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1746:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sc = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1755:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1788:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vf = fopen(vector_file_name, "r");
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2069:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", sl);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2075:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", sr);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[FILENAME_MAX+1],*cp, *seq;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vector_file_name[FILENAME_MAX+1], *vfn;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_vector_file_name[FILENAME_MAX+1];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2188:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ql = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2192:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2199:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sl = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2203:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2230:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vf = fopen(vector_file_name, "r");
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2351:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", cl);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2357:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", cr);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2697:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[FILENAME_MAX+1],*cp, *seq;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2707:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vector_file_name[FILENAME_MAX+1], *vfn;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2708:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_vector_file_name[FILENAME_MAX+1];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2761:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ql = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2765:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2772:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sl = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2776:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sr = atoi ( expline );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2811:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vf = fopen(vector_file_name, "r");
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2968:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SEQ_LINE];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expanded_fn[FILENAME_MAX+1];
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3451:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
word_length = atoi(optarg);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3455:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_diags = atoi(optarg);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3464:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_match = atoi(optarg);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3467:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vector_primer_length = atoi(optarg);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3476:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_left = atoi(optarg);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3479:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_vector = atoi(optarg);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3533:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_i = fopen(fofn_i, "r");
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3539:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_p = fopen(fofn_p, "w");
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3546:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_f = fopen(fofn_f, "w");
data/staden-2.0.0+b11/vector_clip/vector_clip.c:3558:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_vf = fopen(expanded_fn, "r");
data/staden-2.0.0+b11/Misc/dstring.c:196:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return dstring_ninsert(ds, offset, str, strlen(str));
data/staden-2.0.0+b11/Misc/dstring.c:402:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ds->length = strlen(ds->str);
data/staden-2.0.0+b11/Misc/dstring.c:448:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rep_len = strlen(rep_str);
data/staden-2.0.0+b11/Misc/dstring.c:493:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t search_len = strlen(search);
data/staden-2.0.0+b11/Misc/dstring.c:517:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t search_len = strlen(search);
data/staden-2.0.0+b11/Misc/dstring.c:548:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t search_len = strlen(search);
data/staden-2.0.0+b11/Misc/dstring.c:731:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(long)strlen(dstring_str(ds1)));
data/staden-2.0.0+b11/Misc/dstring.c:757:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("i=%d, len=%ld\n", i, (long)strlen(dstring_str(ds1)));
data/staden-2.0.0+b11/Misc/filenames.c:13:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fn);
data/staden-2.0.0+b11/Misc/find.c:43:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
paths = (char *) malloc(strlen(searchpath)+1);
data/staden-2.0.0+b11/Misc/find.c:50:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(next,next+1,strlen(next+1)+1); /* shuffle up data [including \0]*/
data/staden-2.0.0+b11/Misc/find.c:60:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !strncmp( CORBATAG,path,strlen(CORBATAG))){
data/staden-2.0.0+b11/Misc/find.c:61:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(corba_found(wholePath,path+strlen(CORBATAG),file)){
data/staden-2.0.0+b11/Misc/find.c:69:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !strncmp( BIOLIMS_TAG,path,strlen(BIOLIMS_TAG))){
data/staden-2.0.0+b11/Misc/find.c:70:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(biolims_found(wholePath,path+strlen(BIOLIMS_TAG),file)){
data/staden-2.0.0+b11/Misc/find.c:79:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(wholePath,"/");
data/staden-2.0.0+b11/Misc/find.c:92:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(next,next+1,strlen(next+1)+1); /* shuffle up data */
data/staden-2.0.0+b11/Misc/getfile.c:93:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( tempbuf, namein, FILENAME_MAX);
data/staden-2.0.0+b11/Misc/getfile.c:105:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( nameoutp, tempb, len);
data/staden-2.0.0+b11/Misc/getfile.c:106:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = strlen(tempb);
data/staden-2.0.0+b11/Misc/getfile.c:110:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nameoutp++, "/");
data/staden-2.0.0+b11/Misc/getfile.c:137:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen ( namein ) == 1 ) {
data/staden-2.0.0+b11/Misc/getfile.c:141:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nameout,getenv("HOMEDRIVE"),FILENAME_MAX);
data/staden-2.0.0+b11/Misc/getfile.c:142:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(nameout,getenv("HOMEPATH"),FILENAME_MAX-strlen(nameout));
data/staden-2.0.0+b11/Misc/getfile.c:142:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(nameout,getenv("HOMEPATH"),FILENAME_MAX-strlen(nameout));
data/staden-2.0.0+b11/Misc/getfile.c:147:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( nameout, getenv("HOME"), FILENAME_MAX);
data/staden-2.0.0+b11/Misc/getfile.c:155:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( nameout, pwentry->pw_dir, FILENAME_MAX);
data/staden-2.0.0+b11/Misc/getfile.c:163:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( nameout, getenv(&namein[1]), FILENAME_MAX);
data/staden-2.0.0+b11/Misc/getfile.c:172:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( nameout, getenv(namein), FILENAME_MAX);
data/staden-2.0.0+b11/Misc/getfile.c:175:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( nameout, namein, FILENAME_MAX);
data/staden-2.0.0+b11/Misc/getfile.c:179:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( nameout, namein, FILENAME_MAX);
data/staden-2.0.0+b11/Misc/parse_db.c:118:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (a = getc(fp)) {
data/staden-2.0.0+b11/Misc/parse_db.c:125:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
a = getc(fp);
data/staden-2.0.0+b11/Misc/parse_db.c:144:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(a=getc(fp); a!=EOF && a!='\n'; a=getc(fp));
data/staden-2.0.0+b11/Misc/parse_db.c:144:43: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(a=getc(fp); a!=EOF && a!='\n'; a=getc(fp));
data/staden-2.0.0+b11/Misc/parse_db.c:152:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
a = getc(fp);
data/staden-2.0.0+b11/Misc/parse_db.c:154:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
a = getc(fp); /* 18/1/99 johnt - handle \r\n on WINNT */
data/staden-2.0.0+b11/Misc/parse_db.c:160:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(a=getc(fp);a!=EOF && a!='"';a=getc(fp)) {
data/staden-2.0.0+b11/Misc/parse_db.c:160:40: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(a=getc(fp);a!=EOF && a!='"';a=getc(fp)) {
data/staden-2.0.0+b11/Misc/parse_db.c:164:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (EOF == (a=getc(fp)))
data/staden-2.0.0+b11/Misc/parse_db.c:176:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(a = getc(fp); a != EOF && isalnum(a); a = getc(fp))
data/staden-2.0.0+b11/Misc/parse_db.c:176:49: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(a = getc(fp); a != EOF && isalnum(a); a = getc(fp))
data/staden-2.0.0+b11/Misc/spBiolims.h:16:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define IS_BIOLIMS_PATH(x) !strncmp(x,BIOLIMS_TAG,strlen(BIOLIMS_TAG))
data/staden-2.0.0+b11/Misc/string_alloc.c:111:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(instr);
data/staden-2.0.0+b11/Misc/string_alloc.c:119:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, instr, len + 1);
data/staden-2.0.0+b11/Misc/strings.c:22:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c,f,i);
data/staden-2.0.0+b11/Misc/strings.c:30:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = min((int)strlen(c),max_f);
data/staden-2.0.0+b11/Misc/strings.c:31:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f,c,i);
data/staden-2.0.0+b11/Misc/strings.c:105:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_ct = strlen(ct);
data/staden-2.0.0+b11/Misc/strings.c:106:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(cs) - len_ct;
data/staden-2.0.0+b11/Misc/strings.c:129:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen(str);
data/staden-2.0.0+b11/Misc/strings.c:183:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(str);
data/staden-2.0.0+b11/Misc/strings.c:267:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(str);
data/staden-2.0.0+b11/Misc/strings.c:336:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(str);
data/staden-2.0.0+b11/Misc/strings.c:436:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(str);
data/staden-2.0.0+b11/Misc/usleep-bsd.c:16:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
int usleep(unsigned int useconds) {
data/staden-2.0.0+b11/Misc/usleep-gen.c:10:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
int usleep(unsigned int useconds) {
data/staden-2.0.0+b11/Misc/usleep-gen.c:28:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
(void)usleep((unsigned int)*useconds);
data/staden-2.0.0+b11/Misc/vlen.c:231:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += MAX(conv_len, (int)strlen(s));
data/staden-2.0.0+b11/Misc/vlen.c:266:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:268:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(buf, "");
data/staden-2.0.0+b11/Misc/vlen.c:270:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:274:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:278:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:282:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:286:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:290:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:294:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:298:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:302:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:306:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:310:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:314:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:318:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:322:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:326:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:330:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:334:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:338:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:342:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:346:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:350:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:354:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:358:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/vlen.c:362:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-2.0.0+b11/Misc/win_funcs.c:13:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, buf, count);
data/staden-2.0.0+b11/alf/alfsplit.c:182:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((*cp = fgetc(fil)) && *cp != EOF && *cp != '\n')
data/staden-2.0.0+b11/alf/alfsplit.c:233:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(argv[1])-1;i>=0 && argv[1][i] != '/'; i--)
data/staden-2.0.0+b11/alf/alfsplit.c:235:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lastDot==0) lastDot = strlen(argv[1]);
data/staden-2.0.0+b11/alf/alfsplit.c:245:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int j, l = strlen(name[i]);
data/staden-2.0.0+b11/convert/bapDB.c:353:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(type,tg_line.lines.type.c,4);
data/staden-2.0.0+b11/convert/bapDB.c:614:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c2fstr(a,strlen(a), sq_line, (size_t)io.max_gel_length);
data/staden-2.0.0+b11/convert/bapDB.c:654:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c2fstr(a,strlen(a),type,sizeof(type));
data/staden-2.0.0+b11/convert/bapDB.c:659:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c2fstr(a,strlen(a),file,sizeof(file));
data/staden-2.0.0+b11/convert/bapDB.c:726:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tg_ed.lines.type.c,type,4);
data/staden-2.0.0+b11/convert/bapDB.c:745:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(rcut.lines.type.c,"*RC*",4);
data/staden-2.0.0+b11/convert/bapDB.c:759:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(lcut.lines.type.c,"*LC*",4);
data/staden-2.0.0+b11/convert/bapDB.c:790:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c2fstr(a,strlen(a),tg_rec.lines.type.c,(size_t)4);
data/staden-2.0.0+b11/convert/bapIO.c:272:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(com,c.lines.comment,BAP_COMMENT_SIZE); com+=BAP_COMMENT_SIZE;
data/staden-2.0.0+b11/convert/bapIO.c:277:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(com,c.lines.comment,BAP_COMMENT_SIZE); com+=BAP_COMMENT_SIZE;
data/staden-2.0.0+b11/convert/bapIO.c:377:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int clen = strlen(c);
data/staden-2.0.0+b11/convert/bapIO.c:388:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(com.lines.comment,c,piece);
data/staden-2.0.0+b11/convert/bapIO.c:401:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(com.lines.comment,c,piece);
data/staden-2.0.0+b11/convert/dapDB.c:351:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(type,tg_line.lines.type.c,4);
data/staden-2.0.0+b11/convert/dapIO.c:162:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(com,c.lines.comment,DAP_COMMENT_SIZE); com+=DAP_COMMENT_SIZE;
data/staden-2.0.0+b11/convert/dapIO.c:167:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(com,c.lines.comment,DAP_COMMENT_SIZE); com+=DAP_COMMENT_SIZE;
data/staden-2.0.0+b11/convert/dapIO.c:266:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int clen = strlen(c);
data/staden-2.0.0+b11/convert/dapIO.c:277:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(com.lines.comment,c,piece);
data/staden-2.0.0+b11/convert/dapIO.c:290:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(com.lines.comment,c,piece);
data/staden-2.0.0+b11/convert/gapDB.c:21:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, l = strlen(cp)-1, l2 = (l+1)/2;
data/staden-2.0.0+b11/convert/gapDB.c:69:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextWrite(io, c.name, "unknown", strlen("unknown"));
data/staden-2.0.0+b11/convert/gapDB.c:79:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextWrite(io, v.name, "unknown", strlen("unknown"));
data/staden-2.0.0+b11/convert/gapDB.c:158:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = strlen(cp);
data/staden-2.0.0+b11/convert/gapDB.c:167:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(seq) + 1;
data/staden-2.0.0+b11/convert/gapDB.c:170:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ostart = strlen(cp);
data/staden-2.0.0+b11/convert/gapDB.c:175:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ostart = start = strlen(cp);
data/staden-2.0.0+b11/convert/gapDB.c:184:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(seq) + 1;
data/staden-2.0.0+b11/convert/gapDB.c:190:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(seq);
data/staden-2.0.0+b11/convert/gapDB.c:226:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextWrite(io, r.name, cp, strlen(cp));
data/staden-2.0.0+b11/convert/gapDB.c:231:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextWrite(io, r.trace_name, cp, strlen(cp));
data/staden-2.0.0+b11/convert/gapDB.c:236:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextWrite(io, r.trace_type, cp, strlen(cp));
data/staden-2.0.0+b11/convert/gapDB.c:294:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextWrite(io, a.annotation, cp, strlen(cp));
data/staden-2.0.0+b11/convert/gapDB.c:375:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextWrite(io, t.name, cp, strlen(cp));
data/staden-2.0.0+b11/convert/list.c:14:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (copy = (char *)malloc(strlen(s)+1)) != NULL ) strcpy(copy,s);
data/staden-2.0.0+b11/convert/list.c:345:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = getc(fp);c != EOF && isspace(c); c= getc(fp));
data/staden-2.0.0+b11/convert/list.c:345:50: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = getc(fp);c != EOF && isspace(c); c= getc(fp));
data/staden-2.0.0+b11/convert/list.c:353:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = getc(fp), l = getc(fp);
data/staden-2.0.0+b11/convert/list.c:353:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = getc(fp), l = getc(fp);
data/staden-2.0.0+b11/convert/list.c:355:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=l,l = getc(fp)) {
data/staden-2.0.0+b11/convert/list.c:359:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
l = getc(fp);
data/staden-2.0.0+b11/convert/list.c:367:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = getc(fp); c != EOF && !isspace(c); c = getc(fp))
data/staden-2.0.0+b11/convert/list.c:367:50: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (c = getc(fp); c != EOF && !isspace(c); c = getc(fp))
data/staden-2.0.0+b11/convert/sap2dap.c:152:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(CC_rec.comment,comment,COMMENT_LENGTH);
data/staden-2.0.0+b11/convert/sap2dap.c:176:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(type,RD_rec.type,4);
data/staden-2.0.0+b11/convert/sap2dap.c:177:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name,RD_rec.name,12);
data/staden-2.0.0+b11/convert/sap2dap.c:198:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (!*vers) strcpy(vers,"0");
data/staden-2.0.0+b11/convert/sap2dap.c:210:40: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strcpy(RD,name); strcat(RD,".RD"); strncat(RD,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:211:40: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strcpy(TG,name); strcat(TG,".TG"); strncat(TG,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:212:40: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strcpy(CC,name); strcat(CC,".CC"); strncat(CC,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:217:40: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strcpy(AR,name); strcat(AR,".AR"); strncat(AR,vers,1);
data/staden-2.0.0+b11/convert/sap2dap.c:223:40: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strcpy(RL,name); strcat(RL,".RL"); strncat(RL,vers,1);
