Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/subread-2.0.1+dfsg/src/sorted-hashtable.c
Examining data/subread-2.0.1+dfsg/src/mergeVCF.c
Examining data/subread-2.0.1+dfsg/src/samMappedBases.c
Examining data/subread-2.0.1+dfsg/src/interval_merge.c
Examining data/subread-2.0.1+dfsg/src/del4-mmap-test.c
Examining data/subread-2.0.1+dfsg/src/seek-zlib.h
Examining data/subread-2.0.1+dfsg/src/exon-algorithms.h
Examining data/subread-2.0.1+dfsg/src/subread.h
Examining data/subread-2.0.1+dfsg/src/gene-algorithms.c
Examining data/subread-2.0.1+dfsg/src/test-fisher.c
Examining data/subread-2.0.1+dfsg/src/filterJunctionTable.c
Examining data/subread-2.0.1+dfsg/src/propmapped.c
Examining data/subread-2.0.1+dfsg/src/tx-unique.h
Examining data/subread-2.0.1+dfsg/src/input-blc.h
Examining data/subread-2.0.1+dfsg/src/sam2fq.c
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.h
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.h
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMhelper.h
Examining data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.h
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMhashtable.h
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.c
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMhelper.c
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.h
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.h
Examining data/subread-2.0.1+dfsg/src/longread-one/LRMhashtable.c
Examining data/subread-2.0.1+dfsg/src/long-hashtable.h
Examining data/subread-2.0.1+dfsg/src/zlib_test.c
Examining data/subread-2.0.1+dfsg/src/test_qs.c
Examining data/subread-2.0.1+dfsg/src/input-files.h
Examining data/subread-2.0.1+dfsg/src/removeDupReads.c
Examining data/subread-2.0.1+dfsg/src/HelperFunctions.h
Examining data/subread-2.0.1+dfsg/src/detection-calls.c
Examining data/subread-2.0.1+dfsg/src/input-blc.c
Examining data/subread-2.0.1+dfsg/src/seek-zlib.c
Examining data/subread-2.0.1+dfsg/src/sublog.c
Examining data/subread-2.0.1+dfsg/src/SUBindel.c
Examining data/subread-2.0.1+dfsg/src/fusion-align.c
Examining data/subread-2.0.1+dfsg/src/gen_rand_reads.c
Examining data/subread-2.0.1+dfsg/src/subtools.c
Examining data/subread-2.0.1+dfsg/src/subfilter.c
Examining data/subread-2.0.1+dfsg/src/exon-align-indel.c
Examining data/subread-2.0.1+dfsg/src/aligner.c
Examining data/subread-2.0.1+dfsg/src/sublog.h
Examining data/subread-2.0.1+dfsg/src/core-bigtable.c
Examining data/subread-2.0.1+dfsg/src/gene-value-index.h
Examining data/subread-2.0.1+dfsg/src/interval_merge.h
Examining data/subread-2.0.1+dfsg/src/core-indel.h
Examining data/subread-2.0.1+dfsg/src/input-files.c
Examining data/subread-2.0.1+dfsg/src/core.h
Examining data/subread-2.0.1+dfsg/src/fullscan.c
Examining data/subread-2.0.1+dfsg/src/core-interface-aligner.c
Examining data/subread-2.0.1+dfsg/src/core.c
Examining data/subread-2.0.1+dfsg/src/core-junction.h
Examining data/subread-2.0.1+dfsg/src/long-hashtable.c
Examining data/subread-2.0.1+dfsg/src/core-indel.c
Examining data/subread-2.0.1+dfsg/src/global-reassembly.c
Examining data/subread-2.0.1+dfsg/src/qualityScores.c
Examining data/subread-2.0.1+dfsg/src/SNPCalling.h
Examining data/subread-2.0.1+dfsg/src/SNPCalling.c
Examining data/subread-2.0.1+dfsg/src/core-bigtable.h
Examining data/subread-2.0.1+dfsg/src/core-interface-subjunc.c
Examining data/subread-2.0.1+dfsg/src/build-sam-index.c
Examining data/subread-2.0.1+dfsg/src/coverage_calc.c
Examining data/subread-2.0.1+dfsg/src/test-seek-zlib.c
Examining data/subread-2.0.1+dfsg/src/exon-algorithms.c
Examining data/subread-2.0.1+dfsg/src/tx-unique.c
Examining data/subread-2.0.1+dfsg/src/exon-align.c
Examining data/subread-2.0.1+dfsg/src/read-repair.c
Examining data/subread-2.0.1+dfsg/src/index-builder.c
Examining data/subread-2.0.1+dfsg/src/hashtable.h
Examining data/subread-2.0.1+dfsg/src/gene-value-index.c
Examining data/subread-2.0.1+dfsg/src/flattenAnnotations.c
Examining data/subread-2.0.1+dfsg/src/gen_long_chromosomes.c
Examining data/subread-2.0.1+dfsg/src/removeDupReads.h
Examining data/subread-2.0.1+dfsg/src/core-junction.c
Examining data/subread-2.0.1+dfsg/src/hashtable.c
Examining data/subread-2.0.1+dfsg/src/sorted-hashtable.h
Examining data/subread-2.0.1+dfsg/src/sambam-file.h
Examining data/subread-2.0.1+dfsg/src/sambam-file.c
Examining data/subread-2.0.1+dfsg/src/readSummary.c
Examining data/subread-2.0.1+dfsg/src/HelperFunctions.c
Examining data/subread-2.0.1+dfsg/src/gene-algorithms.h
FINAL RESULTS:
data/subread-2.0.1+dfsg/src/readSummary.c:4056:10: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(final_feture_names, (char *)final_feture_name, GENE_NAME_LIST_BUFFER_SIZE-1);
data/subread-2.0.1+dfsg/src/readSummary.c:4057:10: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(final_feture_names, ",", GENE_NAME_LIST_BUFFER_SIZE-1);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:295:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mem_chro, chro_name);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:773:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
tmp = strcpy(tmp, with) + len_with;
data/subread-2.0.1+dfsg/src/HelperFunctions.c:776:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, orig);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:919:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, it->ifr_name);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1244:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(anno_chr_buf, anno_chr);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1246:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sam_chr_buf, sam_chr);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1269:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((*lineptr) + strlen(*lineptr), "\"%s\" ", argv[c]);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1921:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ofp, fmt, args);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1977:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf( obuf, MSGQU_LINE_SIZE, fmt, args );
data/subread-2.0.1+dfsg/src/HelperFunctions.c:2105:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(&str[i], SSCANF_FORMAT_STR, &tmp);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:2127:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(&str[i], SPRINTF_FORMAT_STR, n->array[j]);
data/subread-2.0.1+dfsg/src/SNPCalling.c:625:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_name , "%s%s-%04u.bin", temp_prefix, chro_name, block_no);
data/subread-2.0.1+dfsg/src/SNPCalling.c:678:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_name , "%sBGC-%s-%04u.bin", temp_prefix, chro_name, block_no);
data/subread-2.0.1+dfsg/src/SNPCalling.c:879:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(supporting_list,int_buf);
data/subread-2.0.1+dfsg/src/SNPCalling.c:885:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(supporting_list, int_buf);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1334:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_suffix , _EXSNP_SNP_delete_temp_prefix + last_slash + 1);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1339:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_suffix , _EXSNP_SNP_delete_temp_prefix);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1355:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_name, del2);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1357:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(del_name, dir->d_name);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1414:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(table_fn,"%s.00.b.array", parameters->subread_index);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1438:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp_file_prefix, parameters->pile_file_name);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1450:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_prefix, "%s/temp-snps-%06u-%s-", temp_location, getpid(), mac_rand);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1473:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_prefix2, "%sBGC-", temp_file_prefix);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1483:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qfname, "%s.qStatic", temp_file_prefix);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1672:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parameters.background_input_file, optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1675:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parameters.known_SNP_vcf, optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1759:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parameters.pile_file_name, optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1763:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parameters.subread_index, optarg);
data/subread-2.0.1+dfsg/src/SUBindel.c:66:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.reads", context->config.index_prefix);
data/subread-2.0.1+dfsg/src/SUBindel.c:75:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.00.c.tab", context->config.index_prefix);
data/subread-2.0.1+dfsg/src/SUBindel.c:77:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.00.b.tab", context->config.index_prefix);
data/subread-2.0.1+dfsg/src/SUBindel.c:87:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.%02d.%c.tab", context->config.index_prefix, context->index_block_number, context->config.space_type == GENE_SPACE_COLOR?'c':'b');
data/subread-2.0.1+dfsg/src/SUBindel.c:110:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.%02d.%c.array", global_context->config.index_prefix, block_no, global_context->config.space_type == GENE_SPACE_COLOR?'c':'b');
data/subread-2.0.1+dfsg/src/SUBindel.c:250:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mate_chro, chro_name);
data/subread-2.0.1+dfsg/src/core-bigtable.c:266:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(static_key, "%s:%u", chro, curr_key_pos);
data/subread-2.0.1+dfsg/src/core-bigtable.c:284:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dynamic_key, static_key);
data/subread-2.0.1+dfsg/src/core-bigtable.c:320:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(static_key, "%s:%u", chro, my_key_pos);
data/subread-2.0.1+dfsg/src/core-indel.c:1313:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp_chro_name, chro_name);
data/subread-2.0.1+dfsg/src/core-indel.c:1319:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sort_key, "%s:%s", gene_name, chro_name);
data/subread-2.0.1+dfsg/src/core-indel.c:1366:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mm_sort_key, sort_key);
data/subread-2.0.1+dfsg/src/core-indel.c:1989:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstr, "OCT27-STEPDD-IR %s %d %d~%d ", read_name, dyna_steps, last_correct_base, first_correct_base);
data/subread-2.0.1+dfsg/src/core-indel.c:2314:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn2, "%s.indel.vcf", global_context->config.output_prefix);
data/subread-2.0.1+dfsg/src/core-indel.c:2373:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alt_bases+1,inserted_bases);
data/subread-2.0.1+dfsg/src/core-indel.c:2374:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(alt_bases,ref_bases+1);
data/subread-2.0.1+dfsg/src/core-indel.c:2524:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_name,"%s@%s-%04u.bin", global_context -> config.temp_file_prefix, chro_name , chro_offset / BASE_BLOCK_LENGTH );
data/subread-2.0.1+dfsg/src/core-indel.c:2922:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ori, next_read_txt);
data/subread-2.0.1+dfsg/src/core-indel.c:3280:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(block_context -> rebuilt_window , next_read_txt + strlen(next_read_txt) - new_bases - high_quality_offset);
data/subread-2.0.1+dfsg/src/core-indel.c:3283:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(block_context -> rebuilt_window , next_read_txt + strlen(next_read_txt) - new_bases);
data/subread-2.0.1+dfsg/src/core-indel.c:3345:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block_context -> final_alleles[xk1].rebuilt_window , block_context -> rebuilt_window);
data/subread-2.0.1+dfsg/src/core-indel.c:4047:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sequence_for_hash, read_text);
data/subread-2.0.1+dfsg/src/core-indel.c:4132:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_rebuilt_window, first_half_alleles [first_allele_no]. rebuilt_window);
data/subread-2.0.1+dfsg/src/core-indel.c:4133:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(full_rebuilt_window, start_read_txt);
data/subread-2.0.1+dfsg/src/core-indel.c:4134:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(full_rebuilt_window, second_half_alleles[second_allele_no].rebuilt_window);
data/subread-2.0.1+dfsg/src/core-indel.c:4342:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname,"%s.reassembly.fa", global_context->config.output_prefix);
data/subread-2.0.1+dfsg/src/core-indel.c:4354:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_name,"%s@%s-%04u.bin", global_context -> config.temp_file_prefix, global_context -> chromosome_table.read_names+chro_i*MAX_CHROMOSOME_NAME_LEN , block_no );
data/subread-2.0.1+dfsg/src/core-indel.c:4421:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_suffix , _COREMAIN_delete_temp_prefix + last_slash + 1);
data/subread-2.0.1+dfsg/src/core-indel.c:4426:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_suffix , _COREMAIN_delete_temp_prefix);
data/subread-2.0.1+dfsg/src/core-indel.c:4442:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_name, del2);
data/subread-2.0.1+dfsg/src/core-indel.c:4444:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(del_name, dir->d_name);
data/subread-2.0.1+dfsg/src/core-indel.c:4628:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(context->config.temp_file_prefix+strlen(context->config.temp_file_prefix), "/core-temp-sum-%06u-%s", getpid(), mac_rand );
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:506:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context->config.read_group_id, optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:511:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(global_context->config.read_group_txt, optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:615:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context->config.exon_annotation_file_screen_out, optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:511:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context->config.read_group_id, optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:516:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(global_context->config.read_group_txt, optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:640:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context->config.exon_annotation_file_screen_out, optarg);
data/subread-2.0.1+dfsg/src/core-junction.c:3104:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cigar_piece, cigar_tiny);
data/subread-2.0.1+dfsg/src/core-junction.c:3111:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cigar_piece, cigar_tiny);
data/subread-2.0.1+dfsg/src/core-junction.c:3115:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cigar_piece, cigar_tiny);
data/subread-2.0.1+dfsg/src/core-junction.c:3124:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_cigar_tmp, cigar_piece);
data/subread-2.0.1+dfsg/src/core-junction.c:3131:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cigar_string, new_cigar_tmp);
data/subread-2.0.1+dfsg/src/core-junction.c:3303:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp_cigar, piece_cigar);
data/subread-2.0.1+dfsg/src/core-junction.c:3380:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(realign_res -> cigar_string, tmp_cigar);
data/subread-2.0.1+dfsg/src/core-junction.c:3576:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(positive_read, read_text) ;
data/subread-2.0.1+dfsg/src/core-junction.c:4132:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn2,"%s.breakpoints.vcf", global_context->config.output_prefix);
data/subread-2.0.1+dfsg/src/core-junction.c:4175:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(alt_base,"%c%s:%u%c%c", bkt, chro_name_right, chro_pos_right, bkt, ref_base);
data/subread-2.0.1+dfsg/src/core-junction.c:4177:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(alt_base,"%c%c%s:%u%c", ref_base, bkt, chro_name_right, chro_pos_right, bkt);
data/subread-2.0.1+dfsg/src/core-junction.c:4185:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(alt_base,"%c%s:%u%c%c", bkt, chro_name_left, chro_pos_left, bkt, ref_base);
data/subread-2.0.1+dfsg/src/core-junction.c:4187:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(alt_base,"%c%c%s:%u%c", ref_base, bkt, chro_name_left, chro_pos_left, bkt);
data/subread-2.0.1+dfsg/src/core-junction.c:4279:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn2,"%s.junction.bed", global_context->config.output_prefix);
data/subread-2.0.1+dfsg/src/core-junction.c:4391:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inb, read_text);
data/subread-2.0.1+dfsg/src/core-junction.c:4392:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qualityb, qualityb0);
data/subread-2.0.1+dfsg/src/core.c:139:15: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE* pipe = popen(cmd, "r");
data/subread-2.0.1+dfsg/src/core.c:149:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outstr+out_ptr, linebuf);
data/subread-2.0.1+dfsg/src/core.c:171:20: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
int content_len = vsprintf(content, pattern, args);
data/subread-2.0.1+dfsg/src/core.c:178:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_line_buff, content + seg_i);
data/subread-2.0.1+dfsg/src/core.c:251:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_line_buff,is_boundary==1?"//":"\\\\");
data/subread-2.0.1+dfsg/src/core.c:254:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_line_buff,is_boundary==1?"\\\\":"//");
data/subread-2.0.1+dfsg/src/core.c:265:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_line_buff,is_boundary==1?"//":"\\\\");
data/subread-2.0.1+dfsg/src/core.c:268:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out_line_buff+strlen(out_line_buff)," %s ", content);
data/subread-2.0.1+dfsg/src/core.c:271:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_line_buff,is_boundary==1?"\\\\":"//");
data/subread-2.0.1+dfsg/src/core.c:298:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_line_buff,spaces);
data/subread-2.0.1+dfsg/src/core.c:302:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_line_buff,content);
data/subread-2.0.1+dfsg/src/core.c:318:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_line_buff,content);
data/subread-2.0.1+dfsg/src/core.c:321:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_line_buff,content+col1w+2);
data/subread-2.0.1+dfsg/src/core.c:325:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out_line_buff,content);
data/subread-2.0.1+dfsg/src/core.c:334:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out_line_buff+strlen(out_line_buff)," %c[0m%s", CHAR_ESC , spaces + (78 - right_spaces + 1));
data/subread-2.0.1+dfsg/src/core.c:350:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sumname, "%s.summary", global_context->config.output_prefix);
data/subread-2.0.1+dfsg/src/core.c:745:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(global_context->config.temp_file_prefix, "%s/core-temp-sum-%06u-%05u", optarg, getpid(), myrand_rand()
data/subread-2.0.1+dfsg/src/core.c:753:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context->config.exon_annotation_file, optarg);
data/subread-2.0.1+dfsg/src/core.c:983:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_name, "%s.sam", global_context->config.temp_file_prefix);
data/subread-2.0.1+dfsg/src/core.c:1043:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, temp_file_name);
data/subread-2.0.1+dfsg/src/core.c:1061:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_name, "%s-%d.fq", global_context->config.temp_file_prefix, half_n);
data/subread-2.0.1+dfsg/src/core.c:1081:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, temp_file_name);
data/subread-2.0.1+dfsg/src/core.c:1413:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cigar, cigar_added);
data/subread-2.0.1+dfsg/src/core.c:1435:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r-> current_cigar_decompress, current_result -> cigar_string);
data/subread-2.0.1+dfsg/src/core.c:1449:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->cigar, r -> current_cigar_decompress);
data/subread-2.0.1+dfsg/src/core.c:1464:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->out_cigars[0], output_context->out_cigar_buffer[0]);
data/subread-2.0.1+dfsg/src/core.c:1469:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->out_cigars[xk1], output_context->out_cigar_buffer[xk1]);
data/subread-2.0.1+dfsg/src/core.c:1480:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(r->additional_information + strlen(r->additional_information), "\tCG:Z:%s\tCP:i:%u\tCT:Z:%c\tCC:Z:%s", r->out_cigars[xk1] , max(1,chimeric_pos + soft_clipping_movement + 1), strand_xor?'-':'+' , chimaric_chr );
data/subread-2.0.1+dfsg/src/core.c:1487:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->cigar , r->out_cigars[0]);
data/subread-2.0.1+dfsg/src/core.c:2092:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(extra_additional_1 + extra_additional_1_ptr, rec1->additional_information);
data/subread-2.0.1+dfsg/src/core.c:2104:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(extra_additional_2 + extra_additional_2_ptr, rec2->additional_information);
data/subread-2.0.1+dfsg/src/core.c:2511:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(repeated_buffer_cigar[*repeated_count], r1_cigar);
data/subread-2.0.1+dfsg/src/core.c:2512:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(repeated_buffer_cigar[1 + *repeated_count], r2_cigar);
data/subread-2.0.1+dfsg/src/core.c:2591:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(raw_read_text_1, read_text_1);
data/subread-2.0.1+dfsg/src/core.c:2592:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(raw_qual_text_1, qual_text_1);
data/subread-2.0.1+dfsg/src/core.c:2596:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(raw_read_text_2, read_text_2);
data/subread-2.0.1+dfsg/src/core.c:2597:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(raw_qual_text_2, qual_text_2);
data/subread-2.0.1+dfsg/src/core.c:2800:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_text_1, raw_read_text_1);
data/subread-2.0.1+dfsg/src/core.c:2801:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_text_2, raw_read_text_2);
data/subread-2.0.1+dfsg/src/core.c:2802:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qual_text_1, raw_qual_text_1);
data/subread-2.0.1+dfsg/src/core.c:2803:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qual_text_2, raw_qual_text_2);
data/subread-2.0.1+dfsg/src/core.c:2972:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_text_1, raw_read_text_1);
data/subread-2.0.1+dfsg/src/core.c:2973:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_text_2, raw_read_text_2);
data/subread-2.0.1+dfsg/src/core.c:2974:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qual_text_1, raw_qual_text_1);
data/subread-2.0.1+dfsg/src/core.c:2975:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qual_text_2, raw_qual_text_2);
data/subread-2.0.1+dfsg/src/core.c:2998:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_text_1, raw_read_text_1);
data/subread-2.0.1+dfsg/src/core.c:2999:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_text_2, raw_read_text_2);
data/subread-2.0.1+dfsg/src/core.c:3000:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qual_text_1, raw_qual_text_1);
data/subread-2.0.1+dfsg/src/core.c:3001:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qual_text_2, raw_qual_text_2);
data/subread-2.0.1+dfsg/src/core.c:3598:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.%02d.%c.array", global_context->config.index_prefix, block_no, global_context->config.space_type == GENE_SPACE_COLOR?'c':'b');
data/subread-2.0.1+dfsg/src/core.c:3615:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.%02d.%c.tab", global_context->config.index_prefix, global_context->current_index_block_number, global_context->config.space_type == GENE_SPACE_COLOR?'c':'b');
data/subread-2.0.1+dfsg/src/core.c:3620:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.%02d.%c.array", global_context->config.index_prefix, global_context->current_index_block_number, global_context->config.space_type == GENE_SPACE_COLOR?'c':'b');
data/subread-2.0.1+dfsg/src/core.c:3878:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(header_buff, "@HD\tVN:1.0\tSO:%s", sorting_str);
data/subread-2.0.1+dfsg/src/core.c:3963:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp_chro_name, chro_name);
data/subread-2.0.1+dfsg/src/core.c:4149:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname,"%s", context->config.output_prefix);
data/subread-2.0.1+dfsg/src/core.c:4183:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.reads", context->config.index_prefix);
data/subread-2.0.1+dfsg/src/core.c:4197:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.00.c.tab", context->config.index_prefix);
data/subread-2.0.1+dfsg/src/core.c:4199:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.00.b.tab", context->config.index_prefix);
data/subread-2.0.1+dfsg/src/core.c:4209:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.%02d.%c.tab", context->config.index_prefix, context->index_block_number, context->config.space_type == GENE_SPACE_COLOR?'c':'b');
data/subread-2.0.1+dfsg/src/core.c:4515:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(res, "%s:%u", ch, off);
data/subread-2.0.1+dfsg/src/core.c:4689:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cigar_sec, out_cigars[0]);
data/subread-2.0.1+dfsg/src/core.c:4690:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_cigars[0], out_cigars[best_match]);
data/subread-2.0.1+dfsg/src/core.c:4691:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_cigars[best_match] , cigar_sec);
data/subread-2.0.1+dfsg/src/core.c:4863:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fixed_len, flen);
data/subread-2.0.1+dfsg/src/coverage_calc.c:125:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chro, tmp_res);
data/subread-2.0.1+dfsg/src/coverage_calc.c:132:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cigar, tmp_res);
data/subread-2.0.1+dfsg/src/coverage_calc.c:194:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_chro, chro);
data/subread-2.0.1+dfsg/src/coverage_calc.c:311:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out_name,"%s-%s.bin", output_file_name, chro);
data/subread-2.0.1+dfsg/src/coverage_calc.c:372:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_file_name, optarg);
data/subread-2.0.1+dfsg/src/coverage_calc.c:375:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output_file_name, optarg);
data/subread-2.0.1+dfsg/src/detection-calls.c:173:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tna, "chr%s", chro);
data/subread-2.0.1+dfsg/src/detection-calls.c:271:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tchro, "chr%s", current_chro);
data/subread-2.0.1+dfsg/src/detection-calls.c:459:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret -> used_feature_type, optarg);
data/subread-2.0.1+dfsg/src/detection-calls.c:462:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret -> gene_id_column_name, optarg);
data/subread-2.0.1+dfsg/src/detection-calls.c:465:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret -> alias_file_name, optarg);
data/subread-2.0.1+dfsg/src/detection-calls.c:478:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret -> out_file_name, optarg);
data/subread-2.0.1+dfsg/src/detection-calls.c:481:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret -> anno_file_name, optarg);
data/subread-2.0.1+dfsg/src/detection-calls.c:484:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret -> fasta_file_name, optarg);
data/subread-2.0.1+dfsg/src/detection-calls.c:497:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(binfn,"%s-bins", ret -> out_file_name);
data/subread-2.0.1+dfsg/src/filterJunctionTable.c:75:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(chro_mem, chrostr);
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:114:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mem_gene, gene_name);
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:122:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( chro_strand, "%s\t%s\t%c", gene_name,chro_name,is_negative_strand?'-':'+');
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:344:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context.output_file_name, optarg);
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:347:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context.GTF_file_name, optarg);
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:350:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context.GTF_gene_id_column, optarg);
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:353:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context.GTF_wanted_feature_type, optarg);
data/subread-2.0.1+dfsg/src/fullscan.c:108:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_rev_str, read_str);
data/subread-2.0.1+dfsg/src/fullscan.c:114:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(table_fn, "%s.%02d.b.array", index_name, tabno);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:273:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outname, "%s.for_test.log",grc->output_prefix);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:484:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outname,"%s.faSummary", grc->output_prefix);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:560:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_name, clinebuf+1);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:689:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqname_buf, seqname);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:795:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_name, clinebuf+1);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:814:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf + lbuf_used, clinebuf );