data/staden-2.0.0+b11/copy_reads/copy_reads.c:466:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(seq1);
data/staden-2.0.0+b11/copy_reads/copy_reads.c:957:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(consensus,
data/staden-2.0.0+b11/find_renz/find_renz.c:120:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(name, "/");
data/staden-2.0.0+b11/g/freetree-io.h:118:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sz != read(fd, data, sz))
data/staden-2.0.0+b11/g/freetree-io.h:138:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sz != read(fd, &data[5], sz)) {
data/staden-2.0.0+b11/g/g-debug.c:113:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn) + strlen(G_AUX_SUFFIX) >= sizeof(fnaux))
data/staden-2.0.0+b11/g/g-debug.c:113:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn) + strlen(G_AUX_SUFFIX) >= sizeof(fnaux))
data/staden-2.0.0+b11/g/g-debug.c:124:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((gfile->fname = (char *)xmalloc(strlen(fn)+1)) != NULL)
data/staden-2.0.0+b11/g/g-debug.c:187:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (-1 == (len_r = read(gfile->fd, buf, len)))
data/staden-2.0.0+b11/g/g-files.c:163:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(fn) + strlen(G_AUX_SUFFIX) >= sizeof(fnaux) )
data/staden-2.0.0+b11/g/g-files.c:163:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(fn) + strlen(G_AUX_SUFFIX) >= sizeof(fnaux) )
data/staden-2.0.0+b11/g/g-files.c:177:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (gfile->fname = (char *)xmalloc(strlen(fn)+1)) != NULL )
data/staden-2.0.0+b11/g/g-files.c:408:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (-1 == read(fdaux, &c, 1)) return gerr_set(GERR_READ_ERROR);
data/staden-2.0.0+b11/g/g-files.c:460:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (-1 == read(fd, &c, 1)) return gerr_set(GERR_READ_ERROR);
data/staden-2.0.0+b11/g/g-io.c:36:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (read(fd,&X,sizeof(X))) != sizeof(X) ) return 1; \
data/staden-2.0.0+b11/g/g-io.c:203:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sizeof(rec) != read(fd, &rec, sizeof(rec)))
data/staden-2.0.0+b11/g/g-io.c:224:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sizeof(rec) != read(fd, &rec, sizeof(rec)))
data/staden-2.0.0+b11/g/g-io.c:367:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &rec32, sizeof(rec32)) != (int)(sizeof(rec32)))
data/staden-2.0.0+b11/g/g-io.c:388:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd, idx, sizeof(*idx)*num) != sizeof(*idx)*num;
data/staden-2.0.0+b11/g/g-io.c:405:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &rec32, sizeof(rec32)) != (int)(sizeof(rec32)))
data/staden-2.0.0+b11/g/g-io.c:433:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (err = (read(fd, idx, sizeof(*idx)*num) != sizeof(*idx)*num))
data/staden-2.0.0+b11/g/g-request.c:232:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
check = read(fd, buf, in);
data/staden-2.0.0+b11/g/g-request.c:305:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
check = read(fd, v[parti].buf, partj);
data/staden-2.0.0+b11/gap4/IO1.c:114:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int GT_Write_cached(GapIO *io, int read, GReadings *r) {
data/staden-2.0.0+b11/gap4/IO1.c:1162:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(type, "ANY", typelen);
data/staden-2.0.0+b11/gap4/IO1.c:1578:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(io_name(io), buf, DB_FILELEN-1);
data/staden-2.0.0+b11/gap4/IO1.c:1782:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(project, io_name(io), p-io_name(io));
data/staden-2.0.0+b11/gap4/IO1.h:209:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int GT_Write_cached(GapIO *io, int read, GReadings *r);
data/staden-2.0.0+b11/gap4/IO2.c:431:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writen_(HANDLE, NGEL, name, strlen(name)+1);
data/staden-2.0.0+b11/gap4/IO2.c:454:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (comment = (char *)xmalloc(strlen(tag))))
data/staden-2.0.0+b11/gap4/IO2.c:649:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(exp_get_entry(si->e,EFLT_LN)),
data/staden-2.0.0+b11/gap4/IO2.c:651:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(exp_get_entry(si->e,EFLT_LT)))) {
data/staden-2.0.0+b11/gap4/IO2.c:775:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(SEQ,exp_get_entry(si->e,EFLT_SQ)+si->start,len);
data/staden-2.0.0+b11/gap4/IO3.c:567:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/staden-2.0.0+b11/gap4/actf.c:143:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dir, "/");
data/staden-2.0.0+b11/gap4/actf.c:246:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, db_path, strlen(db_path));
data/staden-2.0.0+b11/gap4/assemble_direct.c:338:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (comment = (char *)xmalloc(strlen(tag))))
data/staden-2.0.0+b11/gap4/assemble_direct.c:755:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(exp_get_entry(si->e, EFLT_LN)),
data/staden-2.0.0+b11/gap4/assemble_direct.c:757:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(exp_get_entry(si->e, EFLT_LT)))) {
data/staden-2.0.0+b11/gap4/assemble_direct.c:1018:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq, exp_get_entry(si->e, EFLT_SQ), s_length);
data/staden-2.0.0+b11/gap4/auto_assemble.c:257:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
F_NAMLEN, DB_FILELEN, strlen("dummy"));
data/staden-2.0.0+b11/gap4/auto_break.c:156:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r);
data/staden-2.0.0+b11/gap4/auto_break.c:232:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r);
data/staden-2.0.0+b11/gap4/auto_break.c:1043:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(seq);
data/staden-2.0.0+b11/gap4/check_assembly.c:258:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq, cutoffp, cutlen);
data/staden-2.0.0+b11/gap4/check_assembly.c:388:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
get_read_name(ca->io, obj->read),
data/staden-2.0.0+b11/gap4/check_assembly.c:389:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
obj->read, obj->pos1 - io_relpos(ca->io, obj->read));
data/staden-2.0.0+b11/gap4/check_assembly.c:389:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
obj->read, obj->pos1 - io_relpos(ca->io, obj->read));
data/staden-2.0.0+b11/gap4/check_assembly.c:409:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
llino = obj->read;
data/staden-2.0.0+b11/gap4/check_assembly.c:437:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
io_length(ca->io, obj->read) > 0 ? '+' : '-',
data/staden-2.0.0+b11/gap4/check_assembly.c:438:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
obj->read, obj->pos1,
data/staden-2.0.0+b11/gap4/clones.c:86:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = TextWrite(io,v.name,V,strlen(V));
data/staden-2.0.0+b11/gap4/clones.c:123:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = TextWrite(io,c.name,CN,strlen(CN));
data/staden-2.0.0+b11/gap4/clones.c:160:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = TextWrite(io,t.name,TN,strlen(TN));
data/staden-2.0.0+b11/gap4/consen.c:271:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(project_name);
data/staden-2.0.0+b11/gap4/consen.c:613:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen ( known );
data/staden-2.0.0+b11/gap4/consen.c:712:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jstart = MIN ( start, (int)strlen( seq ) );
data/staden-2.0.0+b11/gap4/consen.c:716:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(&seq[jstart]), 1);
data/staden-2.0.0+b11/gap4/consen.c:1524:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int codes_l = strlen(codes);
data/staden-2.0.0+b11/gap4/consen.c:1719:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_ID, name, strlen(name));
data/staden-2.0.0+b11/gap4/consen.c:1720:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_EN, name, strlen(name));
data/staden-2.0.0+b11/gap4/consen.c:1772:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(e, EFLT_CC, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/consen.c:1784:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_AV, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/contig_order.c:643:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r);
data/staden-2.0.0+b11/gap4/contig_order.c:710:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read,
data/staden-2.0.0+b11/gap4/contig_order.c:718:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, read, r);
data/staden-2.0.0+b11/gap4/contig_order.c:747:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read)
data/staden-2.0.0+b11/gap4/contig_order.c:766:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (TemplateEnd(io, t, read, contig) == 0) {
data/staden-2.0.0+b11/gap4/contig_order.c:854:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("contig %d read %d \n", gc->contig, gc->read);
data/staden-2.0.0+b11/gap4/contig_order.c:867:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("READING1 %d contig %d \n", first->read, first->contig);
data/staden-2.0.0+b11/gap4/contig_order.c:876:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!TemplateDirection(io, t, first->contig, first->read)) {
data/staden-2.0.0+b11/gap4/contig_order.c:888:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf(" READING2 %d contig %d \n", gc->read, gc->contig);
data/staden-2.0.0+b11/gap4/contig_order.c:894:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (TemplateDirection(io, t, gc->contig, gc->read)) {
data/staden-2.0.0+b11/gap4/contig_order.c:899:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, first->read, r1);
data/staden-2.0.0+b11/gap4/contig_order.c:900:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r2);
data/staden-2.0.0+b11/gap4/copy_db.c:36:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (TextWrite(iot, rec_to, str, strlen(str)) && errs) \
data/staden-2.0.0+b11/gap4/copy_db.c:48:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (TextWrite(iot, rec_to, str, strlen(str)) && errs) \
data/staden-2.0.0+b11/gap4/copy_db.c:113:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(buf);
data/staden-2.0.0+b11/gap4/copy_db.c:120:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)(MIN(l, DB_NAMELEN-strlen(num))),
data/staden-2.0.0+b11/gap4/copy_db_main.c:91:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(buf+strlen(to), ".aux");
data/staden-2.0.0+b11/gap4/copy_db_main.c:93:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(buf+strlen(to), ".BUSY");
data/staden-2.0.0+b11/gap4/cs-object.h:72:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/staden-2.0.0+b11/gap4/dstrand.c:122:2: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch*=.95;
data/staden-2.0.0+b11/gap4/dstrand.c:168:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
score, mismatch, cutgaps, congaps, scan);
data/staden-2.0.0+b11/gap4/dstrand.c:171:6: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (mismatch > 3.5 || cutgaps > 3 || congaps > 1)
data/staden-2.0.0+b11/gap4/dstrand.c:703:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gel_p + io_length(io, bestgeln), newb1, (size_t)bestuse);
data/staden-2.0.0+b11/gap4/edCommands.c:201:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *con, *read;
data/staden-2.0.0+b11/gap4/edCommands.c:243:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(read, &(DB_Seq(xx, seq)[start]), length);
data/staden-2.0.0+b11/gap4/edCommands.c:243:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strncpy(read, &(DB_Seq(xx, seq)[start]), length);
data/staden-2.0.0+b11/gap4/edCommands.c:244:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[length] = '\0';
data/staden-2.0.0+b11/gap4/edCommands.c:248:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
score = calign(read, con, length, c_length,
data/staden-2.0.0+b11/gap4/edCommands.c:252:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cdisplay(read, con, length, c_length, 0, res, start, c_pos);
data/staden-2.0.0+b11/gap4/edInterface.c:1942:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "D");
data/staden-2.0.0+b11/gap4/edInterface.c:1944:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "d");
data/staden-2.0.0+b11/gap4/edInterface.c:1947:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "P");
data/staden-2.0.0+b11/gap4/edInterface.c:1949:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "S");
data/staden-2.0.0+b11/gap4/edInterface.c:1951:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "?");
data/staden-2.0.0+b11/gap4/edInterface.c:1953:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "E");
data/staden-2.0.0+b11/gap4/edInterface.c:1955:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "I");
data/staden-2.0.0+b11/gap4/edInterface.c:1957:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "O");
data/staden-2.0.0+b11/gap4/edMutations.c:151:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = MIN(strlen(name), DB_NAMELEN);
data/staden-2.0.0+b11/gap4/edMutations.c:1558:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hete && t->newcomment && strlen(t->newcomment) >= 4) {
data/staden-2.0.0+b11/gap4/edUtils2.c:4831:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,&s[l-width],width);
data/staden-2.0.0+b11/gap4/edUtils2.c:4856:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,&s[l-pos],width);
data/staden-2.0.0+b11/gap4/edUtils2.c:4884:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,s,width);
data/staden-2.0.0+b11/gap4/edUtils2.c:4909:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,&s[pos],width);
data/staden-2.0.0+b11/gap4/extract.c:188:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = (char *)xmalloc(100 + (comment ? strlen(comment) : 0));
data/staden-2.0.0+b11/gap4/extract.c:200:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_CC, cc_line, strlen(cc_line));
data/staden-2.0.0+b11/gap4/extract.c:205:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf, strlen(buf));
data/staden-2.0.0+b11/gap4/extract.c:234:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(e, EFLT_NT, str, strlen(str));
data/staden-2.0.0+b11/gap4/extract.c:357:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_ID, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/extract.c:358:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_EN, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/extract.c:392:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_LN, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/extract.c:397:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_LT, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/extract.c:417:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_TN, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/extract.c:425:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_SV, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/extract.c:442:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_CV, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/extract.c:461:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_ON, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/extract.c:467:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_AV, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/extract.c:487:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_AP, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/find_oligo.c:595:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(cons_array[i]);
data/staden-2.0.0+b11/gap4/find_oligo.c:607:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mis_match = strlen(string) - (ceil(strlen(string) * mis_fmatch / 100.));
data/staden-2.0.0+b11/gap4/find_oligo.c:607:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mis_match = strlen(string) - (ceil(strlen(string) * mis_fmatch / 100.));
data/staden-2.0.0+b11/gap4/find_oligo.c:612:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
complement_seq(string, strlen(string));
data/staden-2.0.0+b11/gap4/find_oligo.c:616:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(cons_array[k]);
data/staden-2.0.0+b11/gap4/find_oligo.c:619:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(string),
data/staden-2.0.0+b11/gap4/find_oligo.c:636:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length[cnt] = strlen(string);
data/staden-2.0.0+b11/gap4/find_oligo.c:650:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cons_match,&cons_array[k][pos2[cnt]-1],
data/staden-2.0.0+b11/gap4/find_oligo.c:754:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t stringlen = strlen(string);
data/staden-2.0.0+b11/gap4/find_oligo.c:760:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mis_match = strlen(string) - (ceil(strlen(string) * mis_fmatch / 100.));
data/staden-2.0.0+b11/gap4/find_oligo.c:760:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mis_match = strlen(string) - (ceil(strlen(string) * mis_fmatch / 100.));
data/staden-2.0.0+b11/gap4/find_oligo.c:782:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(cons_array[i]);
data/staden-2.0.0+b11/gap4/gap-create.c:103:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(fn) + strlen(G_AUX_SUFFIX) >= sizeof(auxfn) ) return gerr_set(GERR_NAME_TOO_LONG);
data/staden-2.0.0+b11/gap4/gap-create.c:103:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(fn) + strlen(G_AUX_SUFFIX) >= sizeof(auxfn) ) return gerr_set(GERR_NAME_TOO_LONG);
data/staden-2.0.0+b11/gap4/gap-create.c:400:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((e = read(ifd, buf, BUFSIZ)) > 0) {
data/staden-2.0.0+b11/gap4/gap-dbstruct.c:52:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(database) + strlen(file) + strlen(version) + 1 >= 1024) {
data/staden-2.0.0+b11/gap4/gap-dbstruct.c:52:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(database) + strlen(file) + strlen(version) + 1 >= 1024) {
data/staden-2.0.0+b11/gap4/gap-dbstruct.c:52:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(database) + strlen(file) + strlen(version) + 1 >= 1024) {
data/staden-2.0.0+b11/gap4/gap-init.c:41:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LOCAL = gap_server==NULL || strlen(gap_server)==0;
data/staden-2.0.0+b11/gap4/gap-tcl.c:970:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = &buf[strlen(buf)];
data/staden-2.0.0+b11/gap4/gap-tcl.c:1005:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = TextWrite(io, record, argv[3], strlen(argv[3]));
data/staden-2.0.0+b11/gap4/gap-thrash.c:237:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_FILE,r,c[album[r]],strlen(c[album[r]]));
data/staden-2.0.0+b11/gap4/gap-thrash.c:274:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) g_write(client[0],view[v],c[album[r]],strlen(c[album[r]]));
data/staden-2.0.0+b11/gap4/gap-thrash.c:365:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_write(client,view,str,strlen(str));
data/staden-2.0.0+b11/gap4/gap-thrash.c:367:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_write(client,view,str2,strlen(str2));
data/staden-2.0.0+b11/gap4/gap-thrash.c:398:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vout[0].buf = str1; vout[0].len = strlen(str1);
data/staden-2.0.0+b11/gap4/gap-thrash.c:399:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vout[1].buf = str2; vout[1].len = strlen(str2);
data/staden-2.0.0+b11/gap4/gap_cli_arg.c:20:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)&store[a->offset], val, a->value-1);
data/staden-2.0.0+b11/gap4/io_utils.c:558:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(arr(name_t, io->read_names, number-1).name, name, DB_NAMELEN+1);
data/staden-2.0.0+b11/gap4/join.c:372:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
S = res = rsalign2myers(overlap->seq1_out, strlen(overlap->seq1_out),
data/staden-2.0.0+b11/gap4/join.c:373:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
overlap->seq2_out, strlen(overlap->seq2_out),
data/staden-2.0.0+b11/gap4/list_proc.c:80:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(last_list, name, 100);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:231:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(basename, io_name(args.io), p - io_name(args.io));
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1192:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strcpy(read_name, get_read_name(args.io, gc->read));
data/staden-2.0.0+b11/gap4/newgap_cmds.c:1195:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_name, gc->read,
data/staden-2.0.0+b11/gap4/newgap_cmds.c:2697:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (l = strlen(ops)) {
data/staden-2.0.0+b11/gap4/newgap_cmds.c:3493:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&args.unpadded, strlen(args.file));