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:854:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outname,"%s.truthCounts", grc->output_prefix);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:858:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outname,"%s_R1.fastq.gz", grc->output_prefix);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:862:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outname,"%s_R2.fastq.gz", grc->output_prefix);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:935:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grc.output_prefix, optarg);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:938:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grc.expression_level_file, optarg);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:941:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grc.transcript_fasta_file, optarg);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:957:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grc.quality_string_file, optarg);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:991:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(delfn, "%s.faSummary", grc.output_prefix);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:314:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lbuf," %c %s [", fan, hint);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:703:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, cigar_piece);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:710:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, cigar_piece);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:719:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, cigar_piece);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:753:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, cigar_piece);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:758:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, cigar_piece);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:770:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, cigar_piece);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:779:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cigar, tmp);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1493:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.reads", index_prefix);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1541:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_name_mem, offsets->read_names + n*MAX_CHROMOSOME_NAME_LEN);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2583:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ncg2, "%c%s",cc,ncg);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2589:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cigar, ncg);
data/subread-2.0.1+dfsg/src/global-reassembly.c:275:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(global_context -> tmp_file_prefix, "GRAtmp-%06d-%s", global_context -> system_pid, mac_rand);
data/subread-2.0.1+dfsg/src/global-reassembly.c:376:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.fragproperties", global_context -> tmp_file_prefix);
data/subread-2.0.1+dfsg/src/global-reassembly.c:379:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.fraglist", global_context -> tmp_file_prefix);
data/subread-2.0.1+dfsg/src/global-reassembly.c:562:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read1_tmp, new_read_start);
data/subread-2.0.1+dfsg/src/global-reassembly.c:720:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.fragproperties", global_context -> tmp_file_prefix);
data/subread-2.0.1+dfsg/src/global-reassembly.c:724:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.fraglist", global_context -> tmp_file_prefix);
data/subread-2.0.1+dfsg/src/global-reassembly.c:821:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.fraglist", global_context -> tmp_file_prefix);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1663:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.fraglist", global_context -> tmp_file_prefix);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1665:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.fragproperties", global_context -> tmp_file_prefix);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1676:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.fragproperties", global_context -> tmp_file_prefix);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1773:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context -> input_file_name, optarg);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1776:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context -> input_file_name2, optarg);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1782:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context -> output_file_name, optarg);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1797:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmptmp, optarg);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1799:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmptmp, global_context -> tmp_file_prefix);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1800:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context -> tmp_file_prefix, tmptmp);
data/subread-2.0.1+dfsg/src/index-builder.c:131:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.files", index_prefix);
data/subread-2.0.1+dfsg/src/index-builder.c:163:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fn, "%s.%02d.%c.tab", index_prefix, table_no, IS_COLOR_SPACE?'c':'b');
data/subread-2.0.1+dfsg/src/index-builder.c:168:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fn, "%s.%02d.%c.array", index_prefix, table_no, IS_COLOR_SPACE?'c':'b');
data/subread-2.0.1+dfsg/src/index-builder.c:179:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%02d.%c.tab", index_prefix, i, IS_COLOR_SPACE?'c':'b');
data/subread-2.0.1+dfsg/src/index-builder.c:181:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%02d.%c.array", index_prefix, i, IS_COLOR_SPACE?'c':'b');
data/subread-2.0.1+dfsg/src/index-builder.c:185:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fn, "%s.reads", index_prefix);
data/subread-2.0.1+dfsg/src/index-builder.c:219:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.files", index_prefix);
data/subread-2.0.1+dfsg/src/index-builder.c:273:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%02d.%c.tab", index_prefix, table_no, IS_COLOR_SPACE?'c':'b');
data/subread-2.0.1+dfsg/src/index-builder.c:277:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%02d.%c.array", index_prefix, table_no, IS_COLOR_SPACE?'c':'b');
data/subread-2.0.1+dfsg/src/index-builder.c:421:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.files", index_prefix);
data/subread-2.0.1+dfsg/src/index-builder.c:423:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.reads", index_prefix);
data/subread-2.0.1+dfsg/src/index-builder.c:427:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%02d.b.tab", index_prefix, index_i);
data/subread-2.0.1+dfsg/src/index-builder.c:429:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%02d.c.tab", index_prefix, index_i);
data/subread-2.0.1+dfsg/src/index-builder.c:431:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%02d.b.array", index_prefix, index_i);
data/subread-2.0.1+dfsg/src/index-builder.c:433:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%02d.c.array", index_prefix, index_i);
data/subread-2.0.1+dfsg/src/index-builder.c:516:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.files", index_prefix);
data/subread-2.0.1+dfsg/src/index-builder.c:874:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(read_head_buf, line_buf);
data/subread-2.0.1+dfsg/src/index-builder.c:894:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keymem, line_buf+1);
data/subread-2.0.1+dfsg/src/index-builder.c:952:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(read_head_buf, line_buf);
data/subread-2.0.1+dfsg/src/index-builder.c:1243:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(log_file_name, "%s.log", output_file);
data/subread-2.0.1+dfsg/src/input-blc.c:42:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testfile_name,data_dir);
data/subread-2.0.1+dfsg/src/input-blc.c:43:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(testfile_name, SR_PATH_SPLIT_STR);
data/subread-2.0.1+dfsg/src/input-blc.c:44:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(testfile_name, dp->d_name);
data/subread-2.0.1+dfsg/src/input-blc.c:60:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testfile_name, data_dir);
data/subread-2.0.1+dfsg/src/input-blc.c:61:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(testfile_name, SR_PATH_SPLIT_STR);
data/subread-2.0.1+dfsg/src/input-blc.c:62:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(testfile_name, dp->d_name);
data/subread-2.0.1+dfsg/src/input-blc.c:100:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testfile_name, data_dir);
data/subread-2.0.1+dfsg/src/input-blc.c:101:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(testfile_name, SR_PATH_SPLIT_STR);
data/subread-2.0.1+dfsg/src/input-blc.c:102:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(testfile_name, dp->d_name);
data/subread-2.0.1+dfsg/src/input-blc.c:108:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scancon -> filter_format_string, gen_fmt2);
data/subread-2.0.1+dfsg/src/input-blc.c:109:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(scancon -> filter_format_string, SR_PATH_SPLIT_STR);
data/subread-2.0.1+dfsg/src/input-blc.c:110:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(scancon -> filter_format_string, gen_fmt);
data/subread-2.0.1+dfsg/src/input-blc.c:122:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testfile_name, data_dir);
data/subread-2.0.1+dfsg/src/input-blc.c:123:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(testfile_name, SR_PATH_SPLIT_STR);
data/subread-2.0.1+dfsg/src/input-blc.c:124:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(testfile_name+strlen(testfile_name), gen_fmt, 1, 2+tti);
data/subread-2.0.1+dfsg/src/input-blc.c:135:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scancon -> out_format_string, gen_fmt2);
data/subread-2.0.1+dfsg/src/input-blc.c:137:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(scancon -> out_format_string, SR_PATH_SPLIT_STR);
data/subread-2.0.1+dfsg/src/input-blc.c:138:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(scancon -> out_format_string, gen_fmt);
data/subread-2.0.1+dfsg/src/input-blc.c:161:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(format_string, sct.out_format_string);
data/subread-2.0.1+dfsg/src/input-blc.c:162:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filter_format, sct.filter_format_string);
data/subread-2.0.1+dfsg/src/input-blc.c:219:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fname, blc_input -> bcl_format_string, blc_input -> current_lane, fii+1);
data/subread-2.0.1+dfsg/src/input-blc.c:238:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fname, blc_input -> filter_format_string, blc_input -> current_lane,blc_input -> current_lane);
data/subread-2.0.1+dfsg/src/input-blc.c:315:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fname, cache_input -> filter_format_string, lane_no, lane_no);
data/subread-2.0.1+dfsg/src/input-blc.c:317:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fname, cache_input -> bcl_format_string, lane_no, bcl_no+1);
data/subread-2.0.1+dfsg/src/input-files.c:371:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input->filename, dir_name);
data/subread-2.0.1+dfsg/src/input-files.c:382:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input->filename, filename);
data/subread-2.0.1+dfsg/src/input-files.c:426:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input->filename, filename);
data/subread-2.0.1+dfsg/src/input-files.c:651:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(input -> gzfa_last_name[0]) strcpy(pos -> gzfa_last_name, input -> gzfa_last_name);
data/subread-2.0.1+dfsg/src/input-files.c:663:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pos -> gzfa_last_name[0]) strcpy(input -> gzfa_last_name, pos -> gzfa_last_name);
data/subread-2.0.1+dfsg/src/input-files.c:832:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(read_name)strcpy(read_name, rbuf+1);
data/subread-2.0.1+dfsg/src/input-files.c:834:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if(read_name)strcpy(read_name, input -> gzfa_last_name);
data/subread-2.0.1+dfsg/src/input-files.c:844:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input -> gzfa_last_name, rbuf+1);
data/subread-2.0.1+dfsg/src/input-files.c:847:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_string+ret, rbuf);
data/subread-2.0.1+dfsg/src/input-files.c:1450:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_suffix , "%s-%04u.bin", chro, block_no);
data/subread-2.0.1+dfsg/src/input-files.c:1467:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key_name, temp_file_name);
data/subread-2.0.1+dfsg/src/input-files.c:1642:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(token_1, event_token);
data/subread-2.0.1+dfsg/src/input-files.c:1652:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(token_2, event_token);
data/subread-2.0.1+dfsg/src/input-files.c:1761:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfname, "%s%s", temp_file_prefix , temp_file_suffix);
data/subread-2.0.1+dfsg/src/input-files.c:1999:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_name, "%s%s", temp_file_prefix , temp_file_suffix);
data/subread-2.0.1+dfsg/src/input-files.c:2065:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_name, "%s%s", temp_file_prefix , temp_file_suffix);
data/subread-2.0.1+dfsg/src/input-files.c:2258:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_suffix , prefix + last_slash + 1);
data/subread-2.0.1+dfsg/src/input-files.c:2263:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_suffix , prefix);
data/subread-2.0.1+dfsg/src/input-files.c:2280:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_name, del2);
data/subread-2.0.1+dfsg/src/input-files.c:2282:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(del_name, dir->d_name);
data/subread-2.0.1+dfsg/src/input-files.c:2318:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bam_main -> bam_name, out_file);
data/subread-2.0.1+dfsg/src/input-files.c:2519:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pairer -> tmp_file_prefix, tmp_path);
data/subread-2.0.1+dfsg/src/input-files.c:3047:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mem_contig_name , header_start + header_bin_ptr);
data/subread-2.0.1+dfsg/src/input-files.c:3802:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mem_name, "C:%s:%d", read_full_name , (this_flags & 0x80)?1:0);
data/subread-2.0.1+dfsg/src/input-files.c:3839:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(thread_context -> immediate_last_read_full_name, read_full_name);
data/subread-2.0.1+dfsg/src/input-files.c:3986:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s-MERGE-TMP.tmp", pairer->tmp_file_prefix);
data/subread-2.0.1+dfsg/src/input-files.c:4037:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name_tmp_1, "C:%s:%d", names+(min_name_fileno * max_name_len), 0);
data/subread-2.0.1+dfsg/src/input-files.c:4038:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name_tmp_2, "C:%s:%d", names+(min2_name_fileno * max_name_len), 1);
data/subread-2.0.1+dfsg/src/input-files.c:4042:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name_tmp_1, "B:%s:%d", names+(min_name_fileno * max_name_len), 0);
data/subread-2.0.1+dfsg/src/input-files.c:4101:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s-TH%02d-BK%06d.tmp", pairer->tmp_file_prefix, thno, bkno);
data/subread-2.0.1+dfsg/src/input-files.c:4115:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s-FTEST-%d.tmp", pairer->tmp_file_prefix, bkno);
data/subread-2.0.1+dfsg/src/input-files.c:4127:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s-TH%02d-BK%06d.tmp", pairer->tmp_file_prefix, thno, bkno);
data/subread-2.0.1+dfsg/src/input-files.c:4155:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s-TH%02d-BK%06d.tmp", pairer->tmp_file_prefix, thno, bkno);
data/subread-2.0.1+dfsg/src/input-files.c:4165:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s-LEVELMERGE.tmp", pairer->tmp_file_prefix);
data/subread-2.0.1+dfsg/src/input-files.c:4205:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s-LEVELMERGE.tmp", pairer->tmp_file_prefix);
data/subread-2.0.1+dfsg/src/input-files.c:4213:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s-TH%02d-BK%06d.tmp", pairer->tmp_file_prefix, thno, bkno);
data/subread-2.0.1+dfsg/src/input-files.c:4269:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name_tmp_1, "C:%s:%d", names+(min_name_fileno * max_name_len), 0);
data/subread-2.0.1+dfsg/src/input-files.c:4270:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name_tmp_2, "C:%s:%d", names+(min2_name_fileno * max_name_len), 1);
data/subread-2.0.1+dfsg/src/input-files.c:4278:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name_tmp_1, "B:%s:%d", names+(min_name_fileno * max_name_len), 0);
data/subread-2.0.1+dfsg/src/input-files.c:4348:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s-TH%02d-BK%06d.tmp", pairer->tmp_file_prefix, thread_context -> thread_id, thread_context -> orphant_block_no++);
data/subread-2.0.1+dfsg/src/input-files.c:4567:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keyS, key);
data/subread-2.0.1+dfsg/src/input-files.c:4812:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfname, "%s.fixbam", pairer -> tmp_file_prefix);
data/subread-2.0.1+dfsg/src/input-files.c:5410:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mem_contig_name , header_bin + header_bin_ptr);
data/subread-2.0.1+dfsg/src/input-files.c:5664:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(writer -> tmp_path + slash_pos+1, "temp-sort-%06u-%s-", getpid(), mac_rand);
data/subread-2.0.1+dfsg/src/input-files.c:5665:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
}else sprintf(writer -> tmp_path, "./temp-sort-%06u-%s-", getpid(), mac_rand);
data/subread-2.0.1+dfsg/src/input-files.c:5667:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
}else sprintf(writer -> tmp_path, "%s/temp-sort-%06u-%s-", tmp_path, getpid(), mac_rand);
data/subread-2.0.1+dfsg/src/input-files.c:5674:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s%s", writer -> tmp_path, "headers.txt");
data/subread-2.0.1+dfsg/src/input-files.c:5690:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tag_str , "\t%s:i:", tag);
data/subread-2.0.1+dfsg/src/input-files.c:5709:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hi_tag_out,"\t%s:i:%d", tag, hi_tag);
data/subread-2.0.1+dfsg/src/input-files.c:5738:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfname, "%sCHK%08d-BLK%03d.bin", writer -> tmp_path, x1_chunk , x1_block);
data/subread-2.0.1+dfsg/src/input-files.c:5808:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfname, "%sCHK%08d-BLK%03d.bin", writer -> tmp_path, x1_chunk , x1_block);
data/subread-2.0.1+dfsg/src/input-files.c:6135:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chromosome_2_name, chromosome_1_name);
data/subread-2.0.1+dfsg/src/input-files.c:6163:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(read_name+strlen(read_name), "\t%s:%u:%s:%u%s",chromosome_2_name, pos_2, chromosome_1_name, pos_1, hi_key);
data/subread-2.0.1+dfsg/src/input-files.c:6165:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(read_name+strlen(read_name), "\t%s:%u:%s:%u%s",chromosome_1_name, pos_1, chromosome_2_name, pos_2, hi_key);
data/subread-2.0.1+dfsg/src/input-files.c:6177:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfname,"%sCHK%08d-BLK%03d.bin", writer -> tmp_path , writer -> current_chunk , block_id);
data/subread-2.0.1+dfsg/src/input-files.c:6246:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_read_name , read_name);
data/subread-2.0.1+dfsg/src/input-files.c:6657:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_t1chro, "chr%s", t1chro);
data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h:267:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LRMprintf printf
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:38:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input->filename, filename);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:404:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.reads", context->index_prefix);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:479:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
wrlen = sprintf(header_line, "@SQ\tSN:%s\tLN:%d\n",chro_name,chro_length);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:483:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
wrlen = sprintf(header_line, "@PG\tID:subread-long-read-mapping\tPN:subread-long-read-mapping\tCL:%s\n", context -> user_command_line);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:547:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
actural_target_len = sprintf(target_ptr,"%s\t%d\t%s\t%u\t%d\t%s\t*\t0\t0\t%s\t%s\tNM:%d\n", iteration_context -> read_name, flags, chro_name, chro_pos + 1, map_quality, cigar, iteration_context->read_text, iteration_context->qual_text, mis_matched);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:596:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(txt, "%s:%d", chro_name, pos+1);
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:261:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tabname, "%s.00.b.tab", fname);
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:264:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tabname, "%s.00.c.tab", fname);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:151:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*context) -> input_file_name, optarg);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:154:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*context) -> index_prefix, optarg);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:161:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*context) -> output_file_name, optarg);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:187:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((*context) -> user_command_line+strlen( (*context) -> user_command_line), "\"%s\" ", argv[c]);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:320:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indextab_fname, "%s.00.b.tab", context -> index_prefix);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:323:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indextab_fname, "%s.00.b.array", context -> index_prefix);
data/subread-2.0.1+dfsg/src/mergeVCF.c:209:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ky, "%c\t%s\t%s\t.\t%s\t%s\t.", key_type, chro, pos_str, ref, alt_one);
data/subread-2.0.1+dfsg/src/mergeVCF.c:217:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info_buf, info);
data/subread-2.0.1+dfsg/src/mergeVCF.c:218:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(IQF_buf,"%s\t%s\t%s", id_str,qual_str,filter_str);
data/subread-2.0.1+dfsg/src/mergeVCF.c:246:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info_buf, info);
data/subread-2.0.1+dfsg/src/mergeVCF.c:247:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(IQF_buf,"%s\t%s\t%s", id_str,qual_str,filter_str);
data/subread-2.0.1+dfsg/src/mergeVCF.c:379:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output_file_name, optarg);
data/subread-2.0.1+dfsg/src/propmapped.c:88:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_suffix , _PROPMAPPED_delete_tmp_prefix + last_slash + 1);
data/subread-2.0.1+dfsg/src/propmapped.c:93:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_suffix , _PROPMAPPED_delete_tmp_prefix);
data/subread-2.0.1+dfsg/src/propmapped.c:109:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(del_name, del2);
data/subread-2.0.1+dfsg/src/propmapped.c:111:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(del_name, dir->d_name);
data/subread-2.0.1+dfsg/src/propmapped.c:253:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s-%I64u.bin", context->temp_file_prefix, hash_key);
data/subread-2.0.1+dfsg/src/propmapped.c:255:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s-%llu.bin", context->temp_file_prefix, hash_key);
data/subread-2.0.1+dfsg/src/propmapped.c:281:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(read_name, (flags&0x40)?"!!_1":"!!_2");
data/subread-2.0.1+dfsg/src/propmapped.c:318:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(context->temp_file_prefix+strlen(context->temp_file_prefix), "/prpm-temp-sum-%06u-%s", getpid(), mac_rand);
data/subread-2.0.1+dfsg/src/propmapped.c:376:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s-%d.bin", context->temp_file_prefix, bini);
data/subread-2.0.1+dfsg/src/propmapped.c:488:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context -> input_file_name, optarg);
data/subread-2.0.1+dfsg/src/propmapped.c:491:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context -> output_file_name, optarg);
data/subread-2.0.1+dfsg/src/qualityScores.c:245:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qual_buff, nstr);
data/subread-2.0.1+dfsg/src/qualityScores.c:552:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name, optarg);
data/subread-2.0.1+dfsg/src/qualityScores.c:555:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name, optarg);
data/subread-2.0.1+dfsg/src/read-repair.c:85:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_BAM_file, optarg);
data/subread-2.0.1+dfsg/src/read-repair.c:100:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_BAM_file, optarg);
data/subread-2.0.1+dfsg/src/read-repair.c:119:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rand_prefix, "fsbm-p%06d-%s", getpid(), mac_rand);
data/subread-2.0.1+dfsg/src/readSummary.c:379:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result_junctions[ret].chromosome_name_left, chroname);
data/subread-2.0.1+dfsg/src/readSummary.c:380:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result_junctions[ret].chromosome_name_right, chroname);
data/subread-2.0.1+dfsg/src/readSummary.c:434:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result_junctions[ret].chromosome_name_left, chroname);
data/subread-2.0.1+dfsg/src/readSummary.c:435:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result_junctions[ret].chromosome_name_right, chroname);
data/subread-2.0.1+dfsg/src/readSummary.c:445:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(boundaries_chromosomes[boundaries] , chroname);
data/subread-2.0.1+dfsg/src/readSummary.c:451:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(boundaries_chromosomes[boundaries] , chroname);
data/subread-2.0.1+dfsg/src/readSummary.c:504:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(boundaries_chromosomes[boundaries] , current_fusion_char);
data/subread-2.0.1+dfsg/src/readSummary.c:510:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(boundaries_chromosomes[boundaries] , current_fusion_char);
data/subread-2.0.1+dfsg/src/readSummary.c:564:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result_junctions[ret].chromosome_name_left, boundaries_chromosomes[x1]);
data/subread-2.0.1+dfsg/src/readSummary.c:565:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result_junctions[ret].chromosome_name_right, boundaries_chromosomes[x2]);
data/subread-2.0.1+dfsg/src/readSummary.c:601:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context -> unistr_buffer_space + global_context->unistr_buffer_used, str);
data/subread-2.0.1+dfsg/src/readSummary.c:627:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sam_used, "%s/featureCounts_test_file_writable-%06d-%s.tmp", global_context -> temp_file_dir, getpid(), MAC_or_random);
data/subread-2.0.1+dfsg/src/readSummary.c:637:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sam_used, sam);
data/subread-2.0.1+dfsg/src/readSummary.c:672:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(next_ntxt, "%d unknown file%s", nNonExistFiles, nNonExistFiles>1?"s":"");
data/subread-2.0.1+dfsg/src/readSummary.c:674:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bam_ntxt, "%d BAM file%s ", nBAMfiles, nBAMfiles>1?"s":"");
data/subread-2.0.1+dfsg/src/readSummary.c:676:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sam_ntxt, "%d SAM file%s ", nfiles-nNonExistFiles-nBAMfiles , (nfiles-nNonExistFiles-nBAMfiles)>1?"s":"");
data/subread-2.0.1+dfsg/src/readSummary.c:679:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sam_used, sam);
data/subread-2.0.1+dfsg/src/readSummary.c:842:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_name, chro);
data/subread-2.0.1+dfsg/src/readSummary.c:868:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lneeded, needed);
data/subread-2.0.1+dfsg/src/readSummary.c:886:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bucket_key, "%s:%u", anno_chro_name, pos - pos % JUNCTION_BUCKET_STEP);
data/subread-2.0.1+dfsg/src/readSummary.c:892:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bucket_key, "%s:%u", chro, pos - pos % JUNCTION_BUCKET_STEP);
data/subread-2.0.1+dfsg/src/readSummary.c:897:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bucket_key, "%s:%u", chro+3, pos - pos % JUNCTION_BUCKET_STEP);
data/subread-2.0.1+dfsg/src/readSummary.c:902:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bucket_key, "chr%s:%u", chro, pos - pos % JUNCTION_BUCKET_STEP);
data/subread-2.0.1+dfsg/src/readSummary.c:1997:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out_txt2, "%s\t%d\t%s\t%d\t0\t*\t%s\t%d\t0\tN\tI\t%s", realname, my_flag, my_chro_str, max(0, my_pos),
data/subread-2.0.1+dfsg/src/readSummary.c:2469:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(junctions_current[ret].chromosome_name_left, ChroNames[x1]);
data/subread-2.0.1+dfsg/src/readSummary.c:2470:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(junctions_current[ret].chromosome_name_right, ChroNames[x1]);
data/subread-2.0.1+dfsg/src/readSummary.c:2544:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rg_name_mem, rg_name);
data/subread-2.0.1+dfsg/src/readSummary.c:3223:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(thread_context -> chro_name_buff+3, ChroNames[cigar_section_id]);
data/subread-2.0.1+dfsg/src/readSummary.c:3425:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(this_key, "%s\t%u\t%s\t%u", j_one->chromosome_name_left, j_one -> last_exon_base_left, j_one->chromosome_name_right, j_one -> first_exon_base_right);
data/subread-2.0.1+dfsg/src/readSummary.c:3435:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(left_key, "%s\t%u", j_one->chromosome_name_left, j_one -> last_exon_base_left);
data/subread-2.0.1+dfsg/src/readSummary.c:3436:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(right_key, "%s\t%u", j_one->chromosome_name_right, j_one -> first_exon_base_right);
data/subread-2.0.1+dfsg/src/readSummary.c:4299:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
linebuf_ptr = sprintf(linebuf, "%s", gene_name);
data/subread-2.0.1+dfsg/src/readSummary.c:4401:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(exon_name, "%s:fc,spl:%s:fc,spl:%u:fc,spl:%u:fc,spl:%c", global_context -> unistr_buffer_space + loaded_features[i].feature_name_pos,
data/subread-2.0.1+dfsg/src/readSummary.c:4410:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ofname,"%s.scRNA.%03d.%s.BCtab",global_context->input_file_name, sample_index+1,tabtype);
data/subread-2.0.1+dfsg/src/readSummary.c:4412:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ofname,"%s.scRNA.%03d.%s.GENEtab",global_context->input_file_name, sample_index+1,tabtype);
data/subread-2.0.1+dfsg/src/readSummary.c:4414:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ofname,"%s.scRNA.%03d.%s.spmtx",global_context->input_file_name, sample_index+1,tabtype);
data/subread-2.0.1+dfsg/src/readSummary.c:4547:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ofname,"%s.scRNA.%03d.AmbSum",global_context->input_file_name, sample_no+1);
data/subread-2.0.1+dfsg/src/readSummary.c:4576:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ofname,"%s.scRNA.%03d.no0Genes",global_context->input_file_name, samplenno+1);
data/subread-2.0.1+dfsg/src/readSummary.c:4590:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ofname,"%s.scRNA.SampleTable",global_context->input_file_name);
data/subread-2.0.1+dfsg/src/readSummary.c:4845:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_key, junckey);
data/subread-2.0.1+dfsg/src/readSummary.c:4861:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_key, junckey);
data/subread-2.0.1+dfsg/src/readSummary.c:4931:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*out_ptr, "%s/temp-core-%06u-%s.sam", global_context -> temp_file_dir, getpid(), MAC_or_random);
data/subread-2.0.1+dfsg/src/readSummary.c:4948:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*out_ptr), in_fnames);
data/subread-2.0.1+dfsg/src/readSummary.c:5083:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context->scRNA_sample_sheet,scRNA_sample_sheet);
data/subread-2.0.1+dfsg/src/readSummary.c:5091:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context->scRNA_cell_barcode_list,scRNA_cell_barcode_list);
data/subread-2.0.1+dfsg/src/readSummary.c:5123:36: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(annotation_file_screen_output) strcpy(global_context -> annotation_file_screen_output, annotation_file_screen_output);
data/subread-2.0.1+dfsg/src/readSummary.c:5128:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context -> alias_file_name,alias_file_name);
data/subread-2.0.1+dfsg/src/readSummary.c:5134:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(Rpath)strcpy(global_context -> read_details_path, Rpath);
data/subread-2.0.1+dfsg/src/readSummary.c:5136:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context -> feature_name_column,feature_name_column);
data/subread-2.0.1+dfsg/src/readSummary.c:5137:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context -> gene_id_column,gene_id_column);
data/subread-2.0.1+dfsg/src/readSummary.c:5138:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context -> output_file_name, output_fname);
data/subread-2.0.1+dfsg/src/readSummary.c:5152:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(global_context -> temp_file_dir, temp_dir);
data/subread-2.0.1+dfsg/src/readSummary.c:5180:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s/%s.featureCounts%s", applied_detail_path, global_context -> input_file_short_name, global_context -> is_read_details_out == FILE_TYPE_BAM?".bam":(global_context -> is_read_details_out == FILE_TYPE_SAM?".sam":""));
data/subread-2.0.1+dfsg/src/readSummary.c:5184:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname, "%s.featureCounts%s", global_context -> raw_input_file_name, global_context -> is_read_details_out == FILE_TYPE_BAM?".bam":(global_context -> is_read_details_out == FILE_TYPE_SAM?".sam":""));
data/subread-2.0.1+dfsg/src/readSummary.c:5194:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_fname2, "%s/%s", applied_detail_path, modified_fname);
data/subread-2.0.1+dfsg/src/readSummary.c:5321:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rand_prefix, "%s/temp-core-%06u-%s.sam", global_context -> temp_file_dir, getpid(), MAC_or_random);
data/subread-2.0.1+dfsg/src/readSummary.c:5322:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(global_context -> use_stdin_file) sprintf(new_fn, "<%s", global_context -> input_file_name );
data/subread-2.0.1+dfsg/src/readSummary.c:5323:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(new_fn, "%s", global_context -> input_file_name );
data/subread-2.0.1+dfsg/src/readSummary.c:5584:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out_extra_columns[xk4]+ollen,";%s", this_col);
data/subread-2.0.1+dfsg/src/readSummary.c:5693:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s.summary", out_file);
data/subread-2.0.1+dfsg/src/readSummary.c:6264:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outfname, "%s.jcounts", output_file_name);
data/subread-2.0.1+dfsg/src/readSummary.c:6358:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(junc_key, "%s\t%u", chro_small, pos_small);
data/subread-2.0.1+dfsg/src/readSummary.c:6360:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(junc_key, "%s\t%u", chro_large, pos_large);
data/subread-2.0.1+dfsg/src/readSummary.c:6386:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gene_names, primary_gene -> gene_name);
data/subread-2.0.1+dfsg/src/readSummary.c:6399:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
gene_name_tail += sprintf(gene_name_tail, "%s,", tested_key -> gene_name);
data/subread-2.0.1+dfsg/src/readSummary.c:6882:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_list_used, file_name_ptr);
data/subread-2.0.1+dfsg/src/readSummary.c:6887:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_list_used2, file_name_ptr);
data/subread-2.0.1+dfsg/src/readSummary.c:6908:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_list_used, file_name_ptr);
data/subread-2.0.1+dfsg/src/readSummary.c:6944:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context.input_file_name, next_fn);
data/subread-2.0.1+dfsg/src/readSummary.c:6945:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(global_context.raw_input_file_name, next_fn);
data/subread-2.0.1+dfsg/src/readSummary.c:7018:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rg_file_name, "%s:%s", mem_file_name, rg_name);
data/subread-2.0.1+dfsg/src/readSummary.c:7169:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bucket_key, "%s:%u", chro_name, x1);
data/subread-2.0.1+dfsg/src/readSummary.c:7177:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mem_bucket_key , bucket_key);
data/subread-2.0.1+dfsg/src/readSummary.c:7358:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd_rebuilt+strlen(cmd_rebuilt), "\"%s\" ", argv[c]);
data/subread-2.0.1+dfsg/src/readSummary.c:7385:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fasta_contigs_name , optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7391:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alias_file_name, optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7406:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nameFeatureTypeColumn, optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7410:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nameGeneIDColumn, optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7532:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scRNA_cell_barcode_list,optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7537:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scRNA_sample_sheet,optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7547:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Rpath, optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7559:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(debug_command, optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7573:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp_dir, optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7578:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(max_M_str, optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7620:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_shift_type, optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7684:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(very_long_file_names, argv[optind]);
data/subread-2.0.1+dfsg/src/readSummary.c:7685:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(very_long_file_names, FC_FLIST_SPLITOR);
data/subread-2.0.1+dfsg/src/removeDupReads.c:95:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file , "%s%s-%04u.bin",temp_prefix, chromosomes[chromosome_no].chromosome_name, i);
data/subread-2.0.1+dfsg/src/removeDupReads.c:267:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_prefix, "%s/temp-delrep-%06u-%s-", temp_location==NULL?".":temp_location, getpid(), mac_rand);
data/subread-2.0.1+dfsg/src/sam2fq.c:50:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s-A.fq", argv[1]);
data/subread-2.0.1+dfsg/src/sam2fq.c:52:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s-B.fq", argv[1]);
data/subread-2.0.1+dfsg/src/sambam-file.c:561:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_event->chro_name, chro_name);
data/subread-2.0.1+dfsg/src/sambam-file.c:594:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sam_ptr += sprintf(sam_txt + sam_ptr, "%s\t", bam_bin+36);
data/subread-2.0.1+dfsg/src/sambam-file.c:602:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sam_ptr += sprintf(sam_txt + sam_ptr, "%s\t", tmpint<0?"*":chro_table[tmpint].chro_name);
data/subread-2.0.1+dfsg/src/sambam-file.c:614:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sam_ptr += sprintf(sam_txt + sam_ptr, "%s\t", cigar_i<1?"*":"");
data/subread-2.0.1+dfsg/src/sambam-file.c:618:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sam_ptr += sprintf(sam_txt + sam_ptr, "%s\t", tmpint<0?"*":((tmpint == r1chro)?"=":chro_table[tmpint].chro_name));
data/subread-2.0.1+dfsg/src/sambam-file.c:832:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(aln->cigar, cigar_piece_buf);
data/subread-2.0.1+dfsg/src/sambam-file.c:1101:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tname, "%s.bai", BAM_fname);
data/subread-2.0.1+dfsg/src/sambam-file.c:1116:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(writer -> tmpf_prefix, tmpfname);
data/subread-2.0.1+dfsg/src/sambam-file.c:1280:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(writer -> chunk_buffer + writer -> chunk_buffer_used , chro_name);
data/subread-2.0.1+dfsg/src/sambam-file.c:1355:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(writer -> header_plain_text_buffer + writer -> header_plain_text_buffer_used, header_text);
data/subread-2.0.1+dfsg/src/sambam-file.c:1392:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chro_name_space , chro_name);
data/subread-2.0.1+dfsg/src/sambam-file.c:1731:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this_chunk_buffer + (*this_chunk_buffer_used) , read_name);
data/subread-2.0.1+dfsg/src/sambam-file.c:1836:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfname, "%s-%06d.sortedbin", writer -> tmpf_prefix, writer -> sorted_batch_id++);
data/subread-2.0.1+dfsg/src/sambam-file.c:1987:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tfp , "%s-%06d.sortedbin", writer -> tmpf_prefix, writer -> sorted_batch_id + (new_bins++) );
data/subread-2.0.1+dfsg/src/sambam-file.c:1999:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tfpx , "%s-%06d.sortedbin", writer -> tmpf_prefix, bii + merge_i);
data/subread-2.0.1+dfsg/src/sambam-file.c:2036:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tfp , "%s-%06d.sortedbin", writer -> tmpf_prefix, merge_i + bii);
data/subread-2.0.1+dfsg/src/sambam-file.c:2200:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tfp , "%s-%06d.sortedbin", writer -> tmpf_prefix, bii);
data/subread-2.0.1+dfsg/src/sambam-file.c:2294:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tfp , "%s-%06d.sortedbin", writer -> tmpf_prefix, bii);
data/subread-2.0.1+dfsg/src/seek-zlib.c:560:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fp -> filename, fname);
data/subread-2.0.1+dfsg/src/seek-zlib.c:632:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, fp -> filename);
data/subread-2.0.1+dfsg/src/sorted-hashtable.c:1357:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tabname, "%s.00.b.tab", fname);
data/subread-2.0.1+dfsg/src/sorted-hashtable.c:1360:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tabname, "%s.00.c.tab", fname);
data/subread-2.0.1+dfsg/src/subfilter.c:44:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name, optarg);
data/subread-2.0.1+dfsg/src/sublog.c:91:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(vsbuf, 1199, pattern , args);
data/subread-2.0.1+dfsg/src/sublog.c:101:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, pattern , args);
data/subread-2.0.1+dfsg/src/sublog.c:126:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(vsbuf, 1199, pattern , args);
data/subread-2.0.1+dfsg/src/sublog.c:135:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, pattern , args);
data/subread-2.0.1+dfsg/src/sublog.c:156:8: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ret = vfprintf(fp, pattern , args);
data/subread-2.0.1+dfsg/src/subread.h:132:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define SUBREADprintf(...) fprintf(stderr, __VA_ARGS__)
data/subread-2.0.1+dfsg/src/subtools.c:61:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name, optarg);
data/subread-2.0.1+dfsg/src/subtools.c:64:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name, optarg);
data/subread-2.0.1+dfsg/src/subtools.c:134:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_file_name, "./temp-subt-%06u-%s.sam", getpid(), mac_rand);
data/subread-2.0.1+dfsg/src/subtools.c:172:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name, temp_file_name);
data/subread-2.0.1+dfsg/src/test-seek-zlib.c:43:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(should[write_cell], buf);
data/subread-2.0.1+dfsg/src/tx-unique.c:290:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hash_key, "%s\t%s\nALL", gene -> gene_name, try_tx->transcript_id);
data/subread-2.0.1+dfsg/src/tx-unique.c:296:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hash_key, "%s\t%s\nUNIQUE", gene -> gene_name, try_tx->transcript_id);
data/subread-2.0.1+dfsg/src/tx-unique.c:318:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hash_key, "%s\t%s\nALL", gene->gene_name, try_tx -> transcript_id);
data/subread-2.0.1+dfsg/src/tx-unique.c:320:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hash_key, "%s\t%s\nUNIQUE", gene->gene_name, try_tx -> transcript_id);
data/subread-2.0.1+dfsg/src/tx-unique.c:394:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context -> input_GTF_file_name, optarg);
data/subread-2.0.1+dfsg/src/tx-unique.c:398:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context -> output_file_name, optarg);
data/subread-2.0.1+dfsg/src/tx-unique.c:402:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context -> gene_name_column_name, optarg);
data/subread-2.0.1+dfsg/src/tx-unique.c:406:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context -> transcript_id_column_name, optarg);
data/subread-2.0.1+dfsg/src/tx-unique.c:410:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context -> used_feature_type, optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1664:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "S7:N:C:a:i:g:o:bQ:p:f:n:r:x:w:s:t:T:v4",snp_long_options, &optindex))!=-1)
data/subread-2.0.1+dfsg/src/SUBindel.c:342:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "pi:g:o:I:d:?v", long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:292:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "xsvJS:L:A:a:Hd:D:n:m:p:G:E:X:Y:P:R:r:i:l:o:T:I:t:B:bF:cuUfM:Q1:2:3:5:?", long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:291:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "vxsJ1:2:S:L:A:a:Hd:D:n:m:p:P:R:r:i:l:o:G:Y:E:X:T:I:B:bQF:cuUfM:3:5:9:?", long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/core.c:615:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "ExsS:L:AHd:D:n:m:p:P:R:r:i:l:o:T:Q:I:t:B:b:Q:FcuUfM?", long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/core.c:929:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char * env_no_sort = getenv("SUBREAD_DO_NOT_CHECK_INPUT");
data/subread-2.0.1+dfsg/src/coverage_calc.c:354:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "bCBpM:i:o:?", cov_calc_long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/detection-calls.c:456:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (argc, argv, "a:G:o:F:A:g:e:I"))!=-1){
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:338:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "Ct:g:a:o:v?", long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/fullscan.c:165:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (argc, argv, "i:m:c:?")) != -1)
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:897:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "QO:TCxS:V:N:X:F:L:q:r:t:e:o:pM?", long_options, &option_index)) != -1) {
data/subread-2.0.1+dfsg/src/global-reassembly.c:1760:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "2:t:Q:V:L:i:I:o:bHCR6", GRA_long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/index-builder.c:1035:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "kvcBFM:o:f:Db?", ib_long_options, &optindex)) != -1)
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:137:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "Xr:i:o:B:T:v", long_options, &option_index))!=-1){
data/subread-2.0.1+dfsg/src/mergeVCF.c:375:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt_long (argc, argv, "o:h", propm_long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/propmapped.c:484:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt_long (argc, argv, "Vi:o:bfph", propm_long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/qualityScores.c:521:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt_long (argc, argv, "n:i:o:P:12987", qs_long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/read-repair.c:66:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "i:T:M:o:vtdcS?")) != -1)
data/subread-2.0.1+dfsg/src/readSummary.c:7367:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "G:A:g:t:T:o:a:d:D:LQ:pbF:fs:S:CBJPMOR:v?", long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/removeDupReads.c:362:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "Di:o:r:t:S?", rem_long_options, &optindex)) != -1)
data/subread-2.0.1+dfsg/src/samMappedBases.c:101:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt_long (argc, argv, "98", sumb_long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/subfilter.c:36:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "i:F:", long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/subtools.c:47:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, "i:o:f:F:S:", long_options, &option_index)) != -1)
data/subread-2.0.1+dfsg/src/tx-unique.c:391:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (argc, argv, "a:o:g:t:f:h"))!=-1){
data/subread-2.0.1+dfsg/src/HelperFunctions.c:62:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * mfp = fopen("/proc/meminfo","r");
data/subread-2.0.1+dfsg/src/HelperFunctions.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[1000];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jump_mode [13];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:134:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(jump_mode, "%u%c", tmpi, cigar [cigar_cursor] == 'b'?'n':'b');
data/subread-2.0.1+dfsg/src/HelperFunctions.c:142:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_cigar , jump_mode, jmlen);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:143:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_cigar + jmlen , cigar + last_sec_start, last_piece_end - last_sec_start);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_name[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_name[2], typechar=0;
data/subread-2.0.1+dfsg/src/HelperFunctions.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_fusion_char[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_fusion_cigar[max_M * 15];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buffer[200];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col_val[100];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[2000];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:884:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ifname, sdl -> sdl_data, sdl -> sdl_nlen);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:892:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buff,"%02X%02X%02X%02X%02X%02X", *ptr, *(ptr+1), *(ptr+2),
data/subread-2.0.1+dfsg/src/HelperFunctions.c:905:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:932:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac_address[6];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:935:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac_address, ifr.ifr_hwaddr.sa_data, 6);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:938:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buff+2*x1, "%02X",mac_address[x1]);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:951:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen("/dev/urandom","r");
data/subread-2.0.1+dfsg/src/HelperFunctions.c:955:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buff + 2*x1 , "%02X", fgetc(fp));
data/subread-2.0.1+dfsg/src/HelperFunctions.c:967:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_buff+2*x1, "%02X", myrand_rand() & 0xff );
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1081:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature_name_tmp[FEATURE_NAME_LENGTH], txid_tmp[FEATURE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1120:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = atoi(start_ptr);// start
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1121:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = atoi(end_ptr);//end
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1157:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = atoi(start_ptr);// start
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1158:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = atoi(end_ptr);//end
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1460:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1464:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, available);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1475:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1526:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5v[16];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1534:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5v[16];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1555:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xt[10];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1556:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xt, "%08d", xx);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1577:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1790:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha256v[32];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1804:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xt[10];
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1805:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xt, "%08d", xx);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1919:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * ofp = fopen("/tmp/del4-Rlog.txt", "a");
data/subread-2.0.1+dfsg/src/HelperFunctions.c:2670:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char restxt[1030];
data/subread-2.0.1+dfsg/src/HelperFunctions.h:115:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/subread-2.0.1+dfsg/src/SNPCalling.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pile_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char background_input_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subread_index[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char known_SNP_vcf[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:300:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read[MAX_READ_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:301:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qual[MAX_READ_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:612:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:846:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_list[10], supporting_list[55], snps=0;
data/subread-2.0.1+dfsg/src/SNPCalling.c:871:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char int_buf[12];
data/subread-2.0.1+dfsg/src/SNPCalling.c:872:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(int_buf, "%u", midNexcellent_sup);
data/subread-2.0.1+dfsg/src/SNPCalling.c:899:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BGC_Qvalue_str [120];
data/subread-2.0.1+dfsg/src/SNPCalling.c:915:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( BGC_Qvalue_str, ";CTRL_DP=%d;CTRL_MM=%d;CTRL_QV=%.4f;VS_QV=%.4f",BGC_all_reads, BGC_alt_reads, BGC_Qvalue,max(0,VS_Qvalue));
data/subread-2.0.1+dfsg/src/SNPCalling.c:936:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char event_token[100];
data/subread-2.0.1+dfsg/src/SNPCalling.c:937:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char event_token2[100];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buffer [3000];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1143:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_name [MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1316:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char del2[MAX_FILE_NAME_LENGTH], del_suffix[MAX_FILE_NAME_LENGTH], del_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1332:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(del2, _EXSNP_SNP_delete_temp_prefix, last_slash);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_prefix[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1410:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table_fn[MAX_FILE_NAME_LENGTH+80];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1427:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char one_fn [MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac_rand[13];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1460:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char one_fn [MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1472:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_prefix2[MAX_FILE_NAME_LENGTH+80];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qfname[MAX_FILE_NAME_LENGTH+40];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_SAM_file[5000];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1598:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_BED_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1599:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_FASTA_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1684:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parameters.cutoff_multiplex = 1.0*atoi(optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1690:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parameters.min_alternative_read_number = atoi(optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1696:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parameters.bases_ignored_head_tail = atoi(optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1699:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parameters.fisher_exact_testlen = atoi(optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1702:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parameters.min_phred_score = atoi(optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1716:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parameters.neighbour_filter_testlen = atoi(optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1734:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threads = atoi(optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1755:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
read_count = atoi(optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1850:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[90];
data/subread-2.0.1+dfsg/src/SNPCalling.c:1866:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp_path, out_BED_file, x1);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1871:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(temp_path[0]==0)strcpy(temp_path, "./");
data/subread-2.0.1+dfsg/src/SUBindel.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname [MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SUBindel.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/SUBindel.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[max(2*MAX_READ_LENGTH+300,3000)];
data/subread-2.0.1+dfsg/src/SUBindel.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mate_chro[MAX_CHROMOSOME_NAME_LEN+1];
data/subread-2.0.1+dfsg/src/SUBindel.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar_mate[EXON_MAX_CIGAR_LEN+1];
data/subread-2.0.1+dfsg/src/SUBindel.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_name[MAX_READ_NAME_LEN+1];
data/subread-2.0.1+dfsg/src/SUBindel.c:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_name[MAX_CHROMOSOME_NAME_LEN+1];
data/subread-2.0.1+dfsg/src/SUBindel.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar[EXON_MAX_CIGAR_LEN+1];