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4813:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read, right_read;
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4837:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(args.io, read, r);
data/staden-2.0.0+b11/gap4/newgap_cmds.c:4844:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
right_read = read;
data/staden-2.0.0+b11/gap4/notedb.c:41:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(note_db[note].search_id);
data/staden-2.0.0+b11/gap4/notedb.c:43:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(note_db[note].id," ",4);
data/staden-2.0.0+b11/gap4/notedb.c:46:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(note_db[note].id,note_db[note].search_id,len);
data/staden-2.0.0+b11/gap4/notes.c:366:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextWrite(io, n.annotation, comment, strlen(comment));
data/staden-2.0.0+b11/gap4/notes.c:532:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextWrite(io, n2.annotation, tmp, strlen(tmp));
data/staden-2.0.0+b11/gap4/notes.c:695:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (orig_path = xmalloc(strlen(p)+100)))
data/staden-2.0.0+b11/gap4/notes.c:731:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (buf = xmalloc(strlen(rawd) + 100))) {
data/staden-2.0.0+b11/gap4/notes.c:903:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strp = str = xmalloc(2*(comment ? strlen(comment): 0) + 1000);
data/staden-2.0.0+b11/gap4/notes.c:935:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(c2 = xmalloc(strlen(comment) * 2)))
data/staden-2.0.0+b11/gap4/notes.c:957:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = xrealloc(str, strlen(str)+1);
data/staden-2.0.0+b11/gap4/oligo.c:284:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
template_len = strlen(template_name);
data/staden-2.0.0+b11/gap4/oligo.c:447:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq,&xx->sel_oli->consensus[pos],len);
data/staden-2.0.0+b11/gap4/oligo.c:459:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = TAG_MALLOC(strlen(s)+1);
data/staden-2.0.0+b11/gap4/oligo.c:652:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/staden-2.0.0+b11/gap4/oligo.c:667:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/staden-2.0.0+b11/gap4/oligo.c:709:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(a,&xx->sel_oli->consensus[pos],len); a+=len;
data/staden-2.0.0+b11/gap4/oligo_sel.c:335:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(consensus, &con[con_st], con_len);
data/staden-2.0.0+b11/gap4/parse_ft.c:391:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(entry->location, &str[loc_start], i - loc_start);
data/staden-2.0.0+b11/gap4/parse_ft.c:396:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/staden-2.0.0+b11/gap4/parse_ft.c:581:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(cp, cp+1, strlen(cp+1));
data/staden-2.0.0+b11/gap4/preass.c:266:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (-1 == TextWrite(io, r.name, t, strlen(t)+1)) {
data/staden-2.0.0+b11/gap4/preass.c:300:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (comment = (char *)xmalloc(strlen(tag))))
data/staden-2.0.0+b11/gap4/preass.c:407:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(exp_get_entry(si->e,EFLT_LN)),
data/staden-2.0.0+b11/gap4/preass.c:409:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(exp_get_entry(si->e,EFLT_LT)));
data/staden-2.0.0+b11/gap4/preass.c:414:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"unknown", strlen("unknown"),
data/staden-2.0.0+b11/gap4/preass.c:415:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"unknown", strlen("unknown"));
data/staden-2.0.0+b11/gap4/primlib.c:95:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sa.incl_l = strlen(seq);
data/staden-2.0.0+b11/gap4/primlib.c:132:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sa.incl_l = strlen(seq);
data/staden-2.0.0+b11/gap4/primlib.c:178:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpbuf, value, value_len < 255 ? value_len : 255);
data/staden-2.0.0+b11/gap4/probe.c:83:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&seq[vector_len], seq, max_olen);
data/staden-2.0.0+b11/gap4/probe.c:160:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(oligo, ol[i].sequence, oligo_len);
data/staden-2.0.0+b11/gap4/probe.c:167:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(con_tmp, cp, oligo_len);
data/staden-2.0.0+b11/gap4/probe.c:201:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cp, con_tmp, oligo_len);
data/staden-2.0.0+b11/gap4/probe.c:306:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ol[i].sequence, &ci->con_item[contig-1][ol[i].start],
data/staden-2.0.0+b11/gap4/qualIO.c:243:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(num, "-");
data/staden-2.0.0+b11/gap4/reactions.c:85:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void pick_long(GapIO *io, int read, int pos, int size, int strand,
data/staden-2.0.0+b11/gap4/reactions.c:90:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(; read; read = r.right) {
data/staden-2.0.0+b11/gap4/reactions.c:91:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, read, r);
data/staden-2.0.0+b11/gap4/reactions.c:121:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
report_long(io, read, e, coverage, size, end, tarr);
data/staden-2.0.0+b11/gap4/reactions.c:143:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
report_long(io, read, e, coverage, size, end, tarr);
data/staden-2.0.0+b11/gap4/readpair.c:405:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r);
data/staden-2.0.0+b11/gap4/readpair.c:407:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readnum[count] = gc->read;
data/staden-2.0.0+b11/gap4/readpair.c:596:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r);
data/staden-2.0.0+b11/gap4/readpair.c:642:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r);
data/staden-2.0.0+b11/gap4/readpair.c:643:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strcpy(name, io_rname(io, gc->read));
data/staden-2.0.0+b11/gap4/readpair.c:651:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gc->read * (r.sense ? -1 : 1),
data/staden-2.0.0+b11/gap4/readpair.c:654:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chain_left(io, gc->read));
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1250:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(r->r_enzyme[item].seq[j]);
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1264:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comments, "\n");
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1266:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comments, "\t");
data/staden-2.0.0+b11/gap4/restriction_enzymes.c:1269:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comments, "\n");
data/staden-2.0.0+b11/gap4/searchUtils.c:103:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(s);
data/staden-2.0.0+b11/gap4/searchUtils.c:134:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(s);
data/staden-2.0.0+b11/gap4/searchUtils.c:374:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen(s);
data/staden-2.0.0+b11/gap4/searchUtils.c:604:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen(s);
data/staden-2.0.0+b11/gap4/searchUtils.c:617:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spos = positionInContig(xx,xx->cursorSeq,xx->cursorPos)+strlen(s)-2;
data/staden-2.0.0+b11/gap4/seqInfo.c:51:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = strlen(s)-1; i>=0 && isspace(s[i]); i--) s[i]='\0';
data/staden-2.0.0+b11/gap4/seqInfo.c:111:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(fn=filename+strlen(filename)-1;fn>filename && *fn!='/';fn--);
data/staden-2.0.0+b11/gap4/seqInfo.c:209:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(line)>23) {
data/staden-2.0.0+b11/gap4/seqInfo.c:248:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = (char *)xmalloc(strlen(line)+20);
data/staden-2.0.0+b11/gap4/seqInfo.c:252:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(line, ";;%4s %6d %6d",
data/staden-2.0.0+b11/gap4/seqInfo.c:389:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SQlen = strlen(exp_get_entry(e,EFLT_SQ));
data/staden-2.0.0+b11/gap4/seqInfo.c:477:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(entry->type) + 1 +
data/staden-2.0.0+b11/gap4/seqInfo.c:478:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(entry->location ) + 1 +
data/staden-2.0.0+b11/gap4/seqInfo.c:479:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(entry->qualifiers ? strlen(entry->qualifiers) : 0) + 1
data/staden-2.0.0+b11/gap4/seqInfo.c:638:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
si->length = strlen(exp_get_entry(e,EFLT_SQ));
data/staden-2.0.0+b11/gap4/stop_codon.c:436:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sequence_len = strlen(seq);
data/staden-2.0.0+b11/gap4/tagEditor.c:66:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ncomment = (char *)TAG_MALLOC(strlen(te->anno)+1);
data/staden-2.0.0+b11/gap4/tagEditor.c:83:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ncomment = (char *)TAG_MALLOC(strlen(te->anno)+1);
data/staden-2.0.0+b11/gap4/tagEditor.c:134:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ncomment = (char *)TAG_MALLOC(strlen(anno)+1);
data/staden-2.0.0+b11/gap4/tagEditor.c:223:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(te->type, p, 4);
data/staden-2.0.0+b11/gap4/tagEditor.c:285:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(te->type, type_id, 4);
data/staden-2.0.0+b11/gap4/tagU1.c:193:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->newcommentlen = (int)strlen(t->newcomment);
data/staden-2.0.0+b11/gap4/tagU1.c:618:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(t->tagrec.type.c,type,4);
data/staden-2.0.0+b11/gap4/tagU1.c:621:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->newcommentlen = (int)strlen(comment);
data/staden-2.0.0+b11/gap4/tagU2.c:219:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) TextWrite(io,r,c,strlen(c)+1);
data/staden-2.0.0+b11/gap4/tagU2.c:291:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_tag.type.c,type,4);
data/staden-2.0.0+b11/gap4/tagU2.c:353:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_tag.type.c,type,4);
data/staden-2.0.0+b11/gap4/tagU2.c:390:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (comment = (char *)xmalloc(strlen(tag)))) {
data/staden-2.0.0+b11/gap4/tagU2.c:657:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(&line[5]);
data/staden-2.0.0+b11/gap4/tagU2.c:674:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(&line[10]);
data/staden-2.0.0+b11/gap4/tagU2.c:1228:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextWrite(io, r.annotation, tbuf, strlen(tbuf));
data/staden-2.0.0+b11/gap4/tagU2.c:1431:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextWrite(io, a2.annotation, tbuf, strlen(tbuf));
data/staden-2.0.0+b11/gap4/tagU2.c:1809:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(e, EFLT_CC, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/tagU2.c:1812:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(e, EFLT_ID, n1, strlen(n1));
data/staden-2.0.0+b11/gap4/tagU2.c:1817:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(e, EFLT_TC, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/tagU2.c:1820:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(e, EFLT_CC, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/tagU2.c:1823:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(e, EFLT_ID, n2, strlen(n2));
data/staden-2.0.0+b11/gap4/tagU2.c:1828:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(e, EFLT_TC, buf, strlen(buf));
data/staden-2.0.0+b11/gap4/tagdb.c:40:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tag_db[tag].search_id);
data/staden-2.0.0+b11/gap4/tagdb.c:42:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(tag_db[tag].id," ",4);
data/staden-2.0.0+b11/gap4/tagdb.c:45:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag_db[tag].id,tag_db[tag].search_id,len);
data/staden-2.0.0+b11/gap4/tagdb.c:87:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_path, path, 2000);
data/staden-2.0.0+b11/gap4/template.c:311:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r);
data/staden-2.0.0+b11/gap4/template.c:522:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r);
data/staden-2.0.0+b11/gap4/template.c:549:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
get_template_tag(io, gc->read, ptype, &st, &end, &r,
data/staden-2.0.0+b11/gap4/template.c:1005:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r);
data/staden-2.0.0+b11/gap4/template.c:1339:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf(" %02d.%03d", gc->contig, gc->read);
data/staden-2.0.0+b11/gap4/template.c:1404:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r);
data/staden-2.0.0+b11/gap4/template.h:9:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/staden-2.0.0+b11/gap4/template_display.c:925:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strcpy(name, io_rname(io, gc->read));
data/staden-2.0.0+b11/gap4/template_display.c:926:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(io, gc->read, r);
data/staden-2.0.0+b11/gap4/template_display.c:930:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gc->read * (r.sense ? -1 : 1),
data/staden-2.0.0+b11/gap4/template_display.c:933:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chain_left(io, gc->read));
data/staden-2.0.0+b11/gap4/template_display.c:1274:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf(" %02d.%03d\n", gc->contig, gc->read);
data/staden-2.0.0+b11/gap4/template_display.c:1328:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(Tcl_DStringValue(&tmp));
data/staden-2.0.0+b11/gap4/template_display.c:1428:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel = ((gel_cont_t *)ip->data)->read;
data/staden-2.0.0+b11/gap4/tk-io-reg.c:138:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(l = strlen(ops)) {
data/staden-2.0.0+b11/gap4/tk-io-reg.c:287:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r->colour, args.colour, COLOUR_LEN-1);
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1013:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(job, "{");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1030:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(job, "}");
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1098:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(largv[i])+1;
data/staden-2.0.0+b11/gap4/tk-io-reg.c:1261:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(targs, args, 8191);
data/staden-2.0.0+b11/gap4/tkAppInit.c:153:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c, "2");
data/staden-2.0.0+b11/gap4/tkEdUtils.c:743:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, name, DB_GELNOLEN+1);
data/staden-2.0.0+b11/gap4/tkEditor.c:2019:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *rname = get_read_name(DBI_io(ed->xx), gc->read);
data/staden-2.0.0+b11/gap4/tkEditor.c:2021:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
io_relpos(DBI_io(ed->xx), gc->read));
data/staden-2.0.0+b11/gap4/tman_diff.c:235:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r1 = ((DNATrace *)info.clientData)->read;
data/staden-2.0.0+b11/gap4/tman_diff.c:238:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r2 = ((DNATrace *)info.clientData)->read;
data/staden-2.0.0+b11/gap4/tman_display.c:160:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dc->file, file, FILE_NAME_LENGTH);
data/staden-2.0.0+b11/gap4/tman_interface.c:688:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/staden-2.0.0+b11/gap4/tman_interface.c:800:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mismatch_seq_top = tlist[i].read;
data/staden-2.0.0+b11/gap4/tman_interface.c:802:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mismatch_seq_bot = tlist[i].read;
data/staden-2.0.0+b11/gap4/tman_interface.c:1079:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = t->read;
data/staden-2.0.0+b11/gap4/tman_interface.c:1332:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len = strlen(tag_text);
data/staden-2.0.0+b11/gap5/ace.c:235:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(line);
data/staden-2.0.0+b11/gap5/ace.c:250:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ai.co.seq[pos], line, l);
data/staden-2.0.0+b11/gap5/ace.c:326:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(line);
data/staden-2.0.0+b11/gap5/ace.c:338:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ai.rd.seq[pos], line, l);
data/staden-2.0.0+b11/gap5/ace.c:364:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ai.ds.chromat, cp1, cp2-cp1);
data/staden-2.0.0+b11/gap5/ace.c:373:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ai.ds.phd, cp1, cp2-cp1);
data/staden-2.0.0+b11/gap5/ace.c:382:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ai.ds.tname, cp1, cp2-cp1);
data/staden-2.0.0+b11/gap5/ace.c:421:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(line);
data/staden-2.0.0+b11/gap5/ace.c:566:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq.name_len = strlen(ai->rd.rname);
data/staden-2.0.0+b11/gap5/ace.c:595:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tname, ai->ds.tname, 1024);
data/staden-2.0.0+b11/gap5/ace.c:596:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq.template_name_len = *tname ? strlen(tname) : seq.name_len;
data/staden-2.0.0+b11/gap5/actf.c:144:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dir, "/");
data/staden-2.0.0+b11/gap5/actf.c:153:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dir, file, cp - file + 1);
data/staden-2.0.0+b11/gap5/actf.c:160:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
db_path = malloc(strlen(db_name) + 5);
data/staden-2.0.0+b11/gap5/actf.c:161:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aux_path = malloc(strlen(db_name) + 5);
data/staden-2.0.0+b11/gap5/actf.c:171:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname = malloc(strlen(dir) + strlen(db_name) + 6);
data/staden-2.0.0+b11/gap5/actf.c:171:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname = malloc(strlen(dir) + strlen(db_name) + 6);
data/staden-2.0.0+b11/gap5/actf.c:263:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(content);
data/staden-2.0.0+b11/gap5/actf.c:266:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (-1 == write(fd, content, namelen + strlen(content + namelen)))
data/staden-2.0.0+b11/gap5/afg.c:67:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (str && (length = strlen(str))) {
data/staden-2.0.0+b11/gap5/afg.c:87:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = strlen(key);
data/staden-2.0.0+b11/gap5/afg.c:88:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
field_length = strlen(field);
data/staden-2.0.0+b11/gap5/afg.c:137:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((line_size = strlen(line))) {
data/staden-2.0.0+b11/gap5/afg.c:304:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static char *add_line(char *read, char *line, long line_size, long *read_size, long *alloc_size) {
data/staden-2.0.0+b11/gap5/afg.c:310:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read) {
data/staden-2.0.0+b11/gap5/afg.c:312:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-2.0.0+b11/gap5/afg.c:319:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = realloc(read, *alloc_size * sizeof(char));
data/staden-2.0.0+b11/gap5/afg.c:325:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-2.0.0+b11/gap5/afg.c:329:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(read + *read_size, line, line_size);
data/staden-2.0.0+b11/gap5/afg.c:331:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[*read_size] = '\0';
data/staden-2.0.0+b11/gap5/afg.c:333:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-2.0.0+b11/gap5/afg.c:338:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char **read, char **qual, char **gaps) {
data/staden-2.0.0+b11/gap5/afg.c:363:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*read = add_line(*read, line, length, &offset, &alloc_len);
data/staden-2.0.0+b11/gap5/afg.c:422:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
seq.len = get_read_data(fp, &tle[i], ri, &read_name, &read, &qual, &gaps);
data/staden-2.0.0+b11/gap5/afg.c:432:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[i] == '-') {
data/staden-2.0.0+b11/gap5/afg.c:433:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[i] = '*';
data/staden-2.0.0+b11/gap5/afg.c:434:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (read[i] == 'n' || read[i] == 'N') {
data/staden-2.0.0+b11/gap5/afg.c:434:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (read[i] == 'n' || read[i] == 'N') {