data/subread-2.0.1+dfsg/src/SUBindel.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_text[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/SUBindel.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qual_text[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/SUBindel.c:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_text_null[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/SUBindel.c:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qual_text_null[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/SUBindel.c:359:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.expected_pair_distance = atoi(optarg);
data/subread-2.0.1+dfsg/src/SUBindel.c:366:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_indel_length = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-bigtable.c:78:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(return_ptr)memcpy(return_ptr, rett -> alignment_res + best_offset, sizeof(mapping_result_t));
data/subread-2.0.1+dfsg/src/core-bigtable.c:79:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(return_junction_ptr)memcpy(return_junction_ptr, rett -> subjunc_res + best_offset, sizeof(subjunc_result_t));
data/subread-2.0.1+dfsg/src/core-bigtable.c:262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char static_key [20 + MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/core-bigtable.c:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char static_key [20 + MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/core-indel.c:89:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(event_id_list + start, merge_tmp, sizeof(int)* (items+items2));
data/subread-2.0.1+dfsg/src/core-indel.c:411:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( sort_data[0] + start, tmp_global_id_list, sizeof(int) * (items+items2) );
data/subread-2.0.1+dfsg/src/core-indel.c:412:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( sort_data[1] + start, tmp_offset_list, sizeof(int) * (items+items2) );
data/subread-2.0.1+dfsg/src/core-indel.c:731:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int max_open_file = atoi(fns);
data/subread-2.0.1+dfsg/src/core-indel.c:875:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(merged_records+write_ptr, records+(read_2_ptr++), sizeof(scanning_events_record_t));
data/subread-2.0.1+dfsg/src/core-indel.c:877:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(merged_records+write_ptr, records+(read_1_ptr++), sizeof(scanning_events_record_t));
data/subread-2.0.1+dfsg/src/core-indel.c:879:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(records + start, merged_records, sizeof(scanning_events_record_t) * (items+items2));
data/subread-2.0.1+dfsg/src/core-indel.c:1049:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(merged_records+write_ptr, records+(read_2_ptr++), sizeof(concatinating_events_record_t));
data/subread-2.0.1+dfsg/src/core-indel.c:1051:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(merged_records+write_ptr, records+(read_1_ptr++), sizeof(concatinating_events_record_t));
data/subread-2.0.1+dfsg/src/core-indel.c:1053:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(records + start, merged_records, sizeof(concatinating_events_record_t) * (items+items2));
data/subread-2.0.1+dfsg/src/core-indel.c:1139:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( merged_body, prev_env, sizeof(chromosome_event_t) );
data/subread-2.0.1+dfsg/src/core-indel.c:1236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chroname[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/core-indel.c:1302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_chro_name[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/core-indel.c:1312:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_chro_name, "chr");
data/subread-2.0.1+dfsg/src/core-indel.c:1318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_key[ MAX_CHROMOSOME_NAME_LEN * 3 + 2 ];
data/subread-2.0.1+dfsg/src/core-indel.c:1337:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_features2, old_features, (old_size + 1) * sizeof(int));
data/subread-2.0.1+dfsg/src/core-indel.c:1654:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posout[100];
data/subread-2.0.1+dfsg/src/core-indel.c:1971:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char movement_buffer[MAX_READ_LENGTH * 10 / 7];
data/subread-2.0.1+dfsg/src/core-indel.c:1988:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstr[1000];
data/subread-2.0.1+dfsg/src/core-indel.c:1998:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstr+strlen(outstr),"%c",mc);
data/subread-2.0.1+dfsg/src/core-indel.c:2521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_name[MAX_FILE_NAME_LENGTH+40];
data/subread-2.0.1+dfsg/src/core-indel.c:2640:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inserted_sequence[MAX_INSERTION_LENGTH+REASSEMBLY_WINDOW_LENGTH];
data/subread-2.0.1+dfsg/src/core-indel.c:2921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ori[2000];
data/subread-2.0.1+dfsg/src/core-indel.c:2929:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char changed[200];
data/subread-2.0.1+dfsg/src/core-indel.c:3294:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block_context -> rebuilt_window , next_read_txt , new_bases + high_quality_offset);
data/subread-2.0.1+dfsg/src/core-indel.c:3343:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block_context -> final_alleles[xk2], &block_context -> final_alleles[xk2 - 1], sizeof(struct reassmebly_window_allele));
data/subread-2.0.1+dfsg/src/core-indel.c:3650:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char probe_window[global_context -> config.reassembly_key_length+1];
data/subread-2.0.1+dfsg/src/core-indel.c:4107:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(first_half_alleles, block_context.final_alleles, global_context -> config.reassembly_window_alleles * sizeof(struct reassmebly_window_allele ));
data/subread-2.0.1+dfsg/src/core-indel.c:4109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(second_half_alleles, block_context.final_alleles, global_context -> config.reassembly_window_alleles * sizeof(struct reassmebly_window_allele));
data/subread-2.0.1+dfsg/src/core-indel.c:4147:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contig_CIGAR[200];
data/subread-2.0.1+dfsg/src/core-indel.c:4171:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(contig_CIGAR+strlen(contig_CIGAR), "%dM%d%c", indels_read_positions[xk2] - read_position_cursor, abs(indels), indels<0?'I':'D');
data/subread-2.0.1+dfsg/src/core-indel.c:4340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH+40];
data/subread-2.0.1+dfsg/src/core-indel.c:4351:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_name[MAX_FILE_NAME_LENGTH + 50];
data/subread-2.0.1+dfsg/src/core-indel.c:4406:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char del2[MAX_FILE_NAME_LENGTH], del_suffix[MAX_FILE_NAME_LENGTH], del_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/core-indel.c:4419:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(del2, _COREMAIN_delete_temp_prefix, last_slash);
data/subread-2.0.1+dfsg/src/core-indel.c:4580:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(context->config.exon_annotation_gene_id_column, "gene_id");
data/subread-2.0.1+dfsg/src/core-indel.c:4581:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(context->config.exon_annotation_feature_name_column, "exon");
data/subread-2.0.1+dfsg/src/core-indel.c:4598:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seed_rand, &double_time, 2*sizeof(int));
data/subread-2.0.1+dfsg/src/core-indel.c:4613:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac_rand[13];
data/subread-2.0.1+dfsg/src/core-indel.c:4620:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->config.temp_file_prefix, context->config.output_prefix, x1);
data/subread-2.0.1+dfsg/src/core-indel.c:4627:46: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(context->config.temp_file_prefix[0] == 0)strcpy(context->config.temp_file_prefix, "./");
data/subread-2.0.1+dfsg/src/core-indel.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rebuilt_window[8000];
data/subread-2.0.1+dfsg/src/core-indel.h:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rebuilt_window[2500];
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:302:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.DP_penalty_create_gap = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:307:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.DP_match_score = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:312:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.DP_penalty_extend_gap = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:317:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.DP_mismatch_penalty = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:322:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.read_trim_3 = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:327:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.read_trim_5 = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:335:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.multi_best_reads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:380:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.maximum_pair_distance = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:385:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.minimum_pair_distance = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:390:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.total_subreads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:399:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.all_threads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:421:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_indel_length = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:456:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_mismatch_exonic_reads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:467:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.minimum_subread_for_second_read = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:575:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.min_mapped_fraction = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:601:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_vote_combinations = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:602:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.multi_best_reads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:606:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_vote_simples = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:619:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_vote_number_cutoff = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:302:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.DP_penalty_create_gap = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:308:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.DP_match_score = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:314:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.DP_penalty_extend_gap = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:320:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.DP_mismatch_penalty = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:326:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.read_trim_3 = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:332:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.read_trim_5 = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:383:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.maximum_pair_distance = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:389:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.minimum_pair_distance = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:397:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.total_subreads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:404:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.minimum_subread_for_first_read = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:410:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.all_threads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:419:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_mismatch_exonic_reads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:420:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_mismatch_junction_reads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:436:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_indel_length = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:472:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.minimum_subread_for_second_read = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:478:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.multi_best_reads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:546:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_insertion_at_junctions = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:564:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.min_mapped_fraction = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:594:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int newdist = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:614:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_vote_simples = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:618:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_vote_combinations = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:619:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.multi_best_reads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:637:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_vote_number_cutoff = atoi(optarg);
data/subread-2.0.1+dfsg/src/core-junction.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outpos1[100], outpos2[100];
data/subread-2.0.1+dfsg/src/core-junction.c:421:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(explain_context -> result_back_junctions[0], explain_context -> tmp_search_junctions , sizeof(perfect_section_in_read_t) * (explain_context -> tmp_search_sections +1));
data/subread-2.0.1+dfsg/src/core-junction.c:427:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(explain_context -> result_front_junctions[0], explain_context -> tmp_search_junctions , sizeof(perfect_section_in_read_t) * (explain_context -> tmp_search_sections +1));
data/subread-2.0.1+dfsg/src/core-junction.c:435:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(explain_context -> result_back_junctions[explain_context -> all_back_alignments], explain_context -> tmp_search_junctions , sizeof(perfect_section_in_read_t) * (explain_context -> tmp_search_sections +1));
data/subread-2.0.1+dfsg/src/core-junction.c:441:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(explain_context -> result_front_junctions[explain_context -> all_front_alignments], explain_context -> tmp_search_junctions , sizeof(perfect_section_in_read_t) * (explain_context -> tmp_search_sections +1));
data/subread-2.0.1+dfsg/src/core-junction.c:557:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(explain_context -> result_back_junctions[0], explain_context -> tmp_search_junctions , sizeof(perfect_section_in_read_t) * (explain_context -> tmp_search_sections +1));
data/subread-2.0.1+dfsg/src/core-junction.c:563:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(explain_context -> result_front_junctions[0], explain_context -> tmp_search_junctions , sizeof(perfect_section_in_read_t) * (explain_context -> tmp_search_sections +1));
data/subread-2.0.1+dfsg/src/core-junction.c:571:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(explain_context -> result_back_junctions[explain_context -> all_back_alignments], explain_context -> tmp_search_junctions , sizeof(perfect_section_in_read_t) * (explain_context -> tmp_search_sections +1));
data/subread-2.0.1+dfsg/src/core-junction.c:577:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(explain_context -> result_front_junctions[explain_context -> all_front_alignments], explain_context -> tmp_search_junctions , sizeof(perfect_section_in_read_t) * (explain_context -> tmp_search_sections +1));
data/subread-2.0.1+dfsg/src/core-junction.c:939:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpv, comb_buffer + i, sizeof(vote_combination_t));
data/subread-2.0.1+dfsg/src/core-junction.c:940:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comb_buffer + i, comb_buffer + j, sizeof(vote_combination_t));
data/subread-2.0.1+dfsg/src/core-junction.c:941:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comb_buffer + j, &tmpv, sizeof(vote_combination_t));
data/subread-2.0.1+dfsg/src/core-junction.c:953:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(merge_target+x1, comb_buffer+items1_cursor, sizeof(vote_combination_t));
data/subread-2.0.1+dfsg/src/core-junction.c:956:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(merge_target+x1, comb_buffer+items2_cursor, sizeof(vote_combination_t));
data/subread-2.0.1+dfsg/src/core-junction.c:962:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comb_buffer + start, merge_target, (items+items2) * sizeof(vote_combination_t));
data/subread-2.0.1+dfsg/src/core-junction.c:980:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_strands[COVERAGE_STAB_NUMBER];
data/subread-2.0.1+dfsg/src/core-junction.c:1110:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posout2[100];
data/subread-2.0.1+dfsg/src/core-junction.c:1111:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posout1[100];
data/subread-2.0.1+dfsg/src/core-junction.c:1128:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posout[100];
data/subread-2.0.1+dfsg/src/core-junction.c:1279:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posout[100];
data/subread-2.0.1+dfsg/src/core-junction.c:1315:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char leftpos[100], rightpos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:1350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from_second_read[MAX_CLUSTER_ELEMENTS];
data/subread-2.0.1+dfsg/src/core-junction.c:1448:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( target_result_R1, shifted_result_R1 , sizeof(mapping_result_t));
data/subread-2.0.1+dfsg/src/core-junction.c:1449:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( target_result_R2, shifted_result_R2 , sizeof(mapping_result_t) );
data/subread-2.0.1+dfsg/src/core-junction.c:1492:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( target_result_R, shifted_result_R , sizeof(mapping_result_t));
data/subread-2.0.1+dfsg/src/core-junction.c:1647:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1pos[100], out2pos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:1684:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1pos[100], out2pos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:1823:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dynamic_highest_path[MAX_CLUSTER_ELEMENTS];
data/subread-2.0.1+dfsg/src/core-junction.c:1880:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1pos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:1975:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1pos[100], out2pos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:1993:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1pos[100], out2pos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:2005:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1pos[100], out2pos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:2070:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_bases_startside[ search_in_read_end - search_in_read_start ], chro_bases_endside[search_in_read_end - search_in_read_start];
data/subread-2.0.1+dfsg/src/core-junction.c:2127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sp1s[200];
data/subread-2.0.1+dfsg/src/core-junction.c:2131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spE[200];
data/subread-2.0.1+dfsg/src/core-junction.c:2135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spBB[200];
data/subread-2.0.1+dfsg/src/core-junction.c:2139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1pos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:2354:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comb_buffer + move_i, comb_buffer + move_i - 1 , sizeof(vote_combination_t) );
data/subread-2.0.1+dfsg/src/core-junction.c:2421:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_alignment_tmp + (*current_r_cursor), _global_retrieve_alignment_ptr(global_context, pair_number, is_second_read, current_loc -> item_index_i), sizeof(mapping_result_t));
data/subread-2.0.1+dfsg/src/core-junction.c:2424:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_junction_tmp + (*current_r_cursor), _global_retrieve_subjunc_ptr(global_context, pair_number, is_second_read, current_loc -> item_index_i), sizeof(subjunc_result_t));
data/subread-2.0.1+dfsg/src/core-junction.c:2477:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_alignment_tmp + (*current_r_cursor), _global_retrieve_alignment_ptr(global_context, pair_number, is_second_read, current_loc -> item_index_i), sizeof(mapping_result_t));
data/subread-2.0.1+dfsg/src/core-junction.c:2480:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_junction_tmp + (*current_r_cursor), _global_retrieve_subjunc_ptr(global_context, pair_number, is_second_read, current_loc -> item_index_i), sizeof(subjunc_result_t));
data/subread-2.0.1+dfsg/src/core-junction.c:2509:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur_res, current_alignment_tmp + i, sizeof(mapping_result_t));
data/subread-2.0.1+dfsg/src/core-junction.c:2515:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur_junc, current_junction_tmp + i , sizeof(subjunc_result_t));
data/subread-2.0.1+dfsg/src/core-junction.c:2841:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outpos1[100];
data/subread-2.0.1+dfsg/src/core-junction.c:2902:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posout1[100];
data/subread-2.0.1+dfsg/src/core-junction.c:2932:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posout1[100];
data/subread-2.0.1+dfsg/src/core-junction.c:2933:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posout2[100];
data/subread-2.0.1+dfsg/src/core-junction.c:2949:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reversed_first_section_text, read_text, tmp_int);
data/subread-2.0.1+dfsg/src/core-junction.c:2980:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reversed_first_section_text, read_text + read_cursor, tmp_int);
data/subread-2.0.1+dfsg/src/core-junction.c:3077:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_string, "%dM", read_len);
data/subread-2.0.1+dfsg/src/core-junction.c:3081:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_cigar_tmp[120];
data/subread-2.0.1+dfsg/src/core-junction.c:3093:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar_piece [30];
data/subread-2.0.1+dfsg/src/core-junction.c:3098:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar_tiny [12];
data/subread-2.0.1+dfsg/src/core-junction.c:3103:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_tiny,"%dS",head_soft_clipped);
data/subread-2.0.1+dfsg/src/core-junction.c:3110:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_tiny,"%dM",tmp_int);
data/subread-2.0.1+dfsg/src/core-junction.c:3114:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_tiny,"%dS",tail_soft_clipped);
data/subread-2.0.1+dfsg/src/core-junction.c:3121:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_piece, "%u%c", tmp_int, nch);
data/subread-2.0.1+dfsg/src/core-junction.c:3148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cigar[120];
data/subread-2.0.1+dfsg/src/core-junction.c:3172:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_exp, &explain_context -> result_back_junctions[back_i][xk1], sizeof(perfect_section_in_read_t));
data/subread-2.0.1+dfsg/src/core-junction.c:3173:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&explain_context -> result_back_junctions[back_i][xk1], &explain_context -> result_back_junctions[back_i][explain_context -> result_back_junction_numbers[back_i] - xk1 - 1] , sizeof(perfect_section_in_read_t));
data/subread-2.0.1+dfsg/src/core-junction.c:3174:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&explain_context -> result_back_junctions[back_i][explain_context -> result_back_junction_numbers[back_i] - xk1 - 1] , &tmp_exp , sizeof(perfect_section_in_read_t));
data/subread-2.0.1+dfsg/src/core-junction.c:3217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char piece_cigar[25];
data/subread-2.0.1+dfsg/src/core-junction.c:3241:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(piece_cigar, "%dM", (read_pos_end - read_pos_start));
data/subread-2.0.1+dfsg/src/core-junction.c:3254:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(piece_cigar+strlen(piece_cigar), "%d%c", abs(event_after->indel_length), event_after->indel_length>0?'D':'I');
data/subread-2.0.1+dfsg/src/core-junction.c:3295:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(piece_cigar+strlen(piece_cigar), "%u%c", (int)movement, jump_mode);
data/subread-2.0.1+dfsg/src/core-junction.c:3297:44: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(event_after -> indel_at_junction) sprintf(piece_cigar+strlen(piece_cigar), "%dI", event_after -> indel_at_junction);
data/subread-2.0.1+dfsg/src/core-junction.c:3314:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(is_cigar_overflow) sprintf(tmp_cigar, "%dM", explain_context -> full_read_len);
data/subread-2.0.1+dfsg/src/core-junction.c:3354:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outpos1[100];
data/subread-2.0.1+dfsg/src/core-junction.c:3575:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char positive_read[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/core-junction.c:3675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char donor_left[3], donor_right[3];
data/subread-2.0.1+dfsg/src/core-junction.c:3955:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char leftpos[100], rightpos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:4060:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char leftpos[100], rightpos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:4130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn2 [MAX_FILE_NAME_LENGTH+30];
data/subread-2.0.1+dfsg/src/core-junction.c:4168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alt_base[500];
data/subread-2.0.1+dfsg/src/core-junction.c:4277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn2 [MAX_FILE_NAME_LENGTH+30];
data/subread-2.0.1+dfsg/src/core-junction.c:4289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * chro_name_left,* chro_name_right, indel_sect[10];
data/subread-2.0.1+dfsg/src/core-junction.c:4320:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indel_sect,"INS%d", event_body->indel_at_junction);
data/subread-2.0.1+dfsg/src/core-junction.c:4321:52: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(event_body-> is_donor_found_or_annotation &64)strcat(indel_sect,"ANNO");
data/subread-2.0.1+dfsg/src/core-junction.c:4373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inb[MAX_READ_LENGTH], qualityb[MAX_READ_LENGTH];
data/subread-2.0.1+dfsg/src/core-junction.c:4439:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[3];
data/subread-2.0.1+dfsg/src/core-junction.c:4473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[3];
data/subread-2.0.1+dfsg/src/core-junction.c:4475:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc2[3];
data/subread-2.0.1+dfsg/src/core-junction.c:4592:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[3];
data/subread-2.0.1+dfsg/src/core-junction.c:4634:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[3];
data/subread-2.0.1+dfsg/src/core-junction.c:4636:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc2[3];
data/subread-2.0.1+dfsg/src/core-junction.c:5017:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h1_2ch[3], h2_2ch[3];
data/subread-2.0.1+dfsg/src/core-junction.c:5206:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char movement_buffer[MAX_READ_LENGTH * 10 / 7];
data/subread-2.0.1+dfsg/src/core-junction.c:5419:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outpos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:5420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outposm[100];
data/subread-2.0.1+dfsg/src/core-junction.c:6054:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1pos[100], out2pos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:6080:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1pos[100], out2pos[100];
data/subread-2.0.1+dfsg/src/core-junction.c:6319:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outpos1[100], outpos2[100];
data/subread-2.0.1+dfsg/src/core.c:111:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tv = atoi(optarg);
data/subread-2.0.1+dfsg/src/core.c:237:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(content+x1, "\x1b[0m ...");
data/subread-2.0.1+dfsg/src/core.c:267:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out_line_buff+strlen(out_line_buff),"%c[36m", CHAR_ESC);
data/subread-2.0.1+dfsg/src/core.c:269:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out_line_buff+strlen(out_line_buff),"%c[0m", CHAR_ESC);
data/subread-2.0.1+dfsg/src/core.c:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spaces[81];
data/subread-2.0.1+dfsg/src/core.c:320:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out_line_buff+strlen(out_line_buff),"%c[36m", CHAR_ESC);
data/subread-2.0.1+dfsg/src/core.c:322:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out_line_buff+strlen(out_line_buff),"%c[0m", CHAR_ESC);
data/subread-2.0.1+dfsg/src/core.c:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sumname[MAX_FILE_NAME_LENGTH+30];
data/subread-2.0.1+dfsg/src/core.c:351:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * sumfp = fopen(sumname,"w");
data/subread-2.0.1+dfsg/src/core.c:504:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minchr[10];
data/subread-2.0.1+dfsg/src/core.c:507:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(minchr, "%.01f", min_value);
data/subread-2.0.1+dfsg/src/core.c:508:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(minchr, "% 3d", (int)min_value);
data/subread-2.0.1+dfsg/src/core.c:575:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minchr[10];
data/subread-2.0.1+dfsg/src/core.c:578:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(minchr, "%.01f", min_value);
data/subread-2.0.1+dfsg/src/core.c:579:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(minchr, "% 3d", (int)min_value);
data/subread-2.0.1+dfsg/src/core.c:620:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.multi_best_reads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core.c:682:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.maximum_pair_distance = atoi(optarg);
data/subread-2.0.1+dfsg/src/core.c:685:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.minimum_pair_distance = atoi(optarg);
data/subread-2.0.1+dfsg/src/core.c:688:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.total_subreads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core.c:691:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.minimum_subread_for_first_read = atoi(optarg);
data/subread-2.0.1+dfsg/src/core.c:694:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.all_threads = atoi(optarg);
data/subread-2.0.1+dfsg/src/core.c:713:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.max_indel_length = atoi(optarg);
data/subread-2.0.1+dfsg/src/core.c:742:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context->config.minimum_subread_for_second_read = atoi(optarg);
data/subread-2.0.1+dfsg/src/core.c:925:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_name[MAX_FILE_NAME_LENGTH+80], *fline=malloc(3000), tmp_readname[MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/core.c:1054:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_name[MAX_FILE_NAME_LENGTH+30];
data/subread-2.0.1+dfsg/src/core.c:1062:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * outfp = fopen(temp_file_name, "w");
data/subread-2.0.1+dfsg/src/core.c:1247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_cigar_decompress[CORE_MAX_CIGAR_STR_LEN + 1];
data/subread-2.0.1+dfsg/src/core.c:1248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar [CORE_MAX_CIGAR_STR_LEN];
data/subread-2.0.1+dfsg/src/core.c:1253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_cigars[CIGAR_PERFECT_SECTIONS][60];
data/subread-2.0.1+dfsg/src/core.c:1254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_strands[CIGAR_PERFECT_SECTIONS];
data/subread-2.0.1+dfsg/src/core.c:1256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char additional_information[CORE_ADDITIONAL_INFO_LENGTH + 1];
data/subread-2.0.1+dfsg/src/core.c:1272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * out_cigar_buffer[CIGAR_PERFECT_SECTIONS];
data/subread-2.0.1+dfsg/src/core.c:1364:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar_added [CORE_MAX_CIGAR_STR_LEN];
data/subread-2.0.1+dfsg/src/core.c:1400:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(head_S > 0) sprintf(cigar_added + strlen(cigar_added), "%dS", head_S );
data/subread-2.0.1+dfsg/src/core.c:1402:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_added + strlen(cigar_added), "%d%c", remainder_tmpi , nch );
data/subread-2.0.1+dfsg/src/core.c:1405:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(tail_S > 0) sprintf(cigar_added + strlen(cigar_added), "%dS", tail_S );
data/subread-2.0.1+dfsg/src/core.c:1515:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(r->additional_information + strlen(r->additional_information), "\tXS:A:%c", (current_result -> realign_flags & CORE_IS_GT_AG_DONORS)?'+':'-');
data/subread-2.0.1+dfsg/src/core.c:1638:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst + strlen(dst), "%uM", last_M + head_clip);
data/subread-2.0.1+dfsg/src/core.c:1642:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst + strlen(dst), "%u%c", tmpi, nch);
data/subread-2.0.1+dfsg/src/core.c:1649:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst + strlen(dst), "%uM" , last_M + tail_clip + head_clip);
data/subread-2.0.1+dfsg/src/core.c:2064:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rec1->additional_information + strlen( rec1->additional_information), "\tNM:i:%d", rec1_edit );
data/subread-2.0.1+dfsg/src/core.c:2069:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rec2->additional_information + strlen( rec2->additional_information), "\tNM:i:%d", rec2_edit );
data/subread-2.0.1+dfsg/src/core.c:2073:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra_additional_1 [1000+CORE_ADDITIONAL_INFO_LENGTH], extra_additional_2[1000+CORE_ADDITIONAL_INFO_LENGTH];
data/subread-2.0.1+dfsg/src/core.c:2303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_text_1[MAX_READ_LENGTH+1], read_text_2[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/core.c:2304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qual_text_1[MAX_READ_LENGTH+1], qual_text_2[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/core.c:2305:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_name_1[MAX_READ_NAME_LEN+1], read_name_2[MAX_READ_NAME_LEN+1];
data/subread-2.0.1+dfsg/src/core.c:2522:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_text_1[MAX_READ_LENGTH+1], read_text_2[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/core.c:2523:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qual_text_1[MAX_READ_LENGTH+1], qual_text_2[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/core.c:2525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_read_text_1[MAX_READ_LENGTH+1], raw_read_text_2[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/core.c:2526:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_qual_text_1[MAX_READ_LENGTH+1], raw_qual_text_2[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/core.c:2527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_name_1[MAX_READ_NAME_LEN+1], read_name_2[MAX_READ_NAME_LEN+1];
data/subread-2.0.1+dfsg/src/core.c:2528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * repeated_buffer_cigars[MAX_ALIGNMENT_PER_ANCHOR * 2 * global_context -> config.reported_multi_best_reads];
data/subread-2.0.1+dfsg/src/core.c:3086:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_name_1[MAX_READ_NAME_LEN+1], read_name_2[MAX_READ_NAME_LEN+1];
data/subread-2.0.1+dfsg/src/core.c:3597:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH+ 30];
data/subread-2.0.1+dfsg/src/core.c:3611:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH+30];
data/subread-2.0.1+dfsg/src/core.c:3843:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[90];
data/subread-2.0.1+dfsg/src/core.c:3877:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_buff[100];
data/subread-2.0.1+dfsg/src/core.c:3956:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_chro_name[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/core.c:3962:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_chro_name, "chr");
data/subread-2.0.1+dfsg/src/core.c:4044:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname [MAX_FILE_NAME_LENGTH + 50];
data/subread-2.0.1+dfsg/src/core.c:4419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sec_buf[13];
data/subread-2.0.1+dfsg/src/core.c:4460:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int added_len = sprintf(sec_buf, "%u%c", tmpv, charopt);
data/subread-2.0.1+dfsg/src/core.c:4463:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cigar, sec_buf, added_len);
data/subread-2.0.1+dfsg/src/core.c:4479:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar,"%dM", read_len);
data/subread-2.0.1+dfsg/src/core.c:4619:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out_cigars[current_perfect_section_no] + out_cigar_writer_ptr,"%dS", read_len - read_cursor);
data/subread-2.0.1+dfsg/src/core.c:4629:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
out_cigar_writer_ptr = sprintf(out_cigars[current_perfect_section_no],"%dS", read_cursor);
data/subread-2.0.1+dfsg/src/core.c:4638:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
out_cigar_writer_ptr+=sprintf(out_cigars[current_perfect_section_no]+out_cigar_writer_ptr, "%u%c", tmpi, ncch);
data/subread-2.0.1+dfsg/src/core.c:4680:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar_sec[100];
data/subread-2.0.1+dfsg/src/core.h:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_name[MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/core.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_name[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/core.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar[CORE_MAX_CIGAR_STR_LEN];
data/subread-2.0.1+dfsg/src/core.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char other_chro_name[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/core.h:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_text[MAX_READ_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qual_text[MAX_READ_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char additional_columns[CORE_ADDITIONAL_INFO_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_prefix[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first_read_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char second_read_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exon_annotation_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exon_annotation_file_screen_out[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exon_annotation_alias_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exon_annotation_gene_id_column[MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/core.h:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exon_annotation_feature_name_column[MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/core.h:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_group_id[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_group_txt[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_prefix[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_prefix[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/core.h:374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar_string[CORE_MAX_CIGAR_STR_LEN];
data/subread-2.0.1+dfsg/src/core.h:378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crirical_support[MAX_EVENTS_IN_READ];
data/subread-2.0.1+dfsg/src/coverage_calc.c:23:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/coverage_calc.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/coverage_calc.c:122:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*flags) = atoi(tmp_res);
data/subread-2.0.1+dfsg/src/coverage_calc.c:128:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*pos_1base) = atoi(tmp_res);
data/subread-2.0.1+dfsg/src/coverage_calc.c:137:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*tlen) = atoi(tmp_res);
data/subread-2.0.1+dfsg/src/coverage_calc.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char this_hit_bases[MAX_FRAGMENT_LENGTH];
data/subread-2.0.1+dfsg/src/coverage_calc.c:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_chro[200],chro[200], *rtext = NULL;
data/subread-2.0.1+dfsg/src/coverage_calc.c:177:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * Chros[ max_M ];
data/subread-2.0.1+dfsg/src/coverage_calc.c:183:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar_str[200];
data/subread-2.0.1+dfsg/src/coverage_calc.c:310:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[340];
data/subread-2.0.1+dfsg/src/coverage_calc.c:313:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fpo = fopen(out_name,"w");
data/subread-2.0.1+dfsg/src/coverage_calc.c:363:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_M = atoi(optarg);
data/subread-2.0.1+dfsg/src/del4-mmap-test.c:15:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/usr/local/work/liao/arena/del4.mem", O_TRUNC | O_CREAT|O_WRONLY , 0600);
data/subread-2.0.1+dfsg/src/del4-mmap-test.c:24:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/usr/local/work/liao/arena/del4.mem", O_RDWR);
data/subread-2.0.1+dfsg/src/detection-calls.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gene_name[FEATURE_NAME_LENGTH+2];
data/subread-2.0.1+dfsg/src/detection-calls.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_name[MAX_CHROMOSOME_NAME_LEN+2];
data/subread-2.0.1+dfsg/src/detection-calls.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/detection-calls.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char anno_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/detection-calls.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alias_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/detection-calls.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gene_id_column_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/detection-calls.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transcript_id_column_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/detection-calls.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char used_feature_type[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/detection-calls.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fasta_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/detection-calls.c:81:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(context -> fasta_file_name, "r");
data/subread-2.0.1+dfsg/src/detection-calls.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fasta_line[501];
data/subread-2.0.1+dfsg/src/detection-calls.c:172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tna [MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/detection-calls.c:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin_name[40];
data/subread-2.0.1+dfsg/src/detection-calls.c:207:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bin_name, "_fill_bin_%07d", context -> filled_bins++);
data/subread-2.0.1+dfsg/src/detection-calls.c:270:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tchro[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/detection-calls.c:435:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ret -> gene_id_column_name, "gene_id");
data/subread-2.0.1+dfsg/src/detection-calls.c:436:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ret -> transcript_id_column_name, "transcript_id");
data/subread-2.0.1+dfsg/src/detection-calls.c:437:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ret -> used_feature_type, "exon");
data/subread-2.0.1+dfsg/src/detection-calls.c:495:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret -> out_FP_genes = fopen(ret -> out_file_name,"w");
data/subread-2.0.1+dfsg/src/detection-calls.c:496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binfn[MAX_FILE_NAME_LENGTH+12];
data/subread-2.0.1+dfsg/src/detection-calls.c:498:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret -> out_FP_bins = fopen(binfn,"w");
data/subread-2.0.1+dfsg/src/filterJunctionTable.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_fl[200];
data/subread-2.0.1+dfsg/src/filterJunctionTable.c:74:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(strlen(chrostr)<3)strcpy(chro_mem, "chr");
data/subread-2.0.1+dfsg/src/filterJunctionTable.c:143:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro[20];
data/subread-2.0.1+dfsg/src/filterJunctionTable.c:145:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar[50];
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GTF_gene_id_column[MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GTF_wanted_feature_type[MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GTF_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_strand[MAX_CHROMOSOME_NAME_LEN+10+FEATURE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:309:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
context -> output_FP = fopen(context -> output_file_name, "w");
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:331:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(context.GTF_gene_id_column, "gene_id");
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:332:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(context.GTF_wanted_feature_type, "exon");
data/subread-2.0.1+dfsg/src/fullscan.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_rev_str[1208];
data/subread-2.0.1+dfsg/src/fullscan.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_str[1208];
data/subread-2.0.1+dfsg/src/fullscan.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table_fn[1250];
data/subread-2.0.1+dfsg/src/fullscan.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_name [MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/fullscan.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_str [1208];
data/subread-2.0.1+dfsg/src/gen_long_chromosomes.c:6:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int chromosomes = atoi(argv[1]);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char random_seeds[16];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transcript_fasta_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_prefix[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expression_level_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quality_string_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fake_quality_string[MAX_SIMULATION_READ_LEN+3];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:156:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(grc->random_seeds+8, &round_rand, sizeof(round_rand));
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_seq [grc -> read_length+1];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read_seq, seq, grc -> read_length);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAX_FILE_NAME_LENGTH+30];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:274:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * test_out = fopen(outname, "w");
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:476:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAX_FILE_NAME_LENGTH+30];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:491:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * sumfp = fopen(outname, "w");
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:499:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5res[16];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clinebuf[TRANSCRIPT_FASTA_LINE_WIDTH];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:529:40: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int md5i;for(md5i=0;md5i<16;md5i++)sprintf(md5mem+2*md5i, "%02X", 0xff&(int)md5res[md5i]);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:580:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int md5i;for(md5i=0;md5i<16;md5i++)sprintf(md5mem+2*md5i, "%02X", 0xff&(int)md5res[md5i]);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:671:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[400], * tokbuf=NULL;
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:718:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[400];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:729:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qstr, linebuf, rline);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:757:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clinebuf[TRANSCRIPT_FASTA_LINE_WIDTH];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:767:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * md5mem = malloc(33); unsigned char md5res[16];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:769:40: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int md5i;for(md5i=0;md5i<16;md5i++)sprintf(md5mem+2*md5i, "%02X", 0xff&(int)md5res[md5i]);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:826:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * md5mem = malloc(33); unsigned char md5res[16];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:828:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int md5i;for(md5i=0;md5i<16;md5i++)sprintf(md5mem+2*md5i, "%02X", 0xff&(int)md5res[md5i]);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:852:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAX_FILE_NAME_LENGTH+30];
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:855:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
grc->counts_out_fp = fopen(outname,"w");
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:920:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
grc.insertion_length_min = atoi(optarg);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:923:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
grc.insertion_length_max = atoi(optarg);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:929:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
grc.read_length = atoi(optarg);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:982:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(grc.random_seeds, &seed, sizeof(seed));
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:990:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delfn[30+MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[100];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:658:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[200];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:659:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar_piece [10];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:702:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_piece,"%dI", delta_i);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:709:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_piece,"%dD", delta_d);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:715:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_piece,"%I64d%c", last_tmpv, last_operation);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:717:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_piece,"%lld%c", last_tmpv, last_operation);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:752:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_piece,"%dI", delta_i);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:757:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_piece,"%dD", delta_d);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:766:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_piece,"%I64d%c", tmpv+last_tmpv, last_operation);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:768:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_piece,"%lld%c", tmpv+last_tmpv, last_operation);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:783:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar, "%dM", total_length);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:794:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%dM", len);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:799:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%dM", len);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:832:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+strlen(buf), "%d%c%dM", abs(offset), offset>0?'I':'D', base_end - cursor - (offset>0?offset:0));
data/subread-2.0.1+dfsg/src/gene-algorithms.c:837:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+strlen(buf), "%dM", base_end);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:976:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indel_operations[1500];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:978:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_cigar [EXON_MAX_CIGAR_LEN+1];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:991:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cigar, "%dM%d%c", head_start_point - max(head_indel_movement, 0), abs(head_indel_movement), head_indel_movement>0?'I':'D');
data/subread-2.0.1+dfsg/src/gene-algorithms.c:993:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cigar, "%dS", head_start_point);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1054:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cigar + vpos, "%d%c", last_operation==1?del_number:(current_pos - explain_cursor), last_operation==0?'M':(last_operation==1?'D':'I'));
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1062:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cigar + vpos, "%d%c", current_operation==1?del_number:(current_pos - explain_cursor), current_operation==1?'D':'I');
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1088:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cigar + vpos, "%dM%d%c", current_pos - explain_cursor , abs(movement), movement<0?'D':'I' );
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1090:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cigar + vpos, "%dM", current_pos - explain_cursor );
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1108:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(allvote -> max_indel_recorder + qid * allvote -> indel_recorder_length+1, max_indel_recorder, 3 * max_indel);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1115:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cigar+vpos,"%dM", tail_end_point - explain_cursor);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1123:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cigar+vpos, "%d%c%dM", abs(tail_indel_movement), tail_indel_movement<0?'I':'D', tail_len_m);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1125:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cigar+vpos, "%d%c", abs(tail_indel_movement), tail_indel_movement<0?'I':'D');
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1128:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_cigar+vpos, "%dS",read_len - tail_end_point );
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1148:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "/opt/Work2001/Gene-Search/src/GENE-LIB/%02da.fa", chron);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1150:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "/opt/Work2001/Gene-Search/src/GENE-LIB/%02d.fa", chron);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1257:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest -> indel_recorder[i][j], src -> indel_recorder[i][j], MAX_INDEL_TOLERANCE*3*sizeof(char));
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1261:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest -> max_indel_recorder, src -> indel_recorder[i][j], MAX_INDEL_TOLERANCE*3*sizeof(char));
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1291:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char anchor_read [ANCHORS_NUMBER];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_minor_breakeven [ANCHORS_NUMBER];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1595:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_matchingness [7][1250];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1788:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_str[200];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1964:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_tmp [1500];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1991:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(movement_buffer, out_tmp + out_pos +1, 1499 - out_pos);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_data[1250];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2424:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(refined_cigar,"%dS",first_confirmed_read_pos);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2455:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(refined_cigar+strlen(refined_cigar), "%d%c", out_len, cigar_txt[cigar_cursor]);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2468:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(refined_cigar+strlen(refined_cigar), "%I64d%c", x, cigar_txt[cigar_cursor]);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2470:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(refined_cigar+strlen(refined_cigar), "%lld%c", x, cigar_txt[cigar_cursor]);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2486:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(refined_cigar+strlen(refined_cigar),"%dS",rl-last_confirmed_read_pos);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2559:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ncg[100];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2570:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ncg2[103];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2572:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ncg2, "%I64d%c", tmpv, cc);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2574:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ncg2, "%lld%c", tmpv, cc);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2582:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ncg2[103];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2598:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cg[100];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2599:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cg,"10M8H20M9I100N30M");
data/subread-2.0.1+dfsg/src/gene-value-index.c:402:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret+iret, &key, sizeof(indel_record_t));
data/subread-2.0.1+dfsg/src/gene-value-index.c:525:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best_indels, indels, sizeof(short)*10);
data/subread-2.0.1+dfsg/src/gene-value-index.c:526:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best_indel_poses, indel_poses, sizeof(short)*10);
data/subread-2.0.1+dfsg/src/gene-value-index.c:652:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best_indels, indels, sizeof(short)*10);
data/subread-2.0.1+dfsg/src/gene-value-index.c:653:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best_indel_poses, indel_poses, sizeof(short)*10);
data/subread-2.0.1+dfsg/src/global-reassembly.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_file_name [MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/global-reassembly.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_file_name2 [MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/global-reassembly.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_file_name [MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/global-reassembly.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_file_prefix[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/global-reassembly.c:190:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(global_context -> contig_str + global_context->contig_len, bases, len);
data/subread-2.0.1+dfsg/src/global-reassembly.c:198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(global_context -> contig_str, bases, len);
data/subread-2.0.1+dfsg/src/global-reassembly.c:255:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
global_context -> fp_output = fopen(global_context -> output_file_name, "w");