data/staden-2.0.0+b11/gap5/afg.c:435:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[i] = '-';
data/staden-2.0.0+b11/gap5/afg.c:439:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memset(read, 'N', seq.len);
data/staden-2.0.0+b11/gap5/afg.c:453:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq.name_len = strlen(read_name);
data/staden-2.0.0+b11/gap5/afg.c:467:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memcpy(seq.seq, read, seq.len);
data/staden-2.0.0+b11/gap5/afg.c:492:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) free(read);
data/staden-2.0.0+b11/gap5/afg.c:492:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) free(read);
data/staden-2.0.0+b11/gap5/afg.c:525:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((line_size = strlen(line))) {
data/staden-2.0.0+b11/gap5/b+tree2.c:287:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!n || !n->keys[ind] || 0 != strncmp(n->keys[ind], str,strlen(str)))
data/staden-2.0.0+b11/gap5/b+tree2.c:314:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (( prefix && strncmp(n->keys[ind], str, strlen(str)) == 0) ||
data/staden-2.0.0+b11/gap5/b+tree2.c:726:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += 1+strlen(n->keys[i])+1;
data/staden-2.0.0+b11/gap5/b+tree2.c:728:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, n->keys[i], strlen(n->keys[i])+1);
data/staden-2.0.0+b11/gap5/b+tree2.c:737:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, cp1, strlen(cp1)+1);
data/staden-2.0.0+b11/gap5/b+tree2.c:738:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen(cp1)+1;
data/staden-2.0.0+b11/gap5/b+tree2.c:742:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen(n->keys[i])+1;
data/staden-2.0.0+b11/gap5/b+tree2.c:743:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, n->keys[i], strlen(n->keys[i])+1);
data/staden-2.0.0+b11/gap5/b+tree2.c:761:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(prefix);
data/staden-2.0.0+b11/gap5/b+tree2.c:837:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen((char *)bufp);
data/staden-2.0.0+b11/gap5/b+tree2.c:840:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(n->keys[i], last, dist);
data/staden-2.0.0+b11/gap5/b+tree2.c:903:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (bufp + strlen(cp1) + 2 - buf >= alloc) {
data/staden-2.0.0+b11/gap5/b+tree2.c:983:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(n->keys[i], last, dist);
data/staden-2.0.0+b11/gap5/b+tree2.c:984:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(n->keys[i]+dist, (char *)bufp, l);
data/staden-2.0.0+b11/gap5/b+tree2.c:1091:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (bufp + strlen(cp1) + 2 - buf >= alloc) {
data/staden-2.0.0+b11/gap5/baf.c:167:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(&l->str[pos]);
data/staden-2.0.0+b11/gap5/baf.c:288:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(seq);
data/staden-2.0.0+b11/gap5/baf.c:369:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->name_len = strlen(name);
data/staden-2.0.0+b11/gap5/baf.c:370:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->template_name_len = strlen(*tname);
data/staden-2.0.0+b11/gap5/baf.c:371:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->trace_name_len = strlen(trace_name);
data/staden-2.0.0+b11/gap5/baf.c:372:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->alignment_len = strlen(alignment);
data/staden-2.0.0+b11/gap5/break_contig.c:1387:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cname, contig_get_name(&cl), 1000);
data/staden-2.0.0+b11/gap5/break_contig.c:1388:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cname_end = cname + strlen(cname);
data/staden-2.0.0+b11/gap5/caf.c:89:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (str && (length = strlen(str))) {
data/staden-2.0.0+b11/gap5/caf.c:109:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (str && (length = strlen(str))) {
data/staden-2.0.0+b11/gap5/caf.c:133:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_length = strlen(key);
data/staden-2.0.0+b11/gap5/caf.c:134:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
field_length = strlen(field);
data/staden-2.0.0+b11/gap5/caf.c:174:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static char *add_line(char *read, char *line, long line_size, long *read_size, long *alloc_size) {
data/staden-2.0.0+b11/gap5/caf.c:180:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read) {
data/staden-2.0.0+b11/gap5/caf.c:182:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-2.0.0+b11/gap5/caf.c:189:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = realloc(read, *alloc_size * sizeof(char));
data/staden-2.0.0+b11/gap5/caf.c:195:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-2.0.0+b11/gap5/caf.c:199:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(read + *read_size, line, line_size);
data/staden-2.0.0+b11/gap5/caf.c:201:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[*read_size] = '\0';
data/staden-2.0.0+b11/gap5/caf.c:203:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-2.0.0+b11/gap5/caf.c:386:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(name);
data/staden-2.0.0+b11/gap5/caf.c:406:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(name + name_pos, this_node->prefix, strlen(this_node->prefix)) != 0) {
data/staden-2.0.0+b11/gap5/caf.c:530:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(index->entry[index->size].name, name, length);
data/staden-2.0.0+b11/gap5/caf.c:551:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(index->entry[pos].data, data, size);
data/staden-2.0.0+b11/gap5/caf.c:611:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((line_size = strlen(line))) {
data/staden-2.0.0+b11/gap5/caf.c:630:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = add_entry(contig_entry, keep_name, strlen(keep_name), pos);
data/staden-2.0.0+b11/gap5/caf.c:703:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt_len = strlen(anno_entry);
data/staden-2.0.0+b11/gap5/caf.c:706:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((*annotation)[*anno_count].text, anno_entry, txt_len);
data/staden-2.0.0+b11/gap5/caf.c:743:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (add_entry_data(reads, end, strlen(end), (reads->size - 1))) {
data/staden-2.0.0+b11/gap5/caf.c:1027:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tr_len = strlen(value);
data/staden-2.0.0+b11/gap5/caf.c:1033:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(trace_name, value, tr_len);
data/staden-2.0.0+b11/gap5/caf.c:1036:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tm_len = strlen(value);
data/staden-2.0.0+b11/gap5/caf.c:1044:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(template_name, value, tm_len);
data/staden-2.0.0+b11/gap5/caf.c:1117:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq.name_len = strlen(name);
data/staden-2.0.0+b11/gap5/caf.c:1125:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq.template_name_len = strlen(template_name);
data/staden-2.0.0+b11/gap5/check_assembly.c:157:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
seq_name(ca->io, obj->read));
data/staden-2.0.0+b11/gap5/check_assembly.c:178:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
llino = obj->read;
data/staden-2.0.0+b11/gap5/check_assembly.c:215:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
obj->read, obj->pos1, obj->length, ((float)obj->score)/10000);
data/staden-2.0.0+b11/gap5/consen.c:130:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(project_name);
data/staden-2.0.0+b11/gap5/consen.c:369:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen ( known );
data/staden-2.0.0+b11/gap5/consen.c:468:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jstart = MIN ( start, (int)strlen( seq ) );
data/staden-2.0.0+b11/gap5/consen.c:472:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(&seq[jstart]), 1);
data/staden-2.0.0+b11/gap5/consen.c:1657:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int codes_l = strlen(codes);
data/staden-2.0.0+b11/gap5/consen.c:1806:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_ID, name, strlen(name));
data/staden-2.0.0+b11/gap5/consen.c:1807:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_EN, name, strlen(name));
data/staden-2.0.0+b11/gap5/consen.c:1859:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(e, EFLT_CC, buf, strlen(buf));
data/staden-2.0.0+b11/gap5/consen.c:1871:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err |= exp_put_str(e, EFLT_AV, buf, strlen(buf));
data/staden-2.0.0+b11/gap5/consensus.c:288:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(s->name ? strlen(s->name) : 0)+1 +
data/staden-2.0.0+b11/gap5/consensus.c:289:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(s->trace_name ? strlen(s->trace_name) : 0)+1 +
data/staden-2.0.0+b11/gap5/consensus.c:290:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(s->alignment ? strlen(s->alignment) : 0)+1 +
data/staden-2.0.0+b11/gap5/contig_selector.c:1328:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r->colour, args.colour, COLOUR_LEN-1);
data/staden-2.0.0+b11/gap5/cs-object.c:657:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
o->length, o->rpos, o->read, o->score);
data/staden-2.0.0+b11/gap5/cs-object.h:73:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tg_rec read;
data/staden-2.0.0+b11/gap5/depad_seq_tree.c:82:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(seq);
data/staden-2.0.0+b11/gap5/depad_seq_tree.c:201:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(0, data + dcurr, 8192);
data/staden-2.0.0+b11/gap5/editor_join.c:269:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a->S = a->res = rsalign2myers(overlap->seq1_out, strlen(overlap->seq1_out),
data/staden-2.0.0+b11/gap5/editor_join.c:270:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
overlap->seq2_out, strlen(overlap->seq2_out),
data/staden-2.0.0+b11/gap5/editor_join.c:598:47: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int edJoinMismatch(edview *xx, int *len, int *mismatch) {
data/staden-2.0.0+b11/gap5/editor_join.c:685:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
(*mismatch)++;
data/staden-2.0.0+b11/gap5/editor_search.c:116:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen(value);
data/staden-2.0.0+b11/gap5/editor_search.c:279:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen(value);
data/staden-2.0.0+b11/gap5/editor_search.c:769:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(s->name, value, strlen(value)) == 0) {
data/staden-2.0.0+b11/gap5/editor_view.c:1727:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XawSheetPutText(&xx->names->sw, 0, xx->y_cons, strlen(name), name);
data/staden-2.0.0+b11/gap5/editor_view.h:295:47: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int edJoinMismatch(edview *xx, int *len, int *mismatch);
data/staden-2.0.0+b11/gap5/export_contigs.c:336:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*name_len = strlen(false_name);
data/staden-2.0.0+b11/gap5/export_contigs.c:1181:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bam_aux_add_data(&bam, "RG", 'Z', strlen(rg_buf)+1, (uint8_t *) rg_buf);
data/staden-2.0.0+b11/gap5/export_contigs.c:1784:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(name+strlen(name), ".%"PRIrec, s->rec);
data/staden-2.0.0+b11/gap5/export_contigs.c:1809:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->trace_name_len ? s->trace_name_len : (int)strlen(name),
data/staden-2.0.0+b11/gap5/export_contigs.c:2784:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gff_type, val, l);
data/staden-2.0.0+b11/gap5/fasta.c:150:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(line);
data/staden-2.0.0+b11/gap5/fasta.c:198:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(line);
data/staden-2.0.0+b11/gap5/fasta.c:272:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq.name_len = strlen(ent.name);
data/staden-2.0.0+b11/gap5/find_haplotypes.c:368:10: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (mismatch)
data/staden-2.0.0+b11/gap5/find_oligo.c:219:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (obj->read) {
data/staden-2.0.0+b11/gap5/find_oligo.c:220:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
llino = obj->read;
data/staden-2.0.0+b11/gap5/find_oligo.c:233:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (obj->read) {
data/staden-2.0.0+b11/gap5/find_oligo.c:669:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(cons_array[i]);
data/staden-2.0.0+b11/gap5/find_oligo.c:681:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mis_match = strlen(string) - (ceil(strlen(string) * mis_fmatch / 100.));
data/staden-2.0.0+b11/gap5/find_oligo.c:681:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mis_match = strlen(string) - (ceil(strlen(string) * mis_fmatch / 100.));
data/staden-2.0.0+b11/gap5/find_oligo.c:686:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
complement_seq(string, strlen(string));
data/staden-2.0.0+b11/gap5/find_oligo.c:690:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(cons_array[k]);
data/staden-2.0.0+b11/gap5/find_oligo.c:693:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(string),
data/staden-2.0.0+b11/gap5/find_oligo.c:710:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length[cnt] = strlen(string);
data/staden-2.0.0+b11/gap5/find_oligo.c:724:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cons_match,&cons_array[k][pos2[cnt]-1],
data/staden-2.0.0+b11/gap5/find_oligo.c:828:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t stringlen = strlen(string);
data/staden-2.0.0+b11/gap5/find_oligo.c:855:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(cons_array[i]);
data/staden-2.0.0+b11/gap5/g-alloc.c:131:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (24 != read(h->fd, data.c, 24))
data/staden-2.0.0+b11/gap5/g-alloc.c:136:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (20 != read(h->fd, &data.c[4], 20))
data/staden-2.0.0+b11/gap5/g-alloc.c:381:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (8*NPOOLS != read(h->fd, &h->pool[0], 8*NPOOLS))
data/staden-2.0.0+b11/gap5/g-alloc.c:708:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(h->fd, &p[0], 8*NPOOLS);
data/staden-2.0.0+b11/gap5/g-alloc.c:741:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (4 == read(h->fd, &len, 4)) {
data/staden-2.0.0+b11/gap5/g-alloc.c:742:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(h->fd, &prev, 8);
data/staden-2.0.0+b11/gap5/g-alloc.c:743:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(h->fd, &next, 8);
data/staden-2.0.0+b11/gap5/g-alloc.c:772:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(h->fd, &len2, 4);
data/staden-2.0.0+b11/gap5/g-alloc.c:863:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(h->fd, &p[0], 8*NPOOLS);
data/staden-2.0.0+b11/gap5/g-alloc.c:930:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (4 == read(h->fd, &len, 4)) {
data/staden-2.0.0+b11/gap5/g-alloc.c:932:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(h->fd, &prev, 8);
data/staden-2.0.0+b11/gap5/g-alloc.c:933:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(h->fd, &next, 8);
data/staden-2.0.0+b11/gap5/g-alloc.c:969:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(h->fd, &len2, 4);
data/staden-2.0.0+b11/gap5/g-files.c:148:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fn2l = (NULL != dir ? strlen(dir) : 0) + strlen(fn);
data/staden-2.0.0+b11/gap5/g-files.c:148:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fn2l = (NULL != dir ? strlen(dir) : 0) + strlen(fn);
data/staden-2.0.0+b11/gap5/g-files.c:156:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fndb = malloc(fn2l + strlen(G5_DB_SUFFIX) + 1);
data/staden-2.0.0+b11/gap5/g-files.c:158:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnaux = malloc(fn2l + strlen(G5_AUX_SUFFIX) + 1);
data/staden-2.0.0+b11/gap5/g-files.c:209:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn2l -= strlen(cp);
data/staden-2.0.0+b11/gap5/g-files.c:283:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (gfile->fname = (char *)xmalloc(strlen(fn)+1)) != NULL )
data/staden-2.0.0+b11/gap5/g-files.c:411:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (-1 == read(fdaux, &c, 1)) return gerr_set(GERR_READ_ERROR);
data/staden-2.0.0+b11/gap5/g-files.c:463:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (-1 == read(fd, &c, 1)) return gerr_set(GERR_READ_ERROR);
data/staden-2.0.0+b11/gap5/g-io.c:38:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (read(fd,&X,sizeof(X))) != sizeof(X) ) return 1; \
data/staden-2.0.0+b11/gap5/g-io.c:206:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sizeof(rec) != read(fd, &rec, sizeof(rec)))
data/staden-2.0.0+b11/gap5/g-io.c:227:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sizeof(rec) != read(fd, &rec, sizeof(rec)))
data/staden-2.0.0+b11/gap5/g-io.c:371:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &rec32, sizeof(rec32)) != (int)(sizeof(rec32)))
data/staden-2.0.0+b11/gap5/g-io.c:394:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, idx, sizeof(*idx)*num);
data/staden-2.0.0+b11/gap5/g-io.c:412:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &rec32, sizeof(rec32)) != (int)(sizeof(rec32)))
data/staden-2.0.0+b11/gap5/g-io.c:439:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, idx, sizeof(*idx)*num);
data/staden-2.0.0+b11/gap5/g-request.c:262:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
check = read(fd, buf, in);
data/staden-2.0.0+b11/gap5/g-request.c:339:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
check = read(fd, v[parti].buf, partj);
data/staden-2.0.0+b11/gap5/gap4_compat.c:200:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, contig_get_name(&c), DB_NAMELEN);
data/staden-2.0.0+b11/gap5/gap_cli_arg.c:22:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)&store[a->offset], val, a->value-1);
data/staden-2.0.0+b11/gap5/hache_table.c:890:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/staden-2.0.0+b11/gap5/hache_table.c:1062:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/staden-2.0.0+b11/gap5/hache_table.c:1113:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/staden-2.0.0+b11/gap5/hache_table.c:1179:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/staden-2.0.0+b11/gap5/hash_lib.c:908:28: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
match = MIN(l1, l2) - mismatch;
data/staden-2.0.0+b11/gap5/hash_lib.c:952:11: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
*mis_p = mismatch;
data/staden-2.0.0+b11/gap5/hash_lib.c:954:18: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return 100 * mismatch / (match + mismatch);
data/staden-2.0.0+b11/gap5/hash_lib.c:954:38: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return 100 * mismatch / (match + mismatch);
data/staden-2.0.0+b11/gap5/list_proc.c:89:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(last_list, name, 100);
data/staden-2.0.0+b11/gap5/maq.c:36:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->name_len = strlen(m->name);
data/staden-2.0.0+b11/gap5/maq.c:41:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->name_len = strlen(n);
data/staden-2.0.0+b11/gap5/maq.c:173:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hi = HacheTableAdd(libs, (char *)LB, strlen(LB), hd, &new);
data/staden-2.0.0+b11/gap5/maq.c:203:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
contig_index_update(io, name, strlen(name), c->rec);
data/staden-2.0.0+b11/gap5/newgap5_cmds.c:273:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((l = strlen(ops)) > 0) {
data/staden-2.0.0+b11/gap5/newgap5_cmds.c:2548:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(args.seq1), strlen(args.seq2));
data/staden-2.0.0+b11/gap5/newgap5_cmds.c:2548:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(args.seq1), strlen(args.seq2));
data/staden-2.0.0+b11/gap5/notedb.c:41:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(note_db[note].search_id);
data/staden-2.0.0+b11/gap5/notedb.c:43:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(note_db[note].id," ",4);
data/staden-2.0.0+b11/gap5/notedb.c:46:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(note_db[note].id,note_db[note].search_id,len);
data/staden-2.0.0+b11/gap5/primlib.c:101:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sa.incl_l = strlen(seq);
data/staden-2.0.0+b11/gap5/primlib.c:155:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sa.incl_l = strlen(seq);
data/staden-2.0.0+b11/gap5/primlib.c:201:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpbuf, value, value_len < 255 ? value_len : 255);
data/staden-2.0.0+b11/gap5/qualIO.c:234:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(num, "-");