data/subread-2.0.1+dfsg/src/global-reassembly.c:264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac_rand[13];
data/subread-2.0.1+dfsg/src/global-reassembly.c:269:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
system_random_fp = fopen("/dev/urandom","rb");
data/subread-2.0.1+dfsg/src/global-reassembly.c:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r2_rev[100];
data/subread-2.0.1+dfsg/src/global-reassembly.c:343:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r2_rev, r2 + r2_offset, r2len - r2_offset);
data/subread-2.0.1+dfsg/src/global-reassembly.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH],
data/subread-2.0.1+dfsg/src/global-reassembly.c:377:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_fragproperties = fopen(tmp_fname,"wb");
data/subread-2.0.1+dfsg/src/global-reassembly.c:380:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_fraglist = fopen(tmp_fname,"wb");
data/subread-2.0.1+dfsg/src/global-reassembly.c:394:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fq1fp = fopen(global_context -> input_file_name,"r");
data/subread-2.0.1+dfsg/src/global-reassembly.c:395:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fq2fp = fopen(global_context -> input_file_name2,"r");
data/subread-2.0.1+dfsg/src/global-reassembly.c:430:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_cigar[100];
data/subread-2.0.1+dfsg/src/global-reassembly.c:433:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_chro[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/global-reassembly.c:710:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH],
data/subread-2.0.1+dfsg/src/global-reassembly.c:721:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_fragproperties = fopen(tmp_fname,"rb");
data/subread-2.0.1+dfsg/src/global-reassembly.c:725:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_fraglist = fopen(tmp_fname,"rb");
data/subread-2.0.1+dfsg/src/global-reassembly.c:811:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH],
data/subread-2.0.1+dfsg/src/global-reassembly.c:822:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_fraglist = fopen(tmp_fname,"rb");
data/subread-2.0.1+dfsg/src/global-reassembly.c:1417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_mate_seq[1201];
data/subread-2.0.1+dfsg/src/global-reassembly.c:1477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spaces[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/global-reassembly.c:1520:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_tailK_bases[1000];
data/subread-2.0.1+dfsg/src/global-reassembly.c:1590:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best_bases_added , new_bases_added , new_bases_len);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1653:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[100];
data/subread-2.0.1+dfsg/src/global-reassembly.c:1674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/global-reassembly.c:1683:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(tmp_fname,"r");
data/subread-2.0.1+dfsg/src/global-reassembly.c:1690:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
global_context -> fd_fragproperties = open(tmp_fname,O_RDWR);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1764:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context -> maximum_mismatch_in20bp = atoi(optarg);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1785:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context -> minimum_contig_length = atoi(optarg);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1791:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context -> min_overlap_votes = atoi(optarg);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1794:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context -> min_extension_votes = atoi(optarg);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1803:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_context -> total_threads = atoi(optarg);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1806:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp_trim_qual = atoi(optarg);
data/subread-2.0.1+dfsg/src/hashtable.c:82:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret -> elementList, ori -> elementList, sizeof(void *)*ret -> capacityOfElements);
data/subread-2.0.1+dfsg/src/hashtable.c:173:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list -> elementList + start, merged, sizeof(void *) * (items + items2));
data/subread-2.0.1+dfsg/src/index-builder.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window [16], last_color_base=-1, last_last_color_base=-1;
data/subread-2.0.1+dfsg/src/index-builder.c:477:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char * huge_index[128];
data/subread-2.0.1+dfsg/src/index-builder.c:523:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window [16], last_color_base=-1, last_last_color_base=-1;
data/subread-2.0.1+dfsg/src/index-builder.c:1014:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_file[MAX_FILE_NAME_LENGTH], c, tmp_fa_file[MAX_FILE_NAME_LENGTH], log_file_name[MAX_FILE_NAME_LENGTH+20];
data/subread-2.0.1+dfsg/src/index-builder.c:1015:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr_tmp_fa_file[1];
data/subread-2.0.1+dfsg/src/index-builder.c:1054:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memory_limit = atoi(optarg);
data/subread-2.0.1+dfsg/src/index-builder.c:1057:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threshold = atoi(optarg);
data/subread-2.0.1+dfsg/src/index-builder.c:1225:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_fa_file, output_file, x1);
data/subread-2.0.1+dfsg/src/index-builder.c:1230:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(tmp_fa_file[0]==0)strcpy(tmp_fa_file, "./");
data/subread-2.0.1+dfsg/src/index-builder.c:1233:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_fa_file+strlen(tmp_fa_file), "/subread-index-sam-%06u-%06d", getpid(),(int)(time(NULL) % 1000000));
data/subread-2.0.1+dfsg/src/index-builder.c:1235:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_fa_file+strlen(tmp_fa_file), "/subread-index-sam-%06u-XXXXXX", getpid());
data/subread-2.0.1+dfsg/src/index-builder.c:1236:15: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int tmpfdd = mkstemp(tmp_fa_file);
data/subread-2.0.1+dfsg/src/input-blc.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_format_string[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/input-blc.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter_format_string[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/input-blc.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testfile_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/input-blc.c:63:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(testfile_name,"rb");
data/subread-2.0.1+dfsg/src/input-blc.c:68:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[MAX_READ_LENGTH];
data/subread-2.0.1+dfsg/src/input-blc.c:79:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(ii == 0) my_index = atoi(sec);
data/subread-2.0.1+dfsg/src/input-blc.c:80:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(ii == 2) rlen = atoi(sec);
data/subread-2.0.1+dfsg/src/input-blc.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/input-blc.c:229:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
blc_input -> bcl_fps[fii] = fopen(fname, "rb");
data/subread-2.0.1+dfsg/src/input-blc.c:248:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
blc_input -> filter_fp = fopen(fname, "rb");
data/subread-2.0.1+dfsg/src/input-blc.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_FILE_NAME_LENGTH+1];
data/subread-2.0.1+dfsg/src/input-blc.c:427:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(read_name, "R%011I64u:", rno);
data/subread-2.0.1+dfsg/src/input-blc.c:429:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(read_name, "R%011llu:", rno);
data/subread-2.0.1+dfsg/src/input-blc.c:437:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(read_name +16 +2*base_offset, "|L%03d" , cache_input -> lane_no_in_chunk[cache_input -> read_no_in_chunk]);
data/subread-2.0.1+dfsg/src/input-blc.c:501:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(readname, "R%011I64u:", blc_input -> read_number +1);
data/subread-2.0.1+dfsg/src/input-blc.c:503:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(readname, "R%011llu:", blc_input -> read_number +1);
data/subread-2.0.1+dfsg/src/input-blc.c:514:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(readname +16 +2*base_offset, "|L%03d" , blc_input -> current_lane);
data/subread-2.0.1+dfsg/src/input-blc.c:672:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(fname, "rb");
data/subread-2.0.1+dfsg/src/input-blc.c:674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/input-blc.c:686:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lane_no = atoi(strtok_r(linebuf, ",", &tokp));
data/subread-2.0.1+dfsg/src/input-blc.c:721:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fl[MAX_BARCODE_LEN+1];
data/subread-2.0.1+dfsg/src/input-blc.c:793:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpc [MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/input-blc.c:807:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpc, cell_barcode, cell_barcode_length);
data/subread-2.0.1+dfsg/src/input-blc.c:873:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int testing_reads = atoi(argv[4]);
data/subread-2.0.1+dfsg/src/input-blc.c:904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bctmp[MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/input-blc.c:935:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[MAX_READ_LENGTH], qual[MAX_READ_LENGTH], rname[MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/input-blc.c:994:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[1000], qual[1000], rname[200];
data/subread-2.0.1+dfsg/src/input-blc.c:1016:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[1000], qual[1000], rname[200];
data/subread-2.0.1+dfsg/src/input-blc.c:1036:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[1000], qual[1000], rname[200];
data/subread-2.0.1+dfsg/src/input-files.c:52:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(fname, mode);
data/subread-2.0.1+dfsg/src/input-files.c:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_ret, old_pntr, old_size);
data/subread-2.0.1+dfsg/src/input-files.c:84:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, in, ilen);
data/subread-2.0.1+dfsg/src/input-files.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[MAX_READ_LENGTH] , qbuf[MAX_READ_LENGTH];
data/subread-2.0.1+dfsg/src/input-files.c:388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_buff[3001];
data/subread-2.0.1+dfsg/src/input-files.c:420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_buff[MAX_READ_LENGTH];
data/subread-2.0.1+dfsg/src/input-files.c:744:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_buff [3001];
data/subread-2.0.1+dfsg/src/input-files.c:750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask_buf[5];
data/subread-2.0.1+dfsg/src/input-files.c:777:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int flags = atoi(mask_buf) ;
data/subread-2.0.1+dfsg/src/input-files.c:828:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf [MAX_READ_LENGTH+2];
data/subread-2.0.1+dfsg/src/input-files.c:1316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ncig[EXON_MAX_CIGAR_LEN];
data/subread-2.0.1+dfsg/src/input-files.c:1329:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wi += sprintf(ncig + wi, "%dM", tmpM);
data/subread-2.0.1+dfsg/src/input-files.c:1333:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else wi += sprintf(ncig + wi, "%d%c", tmpi, nch);
data/subread-2.0.1+dfsg/src/input-files.c:1339:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cig, ncig, wi+1);
data/subread-2.0.1+dfsg/src/input-files.c:1545:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buffer [3000];
data/subread-2.0.1+dfsg/src/input-files.c:1601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char event_token[100];
data/subread-2.0.1+dfsg/src/input-files.c:1660:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ins_seq_2, ins_seq, -indels);
data/subread-2.0.1+dfsg/src/input-files.c:1705:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_suffix[MAX_CHROMOSOME_NAME_LEN+20];
data/subread-2.0.1+dfsg/src/input-files.c:1760:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(get_read_block(chro, atoi(pos_str) , temp_file_suffix, known_chromosomes, &max_section_pos))continue;
data/subread-2.0.1+dfsg/src/input-files.c:1767:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
datum.pos = atoi(pos_str);
data/subread-2.0.1+dfsg/src/input-files.c:1784:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buffer [3000];
data/subread-2.0.1+dfsg/src/input-files.c:1803:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int max_open_file = atoi(fns);
data/subread-2.0.1+dfsg/src/input-files.c:1875:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_name[MAX_READ_NAME_LEN], chro[MAX_CHROMOSOME_NAME_LEN], cigar[EXON_MAX_CIGAR_LEN], sequence[MAX_READ_LENGTH+1], quality_string[MAX_READ_LENGTH+1];
data/subread-2.0.1+dfsg/src/input-files.c:1879:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_suffix[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/input-files.c:1880:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/input-files.c:2113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_gene_name[MAX_GENE_NAME_LEN];
data/subread-2.0.1+dfsg/src/input-files.c:2134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1200], this_gene_name[MAX_GENE_NAME_LEN], chromosome_name[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/input-files.c:2244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char del2[MAX_FILE_NAME_LENGTH], del_suffix[MAX_FILE_NAME_LENGTH], del_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/input-files.c:2256:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(del2, prefix, last_slash);
data/subread-2.0.1+dfsg/src/input-files.c:2571:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dlen, hashed_obj,4);
data/subread-2.0.1+dfsg/src/input-files.c:2612:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gz_header_12 [12];
data/subread-2.0.1+dfsg/src/input-files.c:2623:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&xlen, gz_header_12 + 10, 2);
data/subread-2.0.1+dfsg/src/input-files.c:2627:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x_header_4[4];
data/subread-2.0.1+dfsg/src/input-files.c:2634:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&slen, x_header_4+2 , 2);
data/subread-2.0.1+dfsg/src/input-files.c:2835:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq_len, bin_where + 20, 4);
data/subread-2.0.1+dfsg/src/input-files.c:2837:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&name_len, bin_where + 12, 4);
data/subread-2.0.1+dfsg/src/input-files.c:2839:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cigar_ops, bin_where + 16, 4);
data/subread-2.0.1+dfsg/src/input-files.c:2850:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin_where + 20, &seq_len, 4);
data/subread-2.0.1+dfsg/src/input-files.c:2856:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin_where, bin_len, 4);
data/subread-2.0.1+dfsg/src/input-files.c:2902:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_txt + ref_bin_len, &l_name, 4);
data/subread-2.0.1+dfsg/src/input-files.c:2909:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_txt + ref_bin_len, &l_ref, 4);
data/subread-2.0.1+dfsg/src/input-files.c:2931:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&record_len, thread_context -> input_buff_BIN + thread_context -> input_buff_BIN_ptr, 4);
data/subread-2.0.1+dfsg/src/input-files.c:2943:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(margin_data, &margin_size, 4);
data/subread-2.0.1+dfsg/src/input-files.c:2944:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(margin_data+4, thread_context -> input_buff_BIN + thread_context -> input_buff_BIN_ptr, thread_context -> input_buff_BIN_used - thread_context -> input_buff_BIN_ptr);
data/subread-2.0.1+dfsg/src/input-files.c:2946:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(margin_key,"E%lu", (unsigned long)thread_context -> input_buff_SBAM_file_end);
data/subread-2.0.1+dfsg/src/input-files.c:2948:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(margin_key,"E%llu", thread_context -> input_buff_SBAM_file_end);
data/subread-2.0.1+dfsg/src/input-files.c:2964:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq_len, thread_context -> input_buff_BIN + thread_context -> input_buff_BIN_ptr + 16, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3042:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_start + header_bin_ptr, &sqname_len, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3044:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_start + header_bin_ptr, sqname, sqname_len-1);
data/subread-2.0.1+dfsg/src/input-files.c:3052:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_start + header_bin_ptr, &ct_len, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3088:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_sec, &reflen, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3089:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_sec + 4, ref, reflen);
data/subread-2.0.1+dfsg/src/input-files.c:3098:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem_ref, ref, reflen);
data/subread-2.0.1+dfsg/src/input-files.c:3199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin_tmp + 36, read_name, l_read_name);
data/subread-2.0.1+dfsg/src/input-files.c:3275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftxt[30];
data/subread-2.0.1+dfsg/src/input-files.c:3288:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( bin_tmp + bin_ptr + 3, &fv, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttxt[30], *elen_ptr = NULL;;
data/subread-2.0.1+dfsg/src/input-files.c:3315:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( bin_tmp + bin_ptr, &fv, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3317:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iv = atoi(ttxt);
data/subread-2.0.1+dfsg/src/input-files.c:3318:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( bin_tmp + bin_ptr, &iv, elembytes_no);
data/subread-2.0.1+dfsg/src/input-files.c:3333:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if((!pairer -> tiny_mode)) memcpy(elen_ptr, & eles, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3373:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outc[3];
data/subread-2.0.1+dfsg/src/input-files.c:3404:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&skip_content, bin + bin_cursor + 4, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3428:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saved_value, data_ptr, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3430:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saved_value, data_ptr, 2);
data/subread-2.0.1+dfsg/src/input-files.c:3432:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saved_value, data_ptr, 1);
data/subread-2.0.1+dfsg/src/input-files.c:3454:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&refID, bin + 4, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3455:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pos, bin + 8, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3456:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpi, bin + 12, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3458:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpi, bin + 16, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3462:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&next_refID, bin + 24, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3463:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&next_pos, bin + 28, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3464:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_name, bin+36, l_read_name);
data/subread-2.0.1+dfsg/src/input-files.c:3491:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&l_seq, bin + 20, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3507:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
rlen = slash_pos + sprintf(full_name+slash_pos, "\027%d\027%u\027%d\027%u\027%d", r1_refID, old_read_pos, r2_refID, new_dummy_pos, HItag);
data/subread-2.0.1+dfsg/src/input-files.c:3520:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( bam_thread -> BIN_buffer, "BAM\1", 4 );
data/subread-2.0.1+dfsg/src/input-files.c:3521:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( bam_thread -> BIN_buffer + 4 , & items , 4 );
data/subread-2.0.1+dfsg/src/input-files.c:3524:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( bam_thread -> BIN_buffer , & items , 4 );
data/subread-2.0.1+dfsg/src/input-files.c:3530:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_thread -> BIN_buffer + BIN_block_cursor , bin + bin_cursor, write_text_len);
data/subread-2.0.1+dfsg/src/input-files.c:3551:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block1len, bin1, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3552:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&old_read_chro, bin1 + 4, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3553:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&old_read_pos, bin1 + 8, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3555:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_dummy_chro, bin1 + 24, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3556:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_dummy_pos, bin1 + 28, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3563:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq_len, bin1 + 20,4);
data/subread-2.0.1+dfsg/src/input-files.c:3565:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&old_read_FLAG, bin1 + 16, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3584:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mate_tlen, bin1 + 32, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3603:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2+4, &new_dummy_chro,4);
data/subread-2.0.1+dfsg/src/input-files.c:3604:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2+8, &new_dummy_pos,4);
data/subread-2.0.1+dfsg/src/input-files.c:3605:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2+12, &bin_mq_nl, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3606:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2+16, &new_dummy_FLAG, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3609:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2+20, &new_dummy_FLAG, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3610:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2+24, &old_read_chro, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3611:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2+28, &old_read_pos, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3614:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2+32, &mate_tlen, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3615:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2+36, realname, len_name+1);
data/subread-2.0.1+dfsg/src/input-files.c:3627:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2 + (tag_ptr++), &HItag, 1);
data/subread-2.0.1+dfsg/src/input-files.c:3631:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2 + 36 + len_name+6, &HItag, 2);
data/subread-2.0.1+dfsg/src/input-files.c:3635:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2 + 36 + len_name+6, &HItag, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3644:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2 + (tag_ptr++), &NHtag, 1);
data/subread-2.0.1+dfsg/src/input-files.c:3648:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2 + 36 + len_name+6, &NHtag, 2);
data/subread-2.0.1+dfsg/src/input-files.c:3652:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2 + 36 + len_name+6, &NHtag, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3669:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_bin2,&all_len,4);
data/subread-2.0.1+dfsg/src/input-files.c:3731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy_bin2 [MAX_READ_NAME_LEN*2 + 180 ];
data/subread-2.0.1+dfsg/src/input-files.c:3738:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bin_len1, bin1, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3742:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bin_len2, bin2, 4);
data/subread-2.0.1+dfsg/src/input-files.c:3755:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( bam_thread -> BIN_buffer + bam_thread -> BIN_buffer_ptr, bin1, bin_len1 );
data/subread-2.0.1+dfsg/src/input-files.c:3757:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( bam_thread -> BIN_buffer + bam_thread -> BIN_buffer_ptr + bin_len1, bin2, bin_len2 );
data/subread-2.0.1+dfsg/src/input-files.c:3776:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem_name, read_full_name, read_name_len);
data/subread-2.0.1+dfsg/src/input-files.c:3780:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem_bin, bin , bin_len);
data/subread-2.0.1+dfsg/src/input-files.c:3793:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem_bin, bin , bin_len);
data/subread-2.0.1+dfsg/src/input-files.c:3796:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mem_name, "B:%u:%d", chunk_number , (readno_in_chunk>0)?1:0);
data/subread-2.0.1+dfsg/src/input-files.c:3800:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mem_bin,"%010u %d", chunk_number, (readno_in_chunk>0)?1:0);
data/subread-2.0.1+dfsg/src/input-files.c:3809:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_full_name[ MAX_READ_NAME_LEN*2 +80 ]; // rname:chr_r1:pos_r1:chr_r2:pos_r2:HI_tag
data/subread-2.0.1+dfsg/src/input-files.c:3840:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> immediate_last_read_bin, bin, bin_len);
data/subread-2.0.1+dfsg/src/input-files.c:3906:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( sort_data[0] + start, tmp_name_list, sizeof(char *) * (items+items2) );
data/subread-2.0.1+dfsg/src/input-files.c:3907:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( sort_data[1] + start, tmp_bin_list, sizeof(char *) * (items+items2) );
data/subread-2.0.1+dfsg/src/input-files.c:3966:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int i1 = (unsigned int) atoi(c1);
data/subread-2.0.1+dfsg/src/input-files.c:3967:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int i2 = (unsigned int) atoi(c2);
data/subread-2.0.1+dfsg/src/input-files.c:3985:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH+30];
data/subread-2.0.1+dfsg/src/input-files.c:3992:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * out_fp = fopen(tmp_fname, "wb");
data/subread-2.0.1+dfsg/src/input-files.c:4061:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &rbinlen, bin_tmp1 , 4);
data/subread-2.0.1+dfsg/src/input-files.c:4096:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH+50];
data/subread-2.0.1+dfsg/src/input-files.c:4102:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * in_fp = fopen(tmp_fname, "rb");
data/subread-2.0.1+dfsg/src/input-files.c:4116:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * tfp = fopen(tmp_fname, "w");
data/subread-2.0.1+dfsg/src/input-files.c:4128:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * in_fp = fopen(tmp_fname, "rb");
data/subread-2.0.1+dfsg/src/input-files.c:4154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH+50];
data/subread-2.0.1+dfsg/src/input-files.c:4157:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * in_fp = fopen(tmp_fname, "rb");
data/subread-2.0.1+dfsg/src/input-files.c:4173:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
level_merge_fps[0] = fopen(tmp_fname, "rb");
data/subread-2.0.1+dfsg/src/input-files.c:4195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH+60];
data/subread-2.0.1+dfsg/src/input-files.c:4206:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * in_fp = fopen(tmp_fname, "rb");
data/subread-2.0.1+dfsg/src/input-files.c:4215:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * in_fp = fopen(tmp_fname, "rb");
data/subread-2.0.1+dfsg/src/input-files.c:4342:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ** sort_data[2];
data/subread-2.0.1+dfsg/src/input-files.c:4347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH+40];
data/subread-2.0.1+dfsg/src/input-files.c:4349:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * tmp_fp = fopen(tmp_fname, "wb");
data/subread-2.0.1+dfsg/src/input-files.c:4354:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bin_len, bin_list[x1] , 4);
data/subread-2.0.1+dfsg/src/input-files.c:4355:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int namelen = strlen((char *)name_list[x1]);
data/subread-2.0.1+dfsg/src/input-files.c:4380:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block_len, bin, 4);
data/subread-2.0.1+dfsg/src/input-files.c:4384:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&refID, bin + 4, 4);
data/subread-2.0.1+dfsg/src/input-files.c:4385:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mate_refID, bin + 24, 4);
data/subread-2.0.1+dfsg/src/input-files.c:4389:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&l_seq, bin + 20, 4);
data/subread-2.0.1+dfsg/src/input-files.c:4393:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&min_mq_nl, bin + 12, 4);
data/subread-2.0.1+dfsg/src/input-files.c:4397:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&flag_nc, bin + 16, 4);
data/subread-2.0.1+dfsg/src/input-files.c:4417:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cigar_v , bin + 36 + name_len + 4*cigar_i, 4);
data/subread-2.0.1+dfsg/src/input-files.c:4476:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(margin_data, &start_pos, 4);
data/subread-2.0.1+dfsg/src/input-files.c:4477:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(margin_data+4, thread_context -> input_buff_BIN, start_pos);
data/subread-2.0.1+dfsg/src/input-files.c:4479:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(margin_key,"S%lu", (unsigned long) thread_context -> input_buff_SBAM_file_start);
data/subread-2.0.1+dfsg/src/input-files.c:4481:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(margin_key,"S%llu", thread_context -> input_buff_SBAM_file_start);
data/subread-2.0.1+dfsg/src/input-files.c:4566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyS [40];