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:753:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(r->r_enzyme[item].seq[j]);
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:767:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comments, "\n");
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:769:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comments, "\t");
data/staden-2.0.0+b11/gap5/restriction_enzymes.c:772:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comments, "\n");
data/staden-2.0.0+b11/gap5/sam_index.c:128:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(str);
data/staden-2.0.0+b11/gap5/sam_index.c:1087:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hi = HacheTableAdd(bio->libs, (char *)LB, strlen(LB), hd, &new);
data/staden-2.0.0+b11/gap5/sam_index.c:1113:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/staden-2.0.0+b11/gap5/sam_index.c:1147:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s.name_len = name_len + (suffix ? strlen(suffix) : 0);;
data/staden-2.0.0+b11/gap5/sam_index.c:1477:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hi = HacheTableAdd(bio->libs, (char *)LB, strlen(LB), hd, &new);
data/staden-2.0.0+b11/gap5/sam_index.c:1532:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/staden-2.0.0+b11/gap5/sam_index.c:1562:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s.name_len = name_len + (suffix ? strlen(suffix) : 0);
data/staden-2.0.0+b11/gap5/sam_index.c:1704:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag_type, type, 4);
data/staden-2.0.0+b11/gap5/sam_index.c:1779:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag_type, type, 4);
data/staden-2.0.0+b11/gap5/sam_index.c:1848:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag_type, tokens[0], 4);
data/staden-2.0.0+b11/gap5/sam_index.c:2131:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HacheTableAdd(bio->libs, lib->name, strlen(lib->name), hd, NULL);
data/staden-2.0.0+b11/gap5/sam_pileup.c:619:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(cp, fp->ref[ref].name); cp += strlen(cp);
data/staden-2.0.0+b11/gap5/shuffle_pads.c:1845:11: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (3*mismatch < tot) {
data/staden-2.0.0+b11/gap5/str_finder.c:267:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(argv[1]);
data/staden-2.0.0+b11/gap5/str_finder.c:301:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(0, data + dcurr, BS);
data/staden-2.0.0+b11/gap5/tagdb.c:40:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tag_db[tag].search_id);
data/staden-2.0.0+b11/gap5/tagdb.c:42:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(tag_db[tag].id," ",4);
data/staden-2.0.0+b11/gap5/tagdb.c:45:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag_db[tag].id,tag_db[tag].search_id,len);
data/staden-2.0.0+b11/gap5/tagdb.c:87:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_path, path, 2000);
data/staden-2.0.0+b11/gap5/tg_anno.c:157:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = comment ? strlen(comment) : 0;
data/staden-2.0.0+b11/gap5/tg_anno.c:158:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (clen > (ae->comment ? strlen(ae->comment) : 0)) {
data/staden-2.0.0+b11/gap5/tg_anno.c:206:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stype, str, 4);
data/staden-2.0.0+b11/gap5/tg_cache.c:665:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->database.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:669:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->seq.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:673:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->seq_block.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:677:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->bin.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:681:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->track.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:685:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->contig.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:689:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->contig_block.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:693:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->scaffold_block.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:697:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->array.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:701:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->anno_ele.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:705:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->anno_ele_block.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:709:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->anno.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:713:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ci = io->iface->library.read(io->dbh, k->rec);
data/staden-2.0.0+b11/gap5/tg_cache.c:2295:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t clen = sizeof(contig_t) + strlen(f->name)+1;
data/staden-2.0.0+b11/gap5/tg_cache.c:2350:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t clen = sizeof(scaffold_t) + strlen(f->name)+1;
data/staden-2.0.0+b11/gap5/tg_cache.c:2429:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(f->comment ? strlen(f->comment) : 0)+1;
data/staden-2.0.0+b11/gap5/tg_cache.c:2448:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b->est_size += strlen(t->comment) + 10;
data/staden-2.0.0+b11/gap5/tg_check.c:245:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s->name && s->name_len != strlen(s->name)) ||
data/staden-2.0.0+b11/gap5/tg_contig.c:135:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (n = cache_item_resize(n, sizeof(*n) + strlen(name)+1)))
data/staden-2.0.0+b11/gap5/tg_contig.c:2341:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(template1, s1->name, s1->template_name_len);
data/staden-2.0.0+b11/gap5/tg_contig.c:2354:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(template2, s2->name, s2->template_name_len);
data/staden-2.0.0+b11/gap5/tg_gio.c:58:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen(fn);
data/staden-2.0.0+b11/gap5/tg_iface.h:59:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cached_item *(*read)(void *dbh, tg_rec rec); \
data/staden-2.0.0+b11/gap5/tg_iface.h:93:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cached_item *(*read)(void *dbh, tg_rec rec);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1275:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(fn) + strlen(G5_AUX_SUFFIX) >= sizeof(auxfn) ) return gerr_set(GERR_NAME_TOO_LONG);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1275:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(fn) + strlen(G5_AUX_SUFFIX) >= sizeof(auxfn) ) return gerr_set(GERR_NAME_TOO_LONG);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:1890:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = c->name ? strlen(c->name) : 0;
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2143:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comment_len = e->comment ? strlen(e->comment) : 0;
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2300:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(name ? strlen(name)+1 : 0))))
data/staden-2.0.0+b11/gap5/tg_iface_g.c:2357:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(lib->name)+1;
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3794:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq->name_len = strlen(seq->name);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3799:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq->trace_name_len = strlen(seq->trace_name);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:3804:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq->alignment_len = strlen(seq->alignment);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5403:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_size[11] += c->name ? strlen(c->name) : 0; /* name */
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5471:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen(c->name);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5766:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_size[ 3] += c->name ? strlen(c->name) : 0; /* name */
data/staden-2.0.0+b11/gap5/tg_iface_g.c:5789:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen(c->name);
data/staden-2.0.0+b11/gap5/tg_iface_g.c:6111:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_size[7] += e->comment ? strlen(e->comment) : 0; /* comments */
data/staden-2.0.0+b11/gap5/tg_iface_g.c:6113:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_size[6] += e->comment ? strlen(e->comment) : 0; /* comments */
data/staden-2.0.0+b11/gap5/tg_iface_g.c:6145:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int comment_len = strlen(e->comment);
data/staden-2.0.0+b11/gap5/tg_index.c:297:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a.out_fn = malloc(strlen(argv[optind])+3);
data/staden-2.0.0+b11/gap5/tg_index_common.c:49:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(instr);
data/staden-2.0.0+b11/gap5/tg_index_common.c:77:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_len = strlen(dir) + strlen(start) + 2; // 2 for terminator and seperator
data/staden-2.0.0+b11/gap5/tg_index_common.c:77:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_len = strlen(dir) + strlen(start) + 2; // 2 for terminator and seperator
data/staden-2.0.0+b11/gap5/tg_index_common.c:81:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (char *)malloc(strlen(file_name) + 1);
data/staden-2.0.0+b11/gap5/tg_index_common.c:569:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sequence_index_update(io, name, strlen(name), rec);
data/staden-2.0.0+b11/gap5/tg_index_common.c:819:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hi = HacheTableAdd(pair->phache, tname, strlen(tname), hd, &new);
data/staden-2.0.0+b11/gap5/tg_index_common.c:1042:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)(cp ? cp-type : strlen(type)), type);
data/staden-2.0.0+b11/gap5/tg_index_common.c:1501:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_chars = strlen(in_line);
data/staden-2.0.0+b11/gap5/tg_library.c:105:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lib = cache_item_resize(lib, sizeof(*lib) + strlen(name) + 1);
data/staden-2.0.0+b11/gap5/tg_library.c:400:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (lib = cache_item_resize(lib, sizeof(*lib) + strlen(name)+1)))
data/staden-2.0.0+b11/gap5/tg_scaffold.c:78:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (n = cache_item_resize(n, sizeof(*n) + strlen(name)+1)))
data/staden-2.0.0+b11/gap5/tg_sequence.c:43:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(s->name ? strlen(s->name) : 0) + 1 +
data/staden-2.0.0+b11/gap5/tg_sequence.c:44:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(s->trace_name ? strlen(s->trace_name) : 0) + 1 +
data/staden-2.0.0+b11/gap5/tg_sequence.c:45:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(s->alignment ? strlen(s->alignment) : 0) + 1 +
data/staden-2.0.0+b11/gap5/tg_sequence.c:80:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->name_len = strlen(s->name);
data/staden-2.0.0+b11/gap5/tg_sequence.c:83:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->trace_name_len = strlen(s->trace_name);
data/staden-2.0.0+b11/gap5/tg_sequence.c:86:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->alignment_len = strlen(s->alignment);
data/staden-2.0.0+b11/gap5/tg_sequence.c:376:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extra_len += (name ? strlen(name) : 0) -
data/staden-2.0.0+b11/gap5/tg_sequence.c:377:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((*s)->name ? strlen((*s)->name) : 0);
data/staden-2.0.0+b11/gap5/tg_sequence.c:383:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n->name_len = strlen(name);
data/staden-2.0.0+b11/gap5/tg_sequence.c:425:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extra_len += (trace_name ? strlen(trace_name) : 0) -
data/staden-2.0.0+b11/gap5/tg_sequence.c:426:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((*s)->trace_name ? strlen((*s)->trace_name) : 0);
data/staden-2.0.0+b11/gap5/tg_sequence.c:433:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n->trace_name_len = strlen(trace_name);
data/staden-2.0.0+b11/gap5/tg_sequence.c:603:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(n2, name, name_len > 1024 ? 1024 : name_len);
data/staden-2.0.0+b11/gap5/tg_view.c:327:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvaddnstr(0, 1, contig_get_name(c), strlen(contig_get_name(c)));
data/staden-2.0.0+b11/gap5/tg_view.c:476:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addnstr(name, strlen(name));
data/staden-2.0.0+b11/gap5/tg_view.c:481:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)MIN(MAX_NAME_LEN, strlen(name)),
data/staden-2.0.0+b11/gap5/tg_view.c:484:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name)) +sp-xpos),
data/staden-2.0.0+b11/gap5/tk-io-reg.c:133:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while((l = strlen(ops)) > 0) {
data/staden-2.0.0+b11/gap5/tk-io-reg.c:947:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(job, "{");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:964:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(job, "}");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1037:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(largv[i])+1;
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1141:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(buf, "?");
data/staden-2.0.0+b11/gap5/tk-io-reg.c:1292:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(targs, args, 8191);
data/staden-2.0.0+b11/gap5/tkAppInit.c:151:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c, "2");
data/staden-2.0.0+b11/gap5/tkEditor.c:334:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(xx->seq_win, Tk_PathName(tkwin), WIN_NAME_SIZE);
data/staden-2.0.0+b11/gap5/tkEditor.c:335:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(xx->name_win, argv[4], WIN_NAME_SIZE);
data/staden-2.0.0+b11/gap5/tkEditor.c:1059:11: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int len, mismatch;
data/staden-2.0.0+b11/gap5/tkEditor.c:1068:47: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
result = (0 == edJoinMismatch(ed->xx, &len, &mismatch))
data/staden-2.0.0+b11/gap5/tkEditor.c:1071:39: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
vTcl_SetResult(interp, "%d %d", len, mismatch);
data/staden-2.0.0+b11/gap5/tman_display.c:161:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dc->file, file, FILE_NAME_LENGTH);
data/staden-2.0.0+b11/gap5/tman_interface.c:687:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/staden-2.0.0+b11/gap5/tman_interface.c:799:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mismatch_seq_top = tlist[i].read;
data/staden-2.0.0+b11/gap5/tman_interface.c:801:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mismatch_seq_bot = tlist[i].read;
data/staden-2.0.0+b11/gap5/tman_interface.c:1072:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = t->read;
data/staden-2.0.0+b11/hetins/hetins.c:501:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = heterozygous_indels(read, params);
data/staden-2.0.0+b11/hetins/hetins.c:514:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(exp_file, EFLT_TG, buffer, strlen(buffer))) {
data/staden-2.0.0+b11/hetins/hetins.c:522:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(exp_file, EFLT_QR, buffer, strlen(buffer))) {
data/staden-2.0.0+b11/hetins/hetins.c:529:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/staden-2.0.0+b11/hetins/hetins.c:534:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/staden-2.0.0+b11/make_weights/make_weights.c:164:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)malloc((strlen(s) + 1)*sizeof(char)))) return NULL;
data/staden-2.0.0+b11/make_weights/make_weights.c:166:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_length = MAX ( name_length, strlen(s) );
data/staden-2.0.0+b11/make_weights/make_weights.c:169:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (seq = (char *)malloc((strlen(s) + 1)*sizeof(char)))) return NULL;
data/staden-2.0.0+b11/make_weights/make_weights.c:171:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = MAX ( length, strlen(s) );
data/staden-2.0.0+b11/make_weights/make_weights.c:190:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen ( c ) ) {
data/staden-2.0.0+b11/make_weights/make_weights.c:191:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c[strlen(c)-1] = '\0';
data/staden-2.0.0+b11/make_weights/make_weights.c:192:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (comment = (char *)malloc((strlen(c) + 1)*sizeof(char)))) return NULL;
data/staden-2.0.0+b11/make_weights/make_weights.c:302:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen ( v->motif_spec_ptr[motif].seq );
data/staden-2.0.0+b11/make_weights/make_weights.c:408:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen ( v->motif_spec_ptr[motif].seq );
data/staden-2.0.0+b11/mutlib/align.cpp:121:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_nInputSequenceLength[n] = (l<0) ? std::strlen(s) : l;
data/staden-2.0.0+b11/mutlib/align.cpp:384:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int e = std::strlen(CharSet);
data/staden-2.0.0+b11/mutlib/mutationtag.cpp:30:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(std::strlen(name)<5);
data/staden-2.0.0+b11/mutlib/mutationtag.cpp:104:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(std::strlen(m_pComment)<MAX_STRING);
data/staden-2.0.0+b11/mutlib/mutationtag.cpp:117:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(std::strlen(newname)==4);
data/staden-2.0.0+b11/mutlib/mutationtag_utils.cpp:102:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = std::strlen( pTag->Comment() );
data/staden-2.0.0+b11/mutlib/muttag.cpp:76:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(std::strlen(Name)<5);
data/staden-2.0.0+b11/mutlib/muttag.cpp:80:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy( m_pName, Name, 4 );
data/staden-2.0.0+b11/mutlib/muttag.cpp:146:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = std::strlen(s);
data/staden-2.0.0+b11/mutlib/muttag.cpp:181:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = std::strlen( m_pComment );
data/staden-2.0.0+b11/mutlib/muttag.cpp:200:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(std::strlen(m_pComment)<MAX_COMMENT);
data/staden-2.0.0+b11/mutlib/parameter.hpp:88:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_pName = new char[ std::strlen(pName)+1 ];
data/staden-2.0.0+b11/mutlib/read_matrix.cpp:32:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(base_order);
data/staden-2.0.0+b11/mutlib/read_matrix.cpp:133:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(base_order);
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:157:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i_end = strlen(order);
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:263:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq_align + j, seq + i, l);
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:440:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_seq, seq1_align + i, max_out_width);
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:444:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_seq, seq2_align + i, max_out_width);
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:471:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(seq);
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:474:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, seq + i, 60);
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:907:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = MAX(strlen ( seq1_res ),strlen ( seq2_res ));
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:907:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = MAX(strlen ( seq1_res ),strlen ( seq2_res ));
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:1051:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = MAX(strlen ( seq1_res ),strlen ( seq2_res ));
data/staden-2.0.0+b11/mutlib/sp_align_lib.cpp:1051:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = MAX(strlen ( seq1_res ),strlen ( seq2_res ));
data/staden-2.0.0+b11/mutlib/sp_alignment.cpp:399:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base_order);
data/staden-2.0.0+b11/mutlib/sp_alignment.cpp:495:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_seq, seq1_align + i, max_out_width);
data/staden-2.0.0+b11/mutlib/sp_alignment.cpp:499:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_seq, seq2_align + i, max_out_width);
data/staden-2.0.0+b11/mutlib/stringlist.cpp:30:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_pString = new char[ std::strlen(s)+1 ];
data/staden-2.0.0+b11/mutlib/tagarray.cpp:98:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(std::strlen(m_pArray[n].Type)<=4);
data/staden-2.0.0+b11/mutlib/tagarray.cpp:103:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_pArray[n].Comment = new char[ std::strlen(s)+1 ];
data/staden-2.0.0+b11/mutlib/trace.cpp:169:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_pRead->trace_name = static_cast<char*>( xmalloc((std::strlen(pName)+1)*sizeof(char)) );
data/staden-2.0.0+b11/mutscan/main.cpp:594:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str( pExpFile, EFLT_QR, pBuffer, std::strlen(pBuffer) );
data/staden-2.0.0+b11/mutscan/main.cpp:630:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(pExpFile, EFLT_TG, pBuffer, std::strlen(pBuffer) );
data/staden-2.0.0+b11/mutscan/stringlist.cpp:30:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_pString = new char[ std::strlen(s)+1 ];
data/staden-2.0.0+b11/polyA_clip/polyA_clip.c:169:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_length = strlen ( seq );
data/staden-2.0.0+b11/polyA_clip/seqInfo.c:109:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SQlen = strlen(exp_get_entry(e,EFLT_SQ));
data/staden-2.0.0+b11/polyA_clip/seqInfo.c:194:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
si->length = strlen(exp_get_entry(e,EFLT_SQ));
data/staden-2.0.0+b11/prefinish/finish.c:535:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/staden-2.0.0+b11/prefinish/finish.c:555:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ptr = r_exp + strlen(r_exp);
data/staden-2.0.0+b11/prefinish/finish.c:999:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fin->external_seq_len = strlen(eseq);
data/staden-2.0.0+b11/prefinish/finish_pcr.c:129:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(cons_joined);
data/staden-2.0.0+b11/prefinish/finish_pcr.c:138:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("target = %"PRId64",%d\n", (uint64_t)strlen(cons1)+1, 20);
data/staden-2.0.0+b11/prefinish/finish_pcr.c:145:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (-1 == primlib_choose_pcr(pstate, cons_joined, strlen(cons1)+1, 20))
data/staden-2.0.0+b11/prefinish/finish_pcr.c:187:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pp[j].seq[0], &cons_joined[pstate->pairs[i].left->start], len);
data/staden-2.0.0+b11/prefinish/finish_pcr.c:191:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pp[j].seq[1],
data/staden-2.0.0+b11/prefinish/finish_reverse.c:138:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(fin->io, gc->read, r);
data/staden-2.0.0+b11/prefinish/finish_reverse.c:306:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("%d ", gc->read);
data/staden-2.0.0+b11/prefinish/finish_utils.c:488:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(primer, prim, 100);
data/staden-2.0.0+b11/prefinish/finish_utils.c:490:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
primer_len = strlen(primer);
data/staden-2.0.0+b11/prefinish/finish_walk.c:271:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prim[np].primer, &unpadded_cons[pstate->primers[i].start],
data/staden-2.0.0+b11/prefinish/finish_walk.c:743:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("%d ", gc->read);
data/staden-2.0.0+b11/prefinish/finish_walk.c:749:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gel_read(fin->io, ((gel_cont_t *)(clist->data))->read, r);
data/staden-2.0.0+b11/prefinish/gap_cli_arg.c:20:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)&store[a->offset], val, a->value-1);
data/staden-2.0.0+b11/prefinish/tkMain.c:144:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[1]);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:127:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len = strlen(s);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:274:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
repeat_file = pr_jump_malloc(perr, strlen(datum) + 1);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:287:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int_repeat_file = pr_jump_malloc(perr, strlen(datum) + 1);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:387:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(sa->sequence);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:816:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lib->repeat_file = pr_jump_malloc(perr, strlen(filename) + 1);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:847:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lib->names[i] = pr_jump_malloc(perr, strlen(p) + 1);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:861:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(lib->seqs[i-1]) == 0) {
data/staden-2.0.0+b11/primer3/src/boulder_input.c:875:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(k+strlen(p) > j-2){
data/staden-2.0.0+b11/primer3/src/boulder_input.c:876:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(j-2 < k+ strlen(p))j += INIT_BUF_SIZE;
data/staden-2.0.0+b11/primer3/src/boulder_input.c:881:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k += strlen(p);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:889:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(lib->seqs[i]) == 0) {
data/staden-2.0.0+b11/primer3/src/boulder_input.c:923:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(s);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:1004:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(lib->names[i-n]);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:1008:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lib->seqs[i] = pr_jump_malloc(perr, strlen(lib->seqs[i-n]) + 1);
data/staden-2.0.0+b11/primer3/src/boulder_input.c:1028:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(s);
data/staden-2.0.0+b11/primer3/src/dpal.c:225:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ustrlen(X) (strlen((const char *)(X)))
data/staden-2.0.0+b11/primer3/src/format_output.c:209:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int seq_len = strlen(sa->sequence);
data/staden-2.0.0+b11/primer3/src/format_output.c:328:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(sa->sequence);
data/staden-2.0.0+b11/primer3/src/format_output.c:656:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int seq_len = strlen(sa->sequence);
data/staden-2.0.0+b11/primer3/src/oligotm.c:279:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *e = s + strlen(s)-1;
data/staden-2.0.0+b11/primer3/src/oligotm.c:307:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/staden-2.0.0+b11/primer3/src/oligotm.c:493:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int x = strlen(s);
data/staden-2.0.0+b11/primer3/src/oligotm.c:505:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(seq);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:387:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(sa->sequence);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:401:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(sa->sequence);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:475:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xlen = strlen(x->data);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:476:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:553:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s1) != strlen(s2)) return 1;
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:553:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s1) != strlen(s2)) return 1;
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:643:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xlen = strlen(x->data);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:644:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:966:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PR_ASSERT(INT_MAX > (n=strlen(sa->trimmed_seq)));
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:1143:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(sa->trimmed_seq);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:1658:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sa->sequence_name) + strlen(ext) + 1);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:1658:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sa->sequence_name) + strlen(ext) + 1);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2207:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int seq_len = strlen(sa->sequence);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2502:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sa->internal_input) > pa->io_primer_max_size)
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2505:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sa->internal_input) < pa->io_primer_min_size)
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2516:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sa->left_input) > pa->primer_max_size)
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2518:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sa->left_input) < pa->primer_min_size)
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2528:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sa->right_input) < pa->primer_min_size)
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2530:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sa->right_input) > pa->primer_max_size) {
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2898:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2968:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n1 = strlen(s1); n2 = strlen(s2);
data/staden-2.0.0+b11/primer3/src/primer3_lib.c:2968:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n1 = strlen(s1); n2 = strlen(s2);
data/staden-2.0.0+b11/primer3/src/primer3_main.c:51:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pr_program_name_len = strlen(argv[0]);
data/staden-2.0.0+b11/qclip/consen.c:21:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen ( known );
data/staden-2.0.0+b11/qclip/consen.c:132:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jstart = MIN ( start, strlen( seq ) );
data/staden-2.0.0+b11/qclip/consen.c:136:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(&seq[jstart]), 1);
data/staden-2.0.0+b11/qclip/consen.c:142:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jstart = MIN ( jstart, strlen( seq ) );
data/staden-2.0.0+b11/qclip/consen.c:144:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(&seq[jstart]), 1);
data/staden-2.0.0+b11/qclip/seqInfo.c:108:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SQlen = strlen(exp_get_entry(e,EFLT_SQ));
data/staden-2.0.0+b11/qclip/seqInfo.c:193:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
si->length = strlen(exp_get_entry(e,EFLT_SQ));
data/staden-2.0.0+b11/screen_seq/screen_seq.c:80:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_name[strlen(file_name)-1] = '\0';
data/staden-2.0.0+b11/screen_seq/screen_seq.c:82:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( NULL == (file_names[num_read] = (char *) malloc ( sizeof(char *)*(strlen(file_name)+1) ))) {
data/staden-2.0.0+b11/screen_seq/screen_seq.c:106:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(base_name, expanded_fn, p-expanded_fn+1);
data/staden-2.0.0+b11/screen_seq/screen_seq.c:127:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_name[strlen(file_name)-1] = '\0';
data/staden-2.0.0+b11/screen_seq/screen_seq.c:137:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( NULL == (vfile_names[num_read] = (char *) malloc ( sizeof(char *)*(strlen(file_name)+1) ))) {
data/staden-2.0.0+b11/screen_seq/screen_seq.c:158:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(base_name, fofn_name, p-fofn_name+1);
data/staden-2.0.0+b11/screen_seq/screen_seq.c:174:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_name[strlen(file_name)-1] = '\0';
data/staden-2.0.0+b11/screen_seq/screen_seq.c:184:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( NULL == (vfile_names[num_read] = (char *) malloc ( sizeof(char *)*(strlen(file_name)+1) ))) {
data/staden-2.0.0+b11/screen_seq/screen_seq.c:676:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_length = strlen ( seq );
data/staden-2.0.0+b11/screen_seq/screen_seq.c:743:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("contaminated"))) {
data/staden-2.0.0+b11/screen_seq/screen_seq.c:751:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(e, EFLT_TG, mess, strlen(mess));
data/staden-2.0.0+b11/screen_seq/screen_seq.c:790:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("contaminated"))) {
data/staden-2.0.0+b11/screen_seq/screen_seq.c:798:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(e, EFLT_TG, mess, strlen(mess));
data/staden-2.0.0+b11/screen_seq/screen_seq.c:971:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *) malloc ( sizeof(char *)*(strlen(fofn_i)+1) ))) {
data/staden-2.0.0+b11/screen_seq/screen_seq.c:990:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *) malloc ( sizeof(char *)*(strlen(fofn_s)+1) ))) {
data/staden-2.0.0+b11/seq_utils/align.c:40:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i_end = strlen(order);
data/staden-2.0.0+b11/seq_utils/align_lib.c:136:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i_end = strlen(order);
data/staden-2.0.0+b11/seq_utils/align_lib.c:188:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base_order);
data/staden-2.0.0+b11/seq_utils/align_lib.c:1241:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq_align + j, seq + i, l);
data/staden-2.0.0+b11/seq_utils/align_lib.c:1388:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_seq, seq1_align + i, max_out_width);
data/staden-2.0.0+b11/seq_utils/align_lib.c:1392:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_seq, seq2_align + i, max_out_width);
data/staden-2.0.0+b11/seq_utils/align_lib.c:1465:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_seq, seq1_align + i, max_out_width);
data/staden-2.0.0+b11/seq_utils/align_lib.c:1469:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_seq, seq2_align + i, max_out_width);
data/staden-2.0.0+b11/seq_utils/align_lib.c:1493:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(seq);
data/staden-2.0.0+b11/seq_utils/align_lib.c:1496:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, seq + i, 60);
data/staden-2.0.0+b11/seq_utils/align_lib.c:1919:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = MAX(strlen ( seq1_res ),strlen ( seq2_res ));
data/staden-2.0.0+b11/seq_utils/align_lib.c:1919:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = MAX(strlen ( seq1_res ),strlen ( seq2_res ));
data/staden-2.0.0+b11/seq_utils/align_lib.c:2066:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = MAX(strlen ( seq1_res ),strlen ( seq2_res ));
data/staden-2.0.0+b11/seq_utils/align_lib.c:2066:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = MAX(strlen ( seq1_res ),strlen ( seq2_res ));
data/staden-2.0.0+b11/seq_utils/base_comp.c:100:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
edge_length = strlen ( edge );
data/staden-2.0.0+b11/seq_utils/base_comp.c:148:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
edge_length = strlen ( edge );
data/staden-2.0.0+b11/seq_utils/dna_utils.c:382:21: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int i, j, k, l, mismatch, max_mismatch, n_matches;
data/staden-2.0.0+b11/seq_utils/dna_utils.c:413:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (--mismatch <= 0)
data/staden-2.0.0+b11/seq_utils/dna_utils.c:418:6: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (mismatch > 0) {
data/staden-2.0.0+b11/seq_utils/dna_utils.c:421:51: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
score[n_matches] = string_len - (max_mismatch - mismatch);
data/staden-2.0.0+b11/seq_utils/dna_utils.c:452:21: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int i, j, k, l, mismatch, max_mismatch, n_matches;
data/staden-2.0.0+b11/seq_utils/dna_utils.c:473:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (--mismatch <= 0)
data/staden-2.0.0+b11/seq_utils/dna_utils.c:478:6: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (mismatch > 0) {
data/staden-2.0.0+b11/seq_utils/dna_utils.c:481:51: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
score[n_matches] = string_len - (max_mismatch - mismatch);
data/staden-2.0.0+b11/seq_utils/dna_utils.c:512:21: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int i, j, k, l, mismatch, max_mismatch = string_len;
data/staden-2.0.0+b11/seq_utils/dna_utils.c:531:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (--mismatch <= 0)
data/staden-2.0.0+b11/seq_utils/dna_utils.c:536:6: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (mismatch > 0) {
data/staden-2.0.0+b11/seq_utils/dna_utils.c:537:22: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
max_mismatch -= mismatch;
data/staden-2.0.0+b11/seq_utils/dna_utils.c:658:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(seq1);
data/staden-2.0.0+b11/seq_utils/dna_utils.c:667:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(seq1);
data/staden-2.0.0+b11/seq_utils/dna_utils.c:751:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(seq1);
data/staden-2.0.0+b11/seq_utils/dna_utils.c:824:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(seq1);
data/staden-2.0.0+b11/seq_utils/filter_words.c:43:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int seqlen = strlen(seq), i;
data/staden-2.0.0+b11/seq_utils/genetic_code_old.c:312:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d %d\n",strlen(seq),3*strlen(seq),3*(strlen(seq)/3));
data/staden-2.0.0+b11/seq_utils/genetic_code_old.c:312:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d %d\n",strlen(seq),3*strlen(seq),3*(strlen(seq)/3));
data/staden-2.0.0+b11/seq_utils/genetic_code_old.c:312:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d %d\n",strlen(seq),3*strlen(seq),3*(strlen(seq)/3));
data/staden-2.0.0+b11/seq_utils/genetic_code_old.c:313:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<3*(strlen(seq)/3);i+=3) {
data/staden-2.0.0+b11/seq_utils/genetic_code_old.c:317:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<3*(strlen(seq)/3);i+=3) {
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:116:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( min_open < (len_open = strlen ( protein = (orf_protein_seqf (
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:120:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)] = ' ';
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:155:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( min_open < (len_open = strlen ( protein = (orf_protein_seqf (
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:159:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)] = ' ';
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:195:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( min_open < (len_open = strlen ( protein = (orf_protein_seqf (
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:233:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( min_open < (len_open = strlen ( protein = (orf_protein_seqf (
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:298:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( min_open < (len_open = strlen ( protein = (orf_protein_seq_r (
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:302:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)] = ' ';
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:336:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( min_open < (len_open = strlen ( protein = (orf_protein_seq_r (
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:340:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)] = ' ';
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:376:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( min_open < (len_open = strlen ( protein = (orf_protein_seq_r (
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:414:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( min_open < (len_open = strlen ( protein = (orf_protein_seq_r (
data/staden-2.0.0+b11/seq_utils/open_reading_frames.c:442:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
num_bases = strlen ( dna );
data/staden-2.0.0+b11/seq_utils/read_matrix.c:31:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(base_order);
data/staden-2.0.0+b11/seq_utils/read_matrix.c:132:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(base_order);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:620:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(word);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:687:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, tmp, textptr - tmp);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:707:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (r_enzyme.name = (char *)xmalloc((strlen(name) + 1) *