data/subread-2.0.1+dfsg/src/input-files.c:4581:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&Elen, Ebin, 4);
data/subread-2.0.1+dfsg/src/input-files.c:4582:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&Slen, Sbin, 4);
data/subread-2.0.1+dfsg/src/input-files.c:4584:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tb, Ebin+4, Elen);
data/subread-2.0.1+dfsg/src/input-files.c:4585:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tb+ Elen, Sbin+4, Slen);
data/subread-2.0.1+dfsg/src/input-files.c:4804:74: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define FIX_APPEND_OUT(p, c) { if(out_bin_ptr > 60002){FIX_FLASH_OUT} ; memcpy(out_bin + out_bin_ptr, p, c); out_bin_ptr +=c ; }
data/subread-2.0.1+dfsg/src/input-files.c:4805:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define FIX_APPEND_READ(p, c){ memcpy(out_bin + out_bin_ptr, p, c); out_bin_ptr +=c ; }
data/subread-2.0.1+dfsg/src/input-files.c:4810:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfname [MAX_FILE_NAME_LENGTH+14], readname[256];
data/subread-2.0.1+dfsg/src/input-files.c:5053:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block_size_ptr, &new_block_size, 4);
data/subread-2.0.1+dfsg/src/input-files.c:5145:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&record_len, thread_context -> input_buff_SBAM + thread_context -> input_buff_SBAM_ptr, 4);
data/subread-2.0.1+dfsg/src/input-files.c:5148:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read_ptr_1 , thread_context -> input_buff_SBAM + thread_context -> input_buff_SBAM_ptr, 4 + record_len);
data/subread-2.0.1+dfsg/src/input-files.c:5149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq_len1, thread_context -> input_buff_SBAM + thread_context -> input_buff_SBAM_ptr + 20, 4);
data/subread-2.0.1+dfsg/src/input-files.c:5152:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&record_len, thread_context -> input_buff_SBAM + thread_context -> input_buff_SBAM_ptr, 4);
data/subread-2.0.1+dfsg/src/input-files.c:5154:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read_ptr_2 , thread_context -> input_buff_SBAM + thread_context -> input_buff_SBAM_ptr, 4 + record_len);
data/subread-2.0.1+dfsg/src/input-files.c:5155:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq_len2, thread_context -> input_buff_SBAM + thread_context -> input_buff_SBAM_ptr + 20, 4);
data/subread-2.0.1+dfsg/src/input-files.c:5281:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_txt + ref_bin_len, &l_name, 4);
data/subread-2.0.1+dfsg/src/input-files.c:5288:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_txt + ref_bin_len, &l_ref, 4);
data/subread-2.0.1+dfsg/src/input-files.c:5330:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_thread -> input_buff_SBAM + this_thread -> input_buff_SBAM_used , &record_len, 4);
data/subread-2.0.1+dfsg/src/input-files.c:5405:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_bin + header_bin_ptr, &sqname_len, 4);
data/subread-2.0.1+dfsg/src/input-files.c:5407:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_bin + header_bin_ptr, sqname, sqname_len-1);
data/subread-2.0.1+dfsg/src/input-files.c:5415:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header_bin + header_bin_ptr, &ct_len, 4);
data/subread-2.0.1+dfsg/src/input-files.c:5465:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_thread -> input_buff_SBAM + this_thread -> input_buff_SBAM_used , line_ptr, record_len);
data/subread-2.0.1+dfsg/src/input-files.c:5650:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH+40], mac_rand[13];
data/subread-2.0.1+dfsg/src/input-files.c:5663:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writer -> tmp_path, output_file, slash_pos+1);
data/subread-2.0.1+dfsg/src/input-files.c:5689:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_str[10];
data/subread-2.0.1+dfsg/src/input-files.c:5737:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfname[MAX_FILE_NAME_LENGTH+40];
data/subread-2.0.1+dfsg/src/input-files.c:5807:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfname[MAX_FILE_NAME_LENGTH+40];
data/subread-2.0.1+dfsg/src/input-files.c:5875:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy_mate_chr_buf[120];
data/subread-2.0.1+dfsg/src/input-files.c:5910:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dummy_mate_chr_buf, dummy_mate_chr, read_line_buf +dummy_char_strpos - dummy_mate_chr);
data/subread-2.0.1+dfsg/src/input-files.c:5913:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hi_tag_out[18];
data/subread-2.0.1+dfsg/src/input-files.c:5914:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nh_tag_out[18];
data/subread-2.0.1+dfsg/src/input-files.c:6001:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nh_tag_out[18];
data/subread-2.0.1+dfsg/src/input-files.c:6002:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hi_tag_out[18];
data/subread-2.0.1+dfsg/src/input-files.c:6059:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_name[MAX_READ_NAME_LEN + MAX_CHROMOSOME_NAME_LEN * 2 + 26];
data/subread-2.0.1+dfsg/src/input-files.c:6060:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chromosome_1_name[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/input-files.c:6061:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chromosome_2_name[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/input-files.c:6156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hi_key [13];
data/subread-2.0.1+dfsg/src/input-files.c:6158:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hi_key, ":%d", hi_tag);
data/subread-2.0.1+dfsg/src/input-files.c:6176:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfname[MAX_FILE_NAME_LENGTH+40];
data/subread-2.0.1+dfsg/src/input-files.c:6213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_name[MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/input-files.c:6271:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(fname,"r");
data/subread-2.0.1+dfsg/src/input-files.c:6366:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_chr[16];
data/subread-2.0.1+dfsg/src/input-files.c:6367:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_chr, l, 16);
data/subread-2.0.1+dfsg/src/input-files.c:6656:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_t1chro [MAX_CHROMOSOME_NAME_LEN+1];
data/subread-2.0.1+dfsg/src/input-files.c:6682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[3000], tmp_rname[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/input-files.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_path[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/input-files.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char immediate_last_read_bin[FC_LONG_READ_RECORD_HARDLIMIT];
data/subread-2.0.1+dfsg/src/input-files.h:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char immediate_last_read_full_name[MAX_READ_NAME_LEN*2 +80 ];
data/subread-2.0.1+dfsg/src/input-files.h:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_file_prefix[MAX_FILE_NAME_LENGTH+1];
data/subread-2.0.1+dfsg/src/input-files.h:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_file_name[MAX_FILE_NAME_LENGTH+1];
data/subread-2.0.1+dfsg/src/input-files.h:178:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char BIN_buffer[SAM_PAIRER_WRITE_BUFFER];
data/subread-2.0.1+dfsg/src/input-files.h:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bam_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/interval_merge.c:109:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inbuff, q1, 4*12);
data/subread-2.0.1+dfsg/src/interval_merge.c:113:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inbuff, q2, 4*12);
data/subread-2.0.1+dfsg/src/interval_merge.c:117:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inbuff, q3, 4*12);
data/subread-2.0.1+dfsg/src/interval_merge.c:121:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inbuff, q4, 4*12);
data/subread-2.0.1+dfsg/src/interval_merge.c:125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inbuff, q5, 4*12);
data/subread-2.0.1+dfsg/src/long-hashtable.c:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buck->key_array + start, tmpk_arr, sizeof(gehash_key_t ) * (items + items2));
data/subread-2.0.1+dfsg/src/long-hashtable.c:204:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buck->value_array + start, tmpd_arr, sizeof(lnhash_data_t) * (items + items2));
data/subread-2.0.1+dfsg/src/long-hashtable.c:337:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, arr + i, sizeof(lnhash_vote_record_t));
data/subread-2.0.1+dfsg/src/long-hashtable.c:338:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr + i, arr + j, sizeof(lnhash_vote_record_t));
data/subread-2.0.1+dfsg/src/long-hashtable.c:339:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr + j, &tmp, sizeof(lnhash_vote_record_t));
data/subread-2.0.1+dfsg/src/long-hashtable.c:359:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arrtmp+xk1, arr+start+cursor_1, sizeof(lnhash_vote_record_t));
data/subread-2.0.1+dfsg/src/long-hashtable.c:363:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arrtmp+xk1, arr+start+items1+cursor_2, sizeof(lnhash_vote_record_t));
data/subread-2.0.1+dfsg/src/long-hashtable.c:368:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr + start, arrtmp, sizeof(lnhash_vote_record_t) * (items1 + items2));
data/subread-2.0.1+dfsg/src/long-hashtable.c:393:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + ret_items, rec, sizeof(lnhash_vote_record_t));
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:87:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(filename, "rb");
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char postxt[100];
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char postxt[100];
data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(records + start, merged_records, sizeof(int) * (items+items2));
data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c:145:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(prev_event) memcpy(new_space+(new_space_used++), prev_event, sizeof(LRMevent_t));
data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c:181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos1txt[100], pos2txt[100];
data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c:204:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context -> event_space+context -> event_number, new_event, sizeof(LRMevent_t));
data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c:323:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int splen = sprintf(move_buff + last_M - 10, "%dS", Ss);
data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c:394:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char postxt[100];
data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char postxt[100];
data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c:587:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char postxt[100];
data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c:771:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
moves = sprintf(indel_movement_buff + this_movement_start, "%dS", bases_in_read);
data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c:805:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
iii = sprintf(indel_movement_buff + this_movement_start, "%dS",head_SS);
data/subread-2.0.1+dfsg/src/longread-one/LRMchro-event.c:808:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(tail_SS>0)moves += sprintf(indel_movement_buff + this_movement_start + moves, "%dS",tail_SS);
data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_indel_cursor[LRMGENE_VOTE_TABLE_SIZE][LRMGENE_VOTE_SPACE];
data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_name[LRMMAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_text[LRMMAX_READ_LENGTH];
data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qual_text[LRMMAX_READ_LENGTH];
data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename [LRMMAX_FILENAME_LENGTH];
data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_command_line[10000];
data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_file_name [LRMMAX_FILENAME_LENGTH];
data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_file_name [LRMMAX_FILENAME_LENGTH];
data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_prefix [LRMMAX_FILENAME_LENGTH];
data/subread-2.0.1+dfsg/src/longread-one/LRMconfig.h:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bam_file_tail_binary[200];
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:39:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * TMP_FP = fopen(filename, "rb");
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:277:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_ptr+4, &chro_number, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:278:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_ptr+8, &chro_pos, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:282:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_ptr+20, &iteration_context->read_length, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:284:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_ptr+24, &next_non, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:285:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_ptr+28, &next_non, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:287:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_ptr+36, iteration_context->read_name, name_len);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:292:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_ptr+16, &flag_nc, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:297:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_ptr+12, &bin_mq_nl, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:302:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_ptr+bin_ptr, "NM",2);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_ptr, &bin_ptr, 4); // block len not include itself.
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:352:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_buf+10, &tmpi, 2); //XLSN
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_buf+14, &tmpi, 2); //BSIZE
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:358:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_buf+16, &tmpi, 2); //BSIZE
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:360:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_buf+18+compressed_size, &CRC32, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:361:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_buf+18+compressed_size+4, &bin_len, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[LRMMAX_FILENAME_LENGTH+20];
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:405:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fn, "r");
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:468:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> out_SAMBAM_buffer,"BAM\1",4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:481:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wrlen = sprintf(header_line, "@HD\tVN:1.0\tSO:unsorted\n");
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:490:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> out_SAMBAM_buffer + thread_context -> out_buff_used,header_line,wrlen);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:500:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> out_SAMBAM_buffer+4, &BAM_text_len, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:501:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> out_SAMBAM_buffer + thread_context -> out_buff_used, &context ->sam_bam_chromosome_list->numOfElements , 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:509:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> out_SAMBAM_buffer+thread_context -> out_buff_used, &chro_namelen, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:511:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> out_SAMBAM_buffer+thread_context -> out_buff_used, chro_name, chro_namelen);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:514:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> out_SAMBAM_buffer+thread_context -> out_buff_used, &chro_length, 4);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:561:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compressed_data [66666];
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:574:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> out_SAMBAM_buffer + compressed_cursor, compressed_data, compressed_len);
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.c:117:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp -> gz_fp = fopen(fname, "rb");
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.c:140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos -> dict_window, fp -> block_dict_window, fp -> block_dict_window_size);
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.c:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp -> block_dict_window, pos -> dict_window, pos -> block_dict_window_size);
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp -> dict_window, pos -> dict_window, pos -> block_dict_window_size);
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.c:260:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(one_length > 0)memcpy(fp -> dict_window + one_dst_start, fp -> current_chunk_txt + one_src_start, one_length);
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.c:262:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp -> dict_window + two_dst_start, fp -> current_chunk_txt + two_src_start, two_length);
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.c:314:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp -> block_dict_window , fp -> dict_window, fp -> dict_window_used);
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.c:316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp -> block_dict_window , fp -> dict_window + fp -> dict_window_pointer, SEEKGZ_ZLIB_WINDOW_SIZE - fp -> dict_window_pointer);
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.c:317:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp -> block_dict_window + SEEKGZ_ZLIB_WINDOW_SIZE - fp -> dict_window_pointer, fp -> dict_window, fp -> dict_window_pointer);
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dict_window[SEEKGZ_ZLIB_WINDOW_SIZE];
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_dict_window[SEEKGZ_ZLIB_WINDOW_SIZE];
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dict_window[SEEKGZ_ZLIB_WINDOW_SIZE];
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tabname[LRMMAX_FILENAME_LENGTH];
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic_chars[8];
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:262:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(tabname, "rb");
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:265:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(tabname, "rb");
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic_chars[8];
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:318:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(fname, "rb");
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:530:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_pos_stack[10]; // max error bases = 10;
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:538:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mutation_stack[10];
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:563:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin_mutation_key[53], bin_key[53];
data/subread-2.0.1+dfsg/src/longread-one/LRMsorted-hashtable.c:631:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char postxt[100];
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:140:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*context)->multi_best_read_alignments = min(max(1,atoi(optarg)),20);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:164:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*context) -> threads = min(max(1,atoi(optarg)),LRMMAX_THREADS);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:167:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*context) -> min_voting_number = atoi(optarg);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:212:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(*context)->sam_bam_file = fopen( (*context) -> output_file_name, "w");
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indextab_fname[LRMMAX_FILENAME_LENGTH + 20];
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:552:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iteration_context -> sorting_vote_locations + start , tmp_locs, sizeof(unsigned int) * (items + items2));
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:553:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iteration_context -> sorting_subread_nos + start , tmp_subread_nos, sizeof(unsigned int) * (items + items2));
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:554:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iteration_context -> sorting_subread_votes + start , tmp_votes, sizeof(unsigned short) * (items + items2));
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:555:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iteration_context -> sorting_is_negative_strand + start , tmp_negative, sizeof(unsigned int) * (items + items2));
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:569:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char postxt[55];
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:583:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char postxt[55];
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char postxt[55];
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:969:64: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
thread_context -> dynamic_programming_indel_movement_start += sprintf( thread_context -> dynamic_programming_indel_movement_buf + thread_context -> dynamic_programming_indel_movement_start, "%dM/", iteration_context -> chain_cov_end[subread_no] - iteration_context -> chain_cov_start[subread_no] - middle_delta);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:1015:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wcur += sprintf( thread_context -> final_cigar_string + wcur, "%d%c", repeat_i, old_opt );
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:1028:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( thread_context -> final_cigar_string + wcur, "%d%c", repeat_i, old_opt );
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:1088:66: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
thread_context -> dynamic_programming_indel_movement_start += sprintf( thread_context -> dynamic_programming_indel_movement_buf + thread_context -> dynamic_programming_indel_movement_start, "%dM%d%c%dM/", gap_read_M_L,abs(indel_after_M), indel_move, gap_read_M_R);
data/subread-2.0.1+dfsg/src/mergeVCF.c:13:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/mergeVCF.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_1[MAX_CHROMOSOME_NAME_LEN+1];
data/subread-2.0.1+dfsg/src/mergeVCF.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_2[MAX_CHROMOSOME_NAME_LEN+1];
data/subread-2.0.1+dfsg/src/mergeVCF.c:100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr -> keys + start, merge_tmp, sizeof(char *) * (items+items2));
data/subread-2.0.1+dfsg/src/mergeVCF.c:144:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * ifp = fopen(file_names[file_no],"r");
data/subread-2.0.1+dfsg/src/mergeVCF.c:210:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int qual = atoi(qual_str);
data/subread-2.0.1+dfsg/src/propmapped.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_file_name [MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/propmapped.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_file_name [MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/propmapped.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_prefix [MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/propmapped.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char del2[MAX_FILE_NAME_LENGTH], del_suffix[MAX_FILE_NAME_LENGTH], del_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/propmapped.c:86:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(del2, _PROPMAPPED_delete_tmp_prefix, last_slash);
data/subread-2.0.1+dfsg/src/propmapped.c:152:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int flags = atoi(flags_str);
data/subread-2.0.1+dfsg/src/propmapped.c:251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname [MAX_FILE_NAME_LENGTH+40];
data/subread-2.0.1+dfsg/src/propmapped.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac_rand[13];
data/subread-2.0.1+dfsg/src/propmapped.c:311:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->temp_file_prefix, context->output_file_name, x1);
data/subread-2.0.1+dfsg/src/propmapped.c:316:38: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(context->temp_file_prefix[0]==0) strcpy(context->temp_file_prefix, "./");
data/subread-2.0.1+dfsg/src/propmapped.c:349:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned flags = atoi(flags_str);
data/subread-2.0.1+dfsg/src/propmapped.c:370:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_FILE_NAME_LENGTH+25];
data/subread-2.0.1+dfsg/src/qualityScores.c:122:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
out_cursor+=sprintf(qs_context->IO_line_buff+out_cursor,"%d,", nch);
data/subread-2.0.1+dfsg/src/qualityScores.c:124:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
out_cursor+=sprintf(qs_context->IO_line_buff+out_cursor,"NA,");
data/subread-2.0.1+dfsg/src/qualityScores.c:203:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(nstr) flags = atoi(nstr);
data/subread-2.0.1+dfsg/src/qualityScores.c:507:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/qualityScores.c:508:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/read-repair.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_BAM_file[MAX_FILE_NAME_LENGTH+1];
data/subread-2.0.1+dfsg/src/read-repair.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_BAM_file[MAX_FILE_NAME_LENGTH+1];
data/subread-2.0.1+dfsg/src/read-repair.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rand_prefix[40];
data/subread-2.0.1+dfsg/src/read-repair.c:88:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memory = atoi(optarg);
data/subread-2.0.1+dfsg/src/read-repair.c:92:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threads = atoi(optarg);
data/subread-2.0.1+dfsg/src/read-repair.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac_rand[13];
data/subread-2.0.1+dfsg/src/readSummary.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chromosome_name_left[CHROMOSOME_NAME_LENGTH + 1];
data/subread-2.0.1+dfsg/src/readSummary.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chromosome_name_right[CHROMOSOME_NAME_LENGTH + 1];
data/subread-2.0.1+dfsg/src/readSummary.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * proc_ChroNames[65536];
data/subread-2.0.1+dfsg/src/readSummary.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proc_Event_After_Section[65536];
data/subread-2.0.1+dfsg/src/readSummary.c:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alias_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_input_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:308:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_file_path[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_dir[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_details_path[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annotation_file_screen_output[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scRNA_sample_sheet[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scRNA_cell_barcode_list[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:326:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature_name_column[2000];
data/subread-2.0.1+dfsg/src/readSummary.c:327:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gene_id_column[100];
data/subread-2.0.1+dfsg/src/readSummary.c:408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundaries_chromosomes[global_context -> max_M][MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/readSummary.c:409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundaries_extend_to_left_on_read[global_context -> max_M];
data/subread-2.0.1+dfsg/src/readSummary.c:463:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_name[2], typechar=0;
data/subread-2.0.1+dfsg/src/readSummary.c:467:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_fusion_char[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/readSummary.c:470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_fusion_cigar[global_context -> max_M * 15];
data/subread-2.0.1+dfsg/src/readSummary.c:613:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MAC_or_random[13];
data/subread-2.0.1+dfsg/src/readSummary.c:628:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(sam_used,"w");
data/subread-2.0.1+dfsg/src/readSummary.c:867:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lneeded[strlen(needed)+1];
data/subread-2.0.1+dfsg/src/readSummary.c:881:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bucket_key[CHROMOSOME_NAME_LENGTH + 20];
data/subread-2.0.1+dfsg/src/readSummary.c:976:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
feature_pos = atoi(strtok_r(NULL,"\t", &token_temp));// feature_end
data/subread-2.0.1+dfsg/src/readSummary.c:986:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
feature_pos = atoi(strtok_r(NULL,"\t", &token_temp));// feature_end
data/subread-2.0.1+dfsg/src/readSummary.c:1086:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_features[xk1].start = atoi( start_ptr );// start
data/subread-2.0.1+dfsg/src/readSummary.c:1093:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_features[xk1].end = atoi( end_ptr );//end
data/subread-2.0.1+dfsg/src/readSummary.c:1149:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature_name_tmp[FEATURE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:1150:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(feature_name_tmp, "LINE_%07u", xk1 + 1);
data/subread-2.0.1+dfsg/src/readSummary.c:1179:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_features[xk1].start = atoi(start_ptr);// start
data/subread-2.0.1+dfsg/src/readSummary.c:1180:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_features[xk1].end = atoi(end_ptr);//end