data/staden-2.0.0+b11/seq_utils/renz_utils.c:722:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res_seq_len = strlen(res_seq[j]);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:770:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, strptr, textptr - strptr);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:775:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == ((*names) = (char *)xmalloc((strlen(name) + 1) *
data/staden-2.0.0+b11/seq_utils/renz_utils.c:965:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(r_enzyme[i].seq[j]), sequence_type,
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1088:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inseq_len = strlen(in_seq);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1439:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (cut_site > (int)strlen(seq)) {
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1441:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(seq); i < cut_site; i++)
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1446:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newseq, seq, cut_site);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1449:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(newseq, &seq[cut_site], strlen(seq) - cut_site);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1449:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(newseq, &seq[cut_site], strlen(seq) - cut_site);
data/staden-2.0.0+b11/seq_utils/renz_utils.c:1465:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(r_enzyme[i].seq[j]);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:151:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(line) > 3) && (strstr(line," .."))) return 1;
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:179:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( (strlen(line) > 3) && (strstr(line," ..")))
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:433:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (qual);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:476:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qua_expr[strlen(qua_expr) - 1] = 0;
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:479:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qua_expr[strlen(qua_expr) - 1] != '"' &&
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:482:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qua_expr[strlen(qua_expr) - 1] = 0;
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:483:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(qua_expr, " ");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:485:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qua_expr[strlen(qua_expr) - 1] = 0;
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:492:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (int)strlen(feat_quas[k]) > current_qlen)
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:493:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_qlen = strlen(feat_quas[k]);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:498:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qual[k]) + 1 +
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:499:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qua_expr) +
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:503:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(qual[k]) > 1)
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:504:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(qual[k],"?");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:601:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (t = (char *)xmalloc((strlen(range) + 1)*sizeof(char)))) return -1;
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:679:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (1 != sscanf(line, "ID %20s\n", *identifier)) {
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:718:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max(k, (int)strlen(feat_key[i])))) {
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:721:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(loc_expr) + 1
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:722:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(&line[21]) + 1);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:724:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loc_expr[strlen(loc_expr) - 1] = 0;
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:732:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp)-1] = 0;
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:735:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(loc_expr) + 1
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:736:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(tmp) + 1);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:953:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(line) > 3) && (strstr(line," .."))) {
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1225:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "ID %20s\n", identifier[cnt]) == 1) {
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1234:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "LOCUS %14s\n", identifier[cnt]) == 1) {
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1242:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, ">%50s\n", identifier[cnt]) == 1) {
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1252:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "<%18s>", identifier[cnt]) == 1) {
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1281:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (locexpr1=(char*)xmalloc((strlen(locexpr)+1)*sizeof(char))))
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1283:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (locexpr2=(char*)xmalloc((strlen(locexpr)+1)*sizeof(char))))
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1285:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (tmp=(char*)xmalloc((strlen(locexpr)+1)*sizeof(char))))
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1314:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(type_range, "n");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1343:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(type_range,"n");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1368:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
locleng=strlen(locexpr);
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1369:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (a = (char*)xmalloc((strlen(locexpr)+1)*sizeof(char))))
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1371:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (b = (char*)xmalloc((strlen(locexpr)+1)*sizeof(char))))
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1421:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (locexpr1 = (char*)xmalloc((strlen(locexpr)+1)*sizeof(char))))
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1423:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (locexpr2 = (char*)xmalloc((strlen(locexpr)+1)*sizeof(char))))
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1425:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (tmp1 =( char*)xmalloc((strlen(locexpr)+1)*sizeof(char))))
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1430:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(type_range, "c");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1437:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(type_range,"n");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1447:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(type_range,"c");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1451:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(type_range,"n");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1463:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(type_range, "c");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1468:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(type_range,"n");
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1525:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(key_index[i][k].qualifier[j])>1) fprintf(pw,"%s %s",
data/staden-2.0.0+b11/seq_utils/sequence_formats.c:1560:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(key_index[i][k].qualifier[j])>1) vmessage("%s",
data/staden-2.0.0+b11/spin/codon_content.c:194:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
edge_length = strlen ( edge );
data/staden-2.0.0+b11/spin/codon_content.c:285:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
edge_length = strlen ( edge );
data/staden-2.0.0+b11/spin/codon_content.c:937:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
edge_length = strlen ( edge );
data/staden-2.0.0+b11/spin/codon_content.c:1088:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
edge_length = strlen ( edge );
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:656:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(fp) == 'P') {
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:745:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(colour)+1) *
data/staden-2.0.0+b11/spin/emboss_input_funcs.c:955:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(colour)+1) *
data/staden-2.0.0+b11/spin/init.c:23:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c, "2");
data/staden-2.0.0+b11/spin/nip_cmds.c:1299:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-1] = 0;
data/staden-2.0.0+b11/spin/nip_cmds.c:1304:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prot_len = strlen(prot_seq);
data/staden-2.0.0+b11/spin/nip_cmds.c:2067:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(subseq);
data/staden-2.0.0+b11/spin/nip_cmds.c:2092:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (range_seq=(char*)xmalloc((strlen(dnaseq))*sizeof(char))))
data/staden-2.0.0+b11/spin/nip_cmds.c:2094:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (sub_seq=(char*)xmalloc((strlen(dnaseq))*sizeof(char))))
data/staden-2.0.0+b11/spin/nip_cmds.c:2096:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(sub_seq, "");
data/staden-2.0.0+b11/spin/nip_cmds.c:2104:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(range_seq, &dnaseq[start_pos-1], end_pos - start_pos+1);
data/staden-2.0.0+b11/spin/nip_cmds.c:2107:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) complement_seq( range_seq, strlen(range_seq));
data/staden-2.0.0+b11/spin/nip_cmds.c:2111:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) complement_seq(sub_seq, strlen(sub_seq));
data/staden-2.0.0+b11/spin/nip_gene_search.c:498:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "");
data/staden-2.0.0+b11/spin/nip_string_search.c:231:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(input->string);
data/staden-2.0.0+b11/spin/nip_string_search.c:242:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq_match, &sequence[pos-1], string_length);
data/staden-2.0.0+b11/spin/nip_string_search.c:350:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(string);
data/staden-2.0.0+b11/spin/raster_cmds.c:82:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(args.colour)+1) *
data/staden-2.0.0+b11/spin/seq_raster.c:815:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(cursor->colour)+1) * sizeof(char))))
data/staden-2.0.0+b11/spin/seq_raster.c:2040:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(GetRasterColour(interp,
data/staden-2.0.0+b11/spin/seq_raster.c:2405:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(GetRasterColour(interp, rasterold, output->env_index))+1)
data/staden-2.0.0+b11/spin/seq_raster.c:3730:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(colour)+1) *
data/staden-2.0.0+b11/spin/seq_raster.c:4005:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(colour)+1) *
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:172:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(l = strlen(ops)) {
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:233:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(l = strlen(ops)) {
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1003:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(seq);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1043:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(seq) == end - start + 1) {
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1047:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cds_len = strlen(key_index[i][k].cdsexpr);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1065:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qua_len = strlen(key_index[i][k].qualifier[j]);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1579:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sequence, seq, seq_len);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1604:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == (type = get_seq_type(sequence, strlen(sequence)))) {
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:1645:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(identifier)+10)))){
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:2220:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sequence, seq, seq_len);
data/staden-2.0.0+b11/spin/seq_reg_cmds.c:2751:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c, "2");
data/staden-2.0.0+b11/spin/seq_results.c:186:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (seqs[seq_num].identifier = (char *)xmalloc((strlen(identifier)+1) *
data/staden-2.0.0+b11/spin/seq_results.c:270:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == (seq_type = get_seq_type(sequence, strlen(sequence))))
data/staden-2.0.0+b11/spin/seq_results.c:277:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (seqs[seq_num].seq->name = (char *)xmalloc((strlen(name)+1) *
data/staden-2.0.0+b11/spin/seq_results.c:281:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (seqs[seq_num].identifier = (char *)xmalloc((strlen(identifier)+1) *
data/staden-2.0.0+b11/spin/seq_results.c:289:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seqs[seq_num].seq->seq_len = strlen(sequence);
data/staden-2.0.0+b11/spin/seq_results.c:431:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(tmp)+1)*sizeof(char ))))
data/staden-2.0.0+b11/spin/seq_results.c:440:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(tmp)+1)*sizeof(char ))))
data/staden-2.0.0+b11/spin/seq_results.c:690:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(GetSeqName(seq_num))+20)
data/staden-2.0.0+b11/spin/seq_results.c:721:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq2, &seq1[start-1], end - start + 1);
data/staden-2.0.0+b11/spin/seq_results.c:727:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(parental_name)+20) *
data/staden-2.0.0+b11/spin/seq_results.c:748:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(child_name)+3) *
data/staden-2.0.0+b11/spin/seq_results.c:786:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(parental_name)+3) *
data/staden-2.0.0+b11/spin/seq_results.c:806:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(child_name)+3) *
data/staden-2.0.0+b11/spin/seq_results.c:856:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(parental_name)+3) *
data/staden-2.0.0+b11/spin/seq_results.c:875:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(child_name)+3) *
data/staden-2.0.0+b11/spin/seq_results.c:919:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (new_name = (char *)xmalloc(strlen(GetSeqName(seq_num))
data/staden-2.0.0+b11/spin/seq_results.c:937:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(parental_name)+28)
data/staden-2.0.0+b11/spin/seq_results.c:941:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_name, parental_name, (ptr - parental_name));
data/staden-2.0.0+b11/spin/seq_results.c:964:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(child_name)+15) *
data/staden-2.0.0+b11/spin/seq_results.c:967:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (new_name = (char *)xmalloc(strlen(GetSeqName(seq_num))
data/staden-2.0.0+b11/spin/seq_results.c:974:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_name, child_name, (ptr - child_name));
data/staden-2.0.0+b11/spin/seq_results.c:1018:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(parental_name)+7) *
data/staden-2.0.0+b11/spin/seq_results.c:1037:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(child_name)+7) *
data/staden-2.0.0+b11/spin/seq_results.c:1081:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(parental_name)+13) *
data/staden-2.0.0+b11/spin/seq_results.c:1100:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(child_name)+13) *
data/staden-2.0.0+b11/spin/seq_results.c:1140:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(parental_name)+13) *
data/staden-2.0.0+b11/spin/seq_results.c:1159:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name = (char *)xmalloc((strlen(child_name)+13) *
data/staden-2.0.0+b11/spin/seq_sendto.c:113:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(job, "{");
data/staden-2.0.0+b11/spin/seq_sendto.c:130:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(job, "}");
data/staden-2.0.0+b11/spin/seqed.c:88:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seqed_add_sequence(se, strlen(sequence), sequence, seq_name,
data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.c:129:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(r_enzyme[(*r1).enz_name].name) <
data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.c:130:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(r_enzyme[(*r2).enz_name].name)))
data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.c:132:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(r_enzyme[(*r1).enz_name].name) ==
data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.c:133:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(r_enzyme[(*r2).enz_name].name)))
data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.c:174:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int seq_len = strlen(seq) - 4;
data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.c:231:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(sequence);
data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.c:310:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(r_enzyme[match[i].enz_name].name);
data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.c:454:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(se->r_enzyme[i].name);
data/staden-2.0.0+b11/spin/seqed_restriction_enzymes.c:455:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(se->r_enzyme[i].seq[j]);
data/staden-2.0.0+b11/spin/seqed_search.c:98:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(string);
data/staden-2.0.0+b11/spin/seqed_search.c:149:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_matches = iubc_inexact_match(sequence, seq_len, string, strlen(string),
data/staden-2.0.0+b11/spin/seqed_search.c:161:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq_match, &sequence[pos[i]-1], string_length);
data/staden-2.0.0+b11/spin/seqed_write.c:22:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, sequence, line_length);
data/staden-2.0.0+b11/spin/seqed_write.c:46:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, &tmp[9+pos%10], line_length);
data/staden-2.0.0+b11/spin/seqed_write.c:59:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, sequence, line_length);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:322:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str, &tmp2[0], width);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:324:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str, &tmp2[seq1_left%10+10], width);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:348:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str, &tmp2[0], width);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:350:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str, &tmp2[seq2_left%10+10], width);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:361:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str, &seq1[0], width + seq1_left);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:368:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str, &seq1[seq1_left], width);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:372:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_str[strlen(tmp_str)] = ' ';
data/staden-2.0.0+b11/spin/sequence_pair_display.c:386:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str, &seq2[0], width + seq2_left);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:393:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str, &seq2[seq2_left], width);
data/staden-2.0.0+b11/spin/sequence_pair_display.c:397:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_str[strlen(tmp_str)] = ' ';
data/staden-2.0.0+b11/spin/sequence_pair_display.c:530:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_len = strlen(seq1);
data/staden-2.0.0+b11/spin/sim.c:297:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (n = 0; (c = getc(qp)) != EOF; )
data/staden-2.0.0+b11/spin/sip_align.c:385:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int seq_len = strlen(sequence);
data/staden-2.0.0+b11/spin/sip_align.c:387:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (name1 = (char *)xmalloc((strlen(name)+10)*sizeof(char)))) {
data/staden-2.0.0+b11/spin/sip_align.c:585:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(colour)+1) *
data/staden-2.0.0+b11/spin/sip_cmds.c:353:59: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
{"-mismatch", ARG_INT, 1, NULL, offsetof(align_seqs_arg, mismatch)},
data/staden-2.0.0+b11/spin/sip_cmds.c:368:14: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
args.mismatch, args.start_gap,
data/staden-2.0.0+b11/spin/sip_cmds.c:964:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c, "2");
data/staden-2.0.0+b11/spin/sip_find_identity.c:320:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_str, &seq1[data->p_array[i].x - 1],
data/staden-2.0.0+b11/spin/sip_find_identity.c:739:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(colour)+1) *
data/staden-2.0.0+b11/spin/sip_quick_scan.c:669:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(colour)+1) *
data/staden-2.0.0+b11/spin/sip_results.c:196:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(to->name, from->name, FILENAME_MAX);
data/staden-2.0.0+b11/spin/sip_sim.c:735:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(colour)+1) *
data/staden-2.0.0+b11/spin/sip_similar_spans.c:383:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(r_seq1, seq1, data->win_len - num_spaces);
data/staden-2.0.0+b11/spin/sip_similar_spans.c:389:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(r_seq2, seq2, data->win_len - num_spaces);
data/staden-2.0.0+b11/spin/sip_similar_spans.c:392:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r_seq1, &seq1[data->p_array[i].x-1], data->win_len);
data/staden-2.0.0+b11/spin/sip_similar_spans.c:395:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r_seq2, &seq2[(int)data->p_array[i].y-1], data->win_len);
data/staden-2.0.0+b11/spin/sip_similar_spans.c:669:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (opts[1] = (char *)xmalloc((strlen(colour)+1) *
data/staden-2.0.0+b11/spin/sip_structs.h:52:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int mismatch;
data/staden-2.0.0+b11/spin/spin_globals.c:47:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(symbol_align0, "*");
data/staden-2.0.0+b11/spin/spin_globals.c:49:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(symbol_align1, "|");
data/staden-2.0.0+b11/spin/spin_globals.c:51:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(symbol_align2, ":");
data/staden-2.0.0+b11/spin/spin_globals.c:53:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(symbol_align3, ".");
data/staden-2.0.0+b11/spin/tkSeqed.c:297:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XawSheetPutText(&se->sw, x, y, strlen(argv[4]), argv[4]);
data/staden-2.0.0+b11/stops/stops.c:324:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namlen = strlen(ent->d_name);
data/staden-2.0.0+b11/tk_utils/capture.c:54:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf, statbuf.st_size);
data/staden-2.0.0+b11/tk_utils/cli_arg.c:13:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) &store[a->offset], val, a->value-1);
data/staden-2.0.0+b11/tk_utils/container.c:124:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (*c_win = (char *)xmalloc((strlen(win) + 10) *
data/staden-2.0.0+b11/tk_utils/container.c:1241:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (*e_win = (char *)xmalloc((strlen(win)+10) * sizeof(char))))
data/staden-2.0.0+b11/tk_utils/container.c:1416:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (window = (char *)xmalloc(strlen(c_win)+strlen(e_win) *
data/staden-2.0.0+b11/tk_utils/container.c:1416:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (window = (char *)xmalloc(strlen(c_win)+strlen(e_win) *
data/staden-2.0.0+b11/tk_utils/element_canvas.c:422:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(orient, "h");
data/staden-2.0.0+b11/tk_utils/element_canvas.c:424:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(orient, "v");
data/staden-2.0.0+b11/tk_utils/init.c:106:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c, "2");
data/staden-2.0.0+b11/tk_utils/postscript.c:74:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(NULL == (options->dash = (int *) xmalloc(strlen(options->dash_str) * sizeof(int)))) {
data/staden-2.0.0+b11/tk_utils/postscript.c:223:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(t[i].text);
data/staden-2.0.0+b11/tk_utils/postscript.c:228:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(t[i].text);
data/staden-2.0.0+b11/tk_utils/split.c:12:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(NULL == (token = (char **) xmalloc(strlen(copy) * sizeof(char *)))) {
data/staden-2.0.0+b11/tk_utils/tclExtdInt.h:16:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strcpy (ckalloc (strlen (sourceStr) + 1), sourceStr))
data/staden-2.0.0+b11/tk_utils/tclXkeylist.c:224:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (key) != keyLen) {
data/staden-2.0.0+b11/tk_utils/tclXkeylist.c:390:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keyLen = strlen (key);
data/staden-2.0.0+b11/tk_utils/tclXkeylist.c:615:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (keylIntPtr->entries [idx].key));
data/staden-2.0.0+b11/tk_utils/tclXkeylist.c:753:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (keylIntPtr->entries [findIdx].key, key, keyLen);
data/staden-2.0.0+b11/tk_utils/tclXkeylist.c:792:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (keylIntPtr->entries [findIdx].key, key, keyLen);
data/staden-2.0.0+b11/tk_utils/text_output.c:131:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hname,"?");
data/staden-2.0.0+b11/tk_utils/text_output.c:134:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hname, "?");
data/staden-2.0.0+b11/tk_utils/text_output.c:211:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_DStringAppend(&message, buf, strlen(buf));
data/staden-2.0.0+b11/tk_utils/text_output.c:417:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((tmp = read(fdp[1][0], buf, 8192)) > 0) {
data/staden-2.0.0+b11/tk_utils/text_output.c:458:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = read(fdp[2][0], buf, 8192)) > 0) {
data/staden-2.0.0+b11/tk_utils/text_output.c:538:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cur_tag, "0");
data/staden-2.0.0+b11/tk_utils/text_output.c:608:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = pipe_mania(argv[2], strlen(argv[2]), argv[1], atoi(argv[3]));
data/staden-2.0.0+b11/tk_utils/text_output.c:637:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += 1 + strlen(argv[i]);
data/staden-2.0.0+b11/tk_utils/text_output.c:652:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(p, "\n");
data/staden-2.0.0+b11/tk_utils/text_output.c:654:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(p, "");
data/staden-2.0.0+b11/tk_utils/text_output.c:684:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = start_argc; i < argc-1; i+=2) len += strlen(argv[i]);
data/staden-2.0.0+b11/tk_utils/text_output.c:728:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(argv[i]);
data/staden-2.0.0+b11/tk_utils/text_output.c:740:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = bufp + strlen(bufp);
data/staden-2.0.0+b11/tk_utils/text_output.c:744:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/staden-2.0.0+b11/tk_utils/text_output.c:967:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(bufp) - strlen(name) - 2; /* "%s: ",name */
data/staden-2.0.0+b11/tk_utils/text_output.c:967:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(bufp) - strlen(name) - 2; /* "%s: ",name */
data/staden-2.0.0+b11/tk_utils/text_output.c:970:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(&bufp[l], "\n");
data/staden-2.0.0+b11/tk_utils/tkCanvGraph.c:228:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(value);
data/staden-2.0.0+b11/tk_utils/tkRaster.c:611:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[1]);
data/staden-2.0.0+b11/tk_utils/tkRasterBuiltIn.c:70:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (argv [n+2], "-style", strlen (argv [n+2])) == 0) {
data/staden-2.0.0+b11/tk_utils/tkRasterBuiltIn.c:132:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (argv [n+2], "-style", strlen (argv [n+2])) == 0) {
data/staden-2.0.0+b11/tk_utils/tkRasterBuiltIn.c:192:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (argv [n+2], "-style", strlen (argv [n+2])) == 0) {
data/staden-2.0.0+b11/tk_utils/tkSheet.c:165:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XawSheetPutText(&sw->sw, x, y, (Dimension)strlen(argv[4]), argv[4]);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:498:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sprintf(buf, "%d", tracePtr->read ? 1 : 0);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:510:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (tracePtr->read ) {
data/staden-2.0.0+b11/tk_utils/tkTrace.c:512:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read* rs = tracePtr->read;
data/staden-2.0.0+b11/tk_utils/tkTrace.c:524:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!tracePtr->read)
data/staden-2.0.0+b11/tk_utils/tkTrace.c:604:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (tracePtr->read) {
data/staden-2.0.0+b11/tk_utils/tkTrace.c:755:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (tracePtr->read) {
data/staden-2.0.0+b11/tk_utils/tkTrace.c:801:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (tracePtr->read) {
data/staden-2.0.0+b11/tk_utils/tkTrace.c:836:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (tracePtr->read) {
data/staden-2.0.0+b11/tk_utils/tkTrace.c:868:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (tracePtr->read) {
data/staden-2.0.0+b11/tk_utils/tkTrace.c:930:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (tracePtr->read) {
data/staden-2.0.0+b11/tk_utils/tkTrace.c:940:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (tracePtr->read) {
data/staden-2.0.0+b11/tk_utils/tkTrace.c:969:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, tracePtr->edBases, tracePtr->Ned);
data/staden-2.0.0+b11/tk_utils/tkTrace.c:1213:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (tracePtr->read && tracePtr->disp_offset + tracePtr->disp_width >
data/staden-2.0.0+b11/tk_utils/tkTrace.c:1228:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (tracePtr->read &&
data/staden-2.0.0+b11/tk_utils/tkTrace.c:1689:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (tracePtr->read) {
data/staden-2.0.0+b11/tk_utils/tkTrace.c:1916:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (t->xScrollCmd && t->read) {
data/staden-2.0.0+b11/tk_utils/tkTrace.c:1986:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *r = t->read;
data/staden-2.0.0+b11/tk_utils/tkTrace.h:62:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/staden-2.0.0+b11/tk_utils/tkTraceComp.c:95:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void complement_read(Read *read, int len)
data/staden-2.0.0+b11/tk_utils/tkTraceComp.c:150:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
shift_pyro_peaks(read);
data/staden-2.0.0+b11/tk_utils/tkTraceComp.c:174:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!t->read)
data/staden-2.0.0+b11/tk_utils/tkTraceComp.c:177:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
complement_read(t->read, t->Ned);
data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c:641:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( !p || !t || !t->read || (t->read->NBases==0) )
data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c:747:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tk_DrawChars(d, p, t->CursorGC, t->font, number, strlen(number),
data/staden-2.0.0+b11/tk_utils/tkTraceDisp.c:817:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( !p || !t || !t->read || (t->read->NBases==0) )
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:20:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (t->read)
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:21:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(t->read);
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:164:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *r = t->read;
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:203:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (t->read)
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:219:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
trace_pyroalign(t->read);
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:327:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->Ned = strlen(str);
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:415:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = read2exp( t->read, file );
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:470:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str( e, EFLT_ON, buf, strlen(buf) );
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:472:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str( e, EFLT_AV, buf, strlen(buf) );
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:485:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str( e, EFLT_SL, buf, strlen(buf) );
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:490:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str( e, EFLT_SR, buf, strlen(buf) );
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:530:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = write_reading( file, t->read, TT_PLN );
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:573:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_update_base_positions( t->read, t->comp, t->Ned, t->edBases, t->edPos, basePos );
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:597:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = write_reading( file, t->read, format );
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:645:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert(t->read);
data/staden-2.0.0+b11/tk_utils/tkTraceIO.c:646:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( !t || !file || !format || !t->read || !(*file) || !(*format) )
data/staden-2.0.0+b11/tk_utils/trace_print.c:20:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(NULL == t->read) {
data/staden-2.0.0+b11/tracediff/main.cpp:487:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp_put_str(pExpFile, EFLT_TG, pBuffer, std::strlen(pBuffer) );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:172:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (vector_name = (char *)malloc((strlen(s) + 1)*sizeof(char)))) return NULL;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:176:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (f_primer_seq = (char *)malloc((strlen(s) + 1)*sizeof(char)))) return NULL;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:180:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (r_primer_seq = (char *)malloc((strlen(s) + 1)*sizeof(char)))) return NULL;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:200:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen ( c ) ) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:201:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c[strlen(c)-1] = '\0';
data/staden-2.0.0+b11/vector_clip/vector_clip.c:202:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (file_name = (char *)malloc((strlen(c) + 1)*sizeof(char)))) return NULL;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:211:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
complement_seq ( f_primer_seq, strlen( f_primer_seq ));
data/staden-2.0.0+b11/vector_clip/vector_clip.c:659:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = strlen ( seq1_res );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:660:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = strlen ( seq2_res );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:855:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_length = strlen ( seq );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:859:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
primer_length = strlen(primer);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:916:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_SR, buf, strlen(buf))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1015:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_length = strlen ( seq );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1220:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_SL, buf, strlen(buf))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1226:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_SR, buf, strlen(buf))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1318:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_length = strlen ( seq );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1363:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp = strlen (seq_ptr);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1366:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub_seq_ptr = seq_ptr + strlen(seq_ptr) - primer_length_v;
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1406:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length_v = strlen(seq_ptr);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1476:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_SL, buf, strlen(buf))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1481:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_SR, buf, strlen(buf))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1490:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_PR, buf, strlen(buf))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1496:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_SF, vf_ptr, strlen(vf_ptr))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1500:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_PS, pstat, strlen(pstat))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1708:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_length = strlen ( seq );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:1832:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp = strlen (seq_ptr);
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2070:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_SL, buf, strlen(buf))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2076:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_SR, buf, strlen(buf))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2182:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_length = strlen ( seq );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2352:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_CL, buf, strlen(buf))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2358:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exp_put_str(e, EFLT_CR, buf, strlen(buf))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2377:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("all cloning vector"))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2755:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_length = strlen ( seq );
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2796:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("no SF for vector rearrangement"))) {
data/staden-2.0.0+b11/vector_clip/vector_clip.c:2925:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("vector rearrangement"))) {
ANALYSIS SUMMARY:
Hits = 5381
Lines analyzed = 373157 in approximately 9.70 seconds (38463 lines/second)
Physical Source Lines of Code (SLOC) = 254305
Hits@level = [0] 3344 [1] 1227 [2] 3002 [3] 105 [4] 1045 [5] 2
Hits@level+ = [0+] 8725 [1+] 5381 [2+] 4154 [3+] 1152 [4+] 1047 [5+] 2
Hits/KSLOC@level+ = [0+] 34.3092 [1+] 21.1596 [2+] 16.3347 [3+] 4.52999 [4+] 4.1171 [5+] 0.00786457
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.