data/subread-2.0.1+dfsg/src/readSummary.c:1219:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpnameex,"NA");
data/subread-2.0.1+dfsg/src/readSummary.c:1225:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extcols+extcols_len, tmpnameex, attr_val_len);
data/subread-2.0.1+dfsg/src/readSummary.c:1363:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char * ret_strand = (unsigned char *) arr[2];
data/subread-2.0.1+dfsg/src/readSummary.c:1400:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret_start+ start, tmp_start, sizeof(srInt_64) * total_items);
data/subread-2.0.1+dfsg/src/readSummary.c:1401:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret_end+ start, tmp_end, sizeof(srInt_64) * total_items);
data/subread-2.0.1+dfsg/src/readSummary.c:1402:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret_strand+ start, tmp_strand, sizeof(char) * total_items);
data/subread-2.0.1+dfsg/src/readSummary.c:1403:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret_entyrez+ start, tmp_entyrez, sizeof(int) * total_items);
data/subread-2.0.1+dfsg/src/readSummary.c:1404:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_info_ptr+ start, tmp_info_ptr, sizeof(fc_feature_info_t*) * total_items);
data/subread-2.0.1+dfsg/src/readSummary.c:1434:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char * ret_strand = (unsigned char *) arr[2];
data/subread-2.0.1+dfsg/src/readSummary.c:1843:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(is_text)memcpy(thread_context -> read_details_buff, "BAM\1", 4);
data/subread-2.0.1+dfsg/src/readSummary.c:1844:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> read_details_buff + (is_text?4:0), is_text?(&bin_len):(&items), 4);
data/subread-2.0.1+dfsg/src/readSummary.c:1847:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> read_details_buff + (first_block?4*(1+is_text):0), bin + write_cursor, wlen);
data/subread-2.0.1+dfsg/src/readSummary.c:1886:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(global_context->RGnames_set + global_context->RGnames_ptr, bin + id_start, id_len);
data/subread-2.0.1+dfsg/src/readSummary.c:1926:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&l_name, bin + bin_ptr, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:1937:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(global_context -> sambam_chro_table[x1].chro_name , bin + bin_ptr, l_name);
data/subread-2.0.1+dfsg/src/readSummary.c:1940:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&global_context -> sambam_chro_table[x1].chro_length , bin + bin_ptr, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:1957:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int r1_chro = atoi(strtok_r(NULL, "\027", &tmptr));
data/subread-2.0.1+dfsg/src/readSummary.c:1958:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int r1_pos = atoi(strtok_r(NULL, "\027", &tmptr));
data/subread-2.0.1+dfsg/src/readSummary.c:1959:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int r2_chro = atoi(strtok_r(NULL, "\027", &tmptr));
data/subread-2.0.1+dfsg/src/readSummary.c:1960:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int r2_pos = atoi(strtok_r(NULL, "\027", &tmptr));
data/subread-2.0.1+dfsg/src/readSummary.c:1961:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int HItag = atoi(strtok_r(NULL, "\027", &tmptr));
data/subread-2.0.1+dfsg/src/readSummary.c:1963:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mate_FLAG, bin1 + 16, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:1966:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mate_tlen, bin1 + 32, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:1984:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HItagStr[20];
data/subread-2.0.1+dfsg/src/readSummary.c:1986:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(HItagStr, "\tHI:i:%d", HItag);
data/subread-2.0.1+dfsg/src/readSummary.c:2269:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flag, bin + 16, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2273:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&refID, bin + 4, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2278:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, bin+8, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2281:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mapq, bin+12, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2286:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq_len, bin + 20,4);
data/subread-2.0.1+dfsg/src/readSummary.c:2287:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mate_refID, bin+24, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2295:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mate_pos, bin+28, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2299:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tlen_int, bin+32, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2394:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block_len, bin, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2407:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mate_flag, bin2 + 16, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&refID, bin2 + 24, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2413:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mate_refID, bin2 + 4, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2423:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, bin2+28, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2427:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mate_pos, bin2+8, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2431:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tlen, bin2+32, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2437:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block2_len, bin2, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2439:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rname2len, bin2+12, 1);
data/subread-2.0.1+dfsg/src/readSummary.c:2440:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cigar2len, bin2+16, 2);
data/subread-2.0.1+dfsg/src/readSummary.c:2441:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq2len, bin2+20, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * ChroNames[global_context -> max_M];
data/subread-2.0.1+dfsg/src/readSummary.c:2494:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Event_After_Section[global_context -> max_M];
data/subread-2.0.1+dfsg/src/readSummary.c:2585:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
else new_tags_length += 4 + strlen((char *)vals[tagi]);
data/subread-2.0.1+dfsg/src/readSummary.c:2589:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&oldbin_len, oldbin, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2594:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*newbin, oldbin, oldbin_len);
data/subread-2.0.1+dfsg/src/readSummary.c:2596:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*newbin, &newbin_len, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2600:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (*newbin) + oldbin_len, tags[tagi] ,2);
data/subread-2.0.1+dfsg/src/readSummary.c:2604:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*newbin) + oldbin_len + 3, &intv, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2607:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int vlen = strlen((char *)(vals[tagi]))+1;
data/subread-2.0.1+dfsg/src/readSummary.c:2608:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*newbin) + oldbin_len + 3, vals[tagi], vlen);
data/subread-2.0.1+dfsg/src/readSummary.c:2630:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmplen, thread_context -> read_details_buff + write_ptr, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2675:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_buf+10, &tmpi, 2); //XLSN
data/subread-2.0.1+dfsg/src/readSummary.c:2679:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_buf+14, &tmpi, 2); //BSIZE
data/subread-2.0.1+dfsg/src/readSummary.c:2681:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_buf+16, &tmpi, 2); //BSIZE
data/subread-2.0.1+dfsg/src/readSummary.c:2683:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_buf+18+compressed_size, &CRC32, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2684:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_buf+18+compressed_size+4, &bin_len, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2701:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmplen, thread_context -> read_details_buff + write_bin_ptr, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2724:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&binlen, bin, 4);
data/subread-2.0.1+dfsg/src/readSummary.c:2734:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thread_context -> read_details_buff + thread_context -> read_details_buff_used, bin, binlen);
data/subread-2.0.1+dfsg/src/readSummary.c:2753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * tags[4];
data/subread-2.0.1+dfsg/src/readSummary.c:2754:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char types[4];
data/subread-2.0.1+dfsg/src/readSummary.c:3222:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thread_context -> chro_name_buff, "chr");
data/subread-2.0.1+dfsg/src/readSummary.c:3503:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpc [MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/readSummary.c:3517:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpc, cbc, global_context -> known_cell_barcode_length);
data/subread-2.0.1+dfsg/src/readSummary.c:3629:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char used_interval[ sections ];
data/subread-2.0.1+dfsg/src/readSummary.c:3750:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char used_hit1 [nhits1];
data/subread-2.0.1+dfsg/src/readSummary.c:3751:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char used_hit2 [nhits2];
data/subread-2.0.1+dfsg/src/readSummary.c:4025:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final_feture_names[GENE_NAME_LIST_BUFFER_SIZE];
data/subread-2.0.1+dfsg/src/readSummary.c:4064:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(is_etc) sprintf(final_feture_names + strlen(final_feture_names), "... (%d names omitted),", is_etc);
data/subread-2.0.1+dfsg/src/readSummary.c:4162:72: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
for(x1=0;x1<high_confid_barcode_index_list->numOfElements;x1++)ret += sprintf(linebuf + ret,"\t0");
data/subread-2.0.1+dfsg/src/readSummary.c:4174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tken[MAX_UMI_BARCODE_LENGTH/2+5];
data/subread-2.0.1+dfsg/src/readSummary.c:4302:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
linebuf_ptr = sprintf(linebuf, "%I64d", line_number);
data/subread-2.0.1+dfsg/src/readSummary.c:4304:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
linebuf_ptr = sprintf(linebuf, "%lld", line_number);
data/subread-2.0.1+dfsg/src/readSummary.c:4332:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
linebuf_ptr+=sprintf(linebuf+linebuf_ptr, "\t%d", write_cnt);
data/subread-2.0.1+dfsg/src/readSummary.c:4409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname[MAX_FILE_NAME_LENGTH + 100];
data/subread-2.0.1+dfsg/src/readSummary.c:4411:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * ofp_bcs = fopen( ofname , "w" );
data/subread-2.0.1+dfsg/src/readSummary.c:4413:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * ofp_genes = fopen( ofname , "w" );
data/subread-2.0.1+dfsg/src/readSummary.c:4415:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * ofp_mtx = fopen( ofname , "w" );
data/subread-2.0.1+dfsg/src/readSummary.c:4489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exon_name[FEATURE_NAME_LENGTH+60];
data/subread-2.0.1+dfsg/src/readSummary.c:4533:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exon_name[FEATURE_NAME_LENGTH+60];
data/subread-2.0.1+dfsg/src/readSummary.c:4546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname[MAX_FILE_NAME_LENGTH + 100];
data/subread-2.0.1+dfsg/src/readSummary.c:4548:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * write_fp = fopen(ofname,"w");
data/subread-2.0.1+dfsg/src/readSummary.c:4568:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exon_name[FEATURE_NAME_LENGTH+60];
data/subread-2.0.1+dfsg/src/readSummary.c:4575:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname[MAX_FILE_NAME_LENGTH + 100];
data/subread-2.0.1+dfsg/src/readSummary.c:4577:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen( ofname , "w" );
data/subread-2.0.1+dfsg/src/readSummary.c:4589:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname[MAX_FILE_NAME_LENGTH + 20];
data/subread-2.0.1+dfsg/src/readSummary.c:4591:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * sample_tab_fp = fopen( ofname , "w" );
data/subread-2.0.1+dfsg/src/readSummary.c:4889:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pct_str[10];
data/subread-2.0.1+dfsg/src/readSummary.c:4891:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pct_str,"(%.1f%%%%)", (*nreads_mapped_to_exon)*100./total_input_reads);
data/subread-2.0.1+dfsg/src/readSummary.c:4916:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "./");
data/subread-2.0.1+dfsg/src/readSummary.c:4918:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, out, slash - out);
data/subread-2.0.1+dfsg/src/readSummary.c:4927:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MAC_or_random[13];
data/subread-2.0.1+dfsg/src/readSummary.c:4935:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * ifp = fopen(*out_ptr,"w");
data/subread-2.0.1+dfsg/src/readSummary.c:4937:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nchar[100];
data/subread-2.0.1+dfsg/src/readSummary.c:4999:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bctmp[20];
data/subread-2.0.1+dfsg/src/readSummary.c:5142:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(global_context -> output_file_path, output_fname, x1);
data/subread-2.0.1+dfsg/src/readSummary.c:5174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[MAX_FILE_NAME_LENGTH+20], *modified_fname;
data/subread-2.0.1+dfsg/src/readSummary.c:5193:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname2[MAX_FILE_NAME_LENGTH+100];
data/subread-2.0.1+dfsg/src/readSummary.c:5317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rand_prefix[MAX_FILE_NAME_LENGTH+100];
data/subread-2.0.1+dfsg/src/readSummary.c:5318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_fn[MAX_FILE_NAME_LENGTH+10];
data/subread-2.0.1+dfsg/src/readSummary.c:5319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MAC_or_random[13];
data/subread-2.0.1+dfsg/src/readSummary.c:5340:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bam_tail_block[1000];
data/subread-2.0.1+dfsg/src/readSummary.c:5431:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*buf), src, srclen);
data/subread-2.0.1+dfsg/src/readSummary.c:5527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * out_extra_columns[MAX_EXTRA_COLS];
data/subread-2.0.1+dfsg/src/readSummary.c:5606:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbbuf[12];
data/subread-2.0.1+dfsg/src/readSummary.c:5610:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbbuf,"%u;", input_start_stop_list[xk3 * 2]);
data/subread-2.0.1+dfsg/src/readSummary.c:5612:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbbuf,"%u;", input_start_stop_list[xk3 * 2 + 1] - 1);
data/subread-2.0.1+dfsg/src/readSummary.c:5614:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbbuf,"%c;", (matched_strand==1)?'-':( ( matched_strand==0 )? '+':'.'));
data/subread-2.0.1+dfsg/src/readSummary.c:5690:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:6099:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(inp[i])>0) chrI = atoi(inp[i]);
data/subread-2.0.1+dfsg/src/readSummary.c:6099:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(inp[i])>0) chrI = atoi(inp[i]);
data/subread-2.0.1+dfsg/src/readSummary.c:6100:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(inp[j])>0) chrJ = atoi(inp[j]);
data/subread-2.0.1+dfsg/src/readSummary.c:6100:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(inp[j])>0) chrJ = atoi(inp[j]);
data/subread-2.0.1+dfsg/src/readSummary.c:6112:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chrI=atoi(inp[i]+3);
data/subread-2.0.1+dfsg/src/readSummary.c:6118:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chrJ=atoi(inp[j]+3);
data/subread-2.0.1+dfsg/src/readSummary.c:6148:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pos1 = atoi(inp[i]+x1+1);
data/subread-2.0.1+dfsg/src/readSummary.c:6149:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pos2 = atoi(inp[j]+x1+1);
data/subread-2.0.1+dfsg/src/readSummary.c:6183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inp + start, tmpp, sizeof(char *)*(items1+items2));
data/subread-2.0.1+dfsg/src/readSummary.c:6263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfname[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:6275:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * ofp = fopen(outfname, "w");
data/subread-2.0.1+dfsg/src/readSummary.c:6297:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int pos_small = atoi(pos_small_str);
data/subread-2.0.1+dfsg/src/readSummary.c:6298:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int pos_large = atoi(pos_large_str);
data/subread-2.0.1+dfsg/src/readSummary.c:6305:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char donor[3], receptor[3];
data/subread-2.0.1+dfsg/src/readSummary.c:6357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junc_key [FEATURE_NAME_LENGTH + 15];
data/subread-2.0.1+dfsg/src/readSummary.c:6384:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gene_names, "NA");
data/subread-2.0.1+dfsg/src/readSummary.c:6402:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(gene_names, "NA");
data/subread-2.0.1+dfsg/src/readSummary.c:6564:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isPE = atoi(argv[4]);
data/subread-2.0.1+dfsg/src/readSummary.c:6565:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minPEDistance = atoi(argv[5]);
data/subread-2.0.1+dfsg/src/readSummary.c:6566:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxPEDistance = atoi(argv[6]);
data/subread-2.0.1+dfsg/src/readSummary.c:6569:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isMultiOverlapAllowed = atoi(argv[8]);
data/subread-2.0.1+dfsg/src/readSummary.c:6570:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isGeneLevel = atoi(argv[9]);
data/subread-2.0.1+dfsg/src/readSummary.c:6573:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thread_number = atoi(argv[10]);
data/subread-2.0.1+dfsg/src/readSummary.c:6576:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isGTF = atoi(argv[11]);
data/subread-2.0.1+dfsg/src/readSummary.c:6582:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isReadSummaryReport = atoi(argv[13]);
data/subread-2.0.1+dfsg/src/readSummary.c:6585:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isBothEndRequired = atoi(argv[14]);
data/subread-2.0.1+dfsg/src/readSummary.c:6588:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isChimericDisallowed = atoi(argv[15]);
data/subread-2.0.1+dfsg/src/readSummary.c:6591:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isPEDistChecked = atoi(argv[16]);
data/subread-2.0.1+dfsg/src/readSummary.c:6611:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minMappingQualityScore = atoi(argv[19]);
data/subread-2.0.1+dfsg/src/readSummary.c:6614:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isMultiMappingAllowed = atoi(argv[20]);
data/subread-2.0.1+dfsg/src/readSummary.c:6631:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isInputFileResortNeeded = atoi(argv[23]);
data/subread-2.0.1+dfsg/src/readSummary.c:6638:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Param_fiveEndExtension = atoi(argv[25]);
data/subread-2.0.1+dfsg/src/readSummary.c:6642:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Param_threeEndExtension = atoi(argv[26]);
data/subread-2.0.1+dfsg/src/readSummary.c:6646:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minFragmentOverlap = atoi(argv[27]);
data/subread-2.0.1+dfsg/src/readSummary.c:6659:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isSplitOrExonicOnly = atoi(argv[28]);
data/subread-2.0.1+dfsg/src/readSummary.c:6663:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reduce_5_3_ends_to_one = atoi(argv[29]); // 0 : no reduce; 1: reduce to 5' end; 2: reduce to 3' end.
data/subread-2.0.1+dfsg/src/readSummary.c:6673:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
is_duplicate_ignored = atoi(argv[31]);
data/subread-2.0.1+dfsg/src/readSummary.c:6678:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
doNotSort = atoi(argv[32]);
data/subread-2.0.1+dfsg/src/readSummary.c:6683:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fractionMultiMapping = atoi(argv[33]);
data/subread-2.0.1+dfsg/src/readSummary.c:6688:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
useOverlappingBreakTie = atoi(argv[34]);
data/subread-2.0.1+dfsg/src/readSummary.c:6698:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
doJuncCounting = atoi(argv[36]);
data/subread-2.0.1+dfsg/src/readSummary.c:6707:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_M = atoi(argv[38]);
data/subread-2.0.1+dfsg/src/readSummary.c:6711:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isRestrictlyNoOvelrapping = atoi(argv[39]);
data/subread-2.0.1+dfsg/src/readSummary.c:6725:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
useStdinFile = (atoi(argv[42]) & 1)!=0;
data/subread-2.0.1+dfsg/src/readSummary.c:6733:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long_read_minimum_length = atoi(argv[44])?1:1999999999;
data/subread-2.0.1+dfsg/src/readSummary.c:6753:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argc>48) max_missing_bases_in_read = atoi(argv[48]);
data/subread-2.0.1+dfsg/src/readSummary.c:6756:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argc>49) max_missing_bases_in_feature = atoi(argv[49]);
data/subread-2.0.1+dfsg/src/readSummary.c:6759:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argc>50) is_Primary_Alignment_only = atoi(argv[50]);
data/subread-2.0.1+dfsg/src/readSummary.c:6781:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argc>55) read_shift_size = atoi(argv[55]);
data/subread-2.0.1+dfsg/src/readSummary.c:6821:200: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fc_thread_init_global_context(& global_context, FEATURECOUNTS_BUFFER_SIZE, thread_number, MAX_LINE_LENGTH, isPE, minPEDistance, maxPEDistance,isGeneLevel, isMultiOverlapAllowed, strand_check_mode, (char *)argv[3] , isReadSummaryReport, isBothEndRequired, isChimericDisallowed, isPEDistChecked, nameFeatureTypeColumn, nameGeneIDColumn, minMappingQualityScore,isMultiMappingAllowed, 0, alias_file_name, cmd_rebuilt, isInputFileResortNeeded, feature_block_size, isCVersion, fiveEndExtension, threeEndExtension , minFragmentOverlap, isSplitOrExonicOnly, reduce_5_3_ends_to_one, debug_command, is_duplicate_ignored, doNotSort, fractionMultiMapping, useOverlappingBreakTie, pair_orientations, doJuncCounting, max_M, isRestrictlyNoOvelrapping, fracOverlap, temp_dir, useStdinFile, assignReadsToRG, long_read_minimum_length, is_verbose, fracOverlapFeature, do_detectionCall, max_missing_bases_in_read, max_missing_bases_in_feature, is_Primary_Alignment_only, Rpath, extra_column_names, annotation_file_screen_output, read_shift_type, read_shift_size, scRNA_sample_sheet, scRNA_cell_barcode_list);
data/subread-2.0.1+dfsg/src/readSummary.c:7087:81: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(global_context.is_input_bad_format == 0) print_FC_results(&global_context, (char *)argv[3]/*out file name*/);
data/subread-2.0.1+dfsg/src/readSummary.c:7168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bucket_key[CHROMOSOME_NAME_LENGTH + 20];
data/subread-2.0.1+dfsg/src/readSummary.c:7266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * Rargv[58];
data/subread-2.0.1+dfsg/src/readSummary.c:7267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annot_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:7268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_dir[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/readSummary.c:7278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_M_str[8];
data/subread-2.0.1+dfsg/src/readSummary.c:7279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameFeatureTypeColumn[2000];
data/subread-2.0.1+dfsg/src/readSummary.c:7280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameGeneIDColumn[66];
data/subread-2.0.1+dfsg/src/readSummary.c:7285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debug_command[15];
data/subread-2.0.1+dfsg/src/readSummary.c:7286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_missing_bases_in_read_str[15];
data/subread-2.0.1+dfsg/src/readSummary.c:7287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_missing_bases_in_feature_str[15];
data/subread-2.0.1+dfsg/src/readSummary.c:7288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min_dist_str[15];
data/subread-2.0.1+dfsg/src/readSummary.c:7289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_dist_str[15];
data/subread-2.0.1+dfsg/src/readSummary.c:7290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_shift_size_str[15];
data/subread-2.0.1+dfsg/src/readSummary.c:7291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_shift_type[15];
data/subread-2.0.1+dfsg/src/readSummary.c:7292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min_qual_score_str[15];
data/subread-2.0.1+dfsg/src/readSummary.c:7293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature_block_size_str[15];
data/subread-2.0.1+dfsg/src/readSummary.c:7296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strFeatureFracOverlap[15];
data/subread-2.0.1+dfsg/src/readSummary.c:7297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Pair_Orientations[3];
data/subread-2.0.1+dfsg/src/readSummary.c:7324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nthread_str[4];
data/subread-2.0.1+dfsg/src/readSummary.c:7333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strFiveEndExtension[11], strThreeEndExtension[11], strMinFragmentOverlap[11], fracOverlapStr[20], std_input_output_mode_str[16], long_read_mode_str[16];
data/subread-2.0.1+dfsg/src/readSummary.c:7343:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(read_shift_type,"upstream");
data/subread-2.0.1+dfsg/src/readSummary.c:7344:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nameFeatureTypeColumn,"exon");
data/subread-2.0.1+dfsg/src/readSummary.c:7345:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nameGeneIDColumn,"gene_id");
data/subread-2.0.1+dfsg/src/readSummary.c:7346:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp_dir, "<use output directory>");
data/subread-2.0.1+dfsg/src/readSummary.c:7364:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(max_M_str, "10");
data/subread-2.0.1+dfsg/src/readSummary.c:7365:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Pair_Orientations,"fr");
data/subread-2.0.1+dfsg/src/readSummary.c:7403:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_qual_score = atoi(optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7416:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threads = atoi(optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7422:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_dist = atoi(optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7428:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_dist = atoi(optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7491:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fiveEndExtension = atoi(optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7499:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threeEndExtension = atoi(optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7521:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_missing_bases_in_feature = atoi(optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7527:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_missing_bases_in_read = atoi(optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7554:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minFragmentOverlap = atoi(optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7611:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
read_shift_size = atoi(optarg);
data/subread-2.0.1+dfsg/src/readSummary.c:7691:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strFiveEndExtension, "%d", fiveEndExtension);
data/subread-2.0.1+dfsg/src/readSummary.c:7692:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strThreeEndExtension, "%d", threeEndExtension);
data/subread-2.0.1+dfsg/src/readSummary.c:7693:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strMinFragmentOverlap, "%d", minFragmentOverlap);
data/subread-2.0.1+dfsg/src/readSummary.c:7694:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nthread_str,"%d", threads);
data/subread-2.0.1+dfsg/src/readSummary.c:7695:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(min_dist_str,"%d",min_dist);
data/subread-2.0.1+dfsg/src/readSummary.c:7696:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(max_dist_str,"%d",max_dist);
data/subread-2.0.1+dfsg/src/readSummary.c:7697:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(min_qual_score_str,"%d", min_qual_score);
data/subread-2.0.1+dfsg/src/readSummary.c:7698:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(feature_block_size_str,"%d", feature_block_size);
data/subread-2.0.1+dfsg/src/readSummary.c:7699:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fracOverlapStr, "%g", fracOverlap);
data/subread-2.0.1+dfsg/src/readSummary.c:7700:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(std_input_output_mode_str,"%d",std_input_output_mode);
data/subread-2.0.1+dfsg/src/readSummary.c:7701:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(long_read_mode_str, "%d", long_read_mode);
data/subread-2.0.1+dfsg/src/readSummary.c:7702:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strFeatureFracOverlap, "%g", fracOverlapFeature);
data/subread-2.0.1+dfsg/src/readSummary.c:7703:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(max_missing_bases_in_feature_str, "%d", max_missing_bases_in_feature);
data/subread-2.0.1+dfsg/src/readSummary.c:7704:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(max_missing_bases_in_read_str, "%d", max_missing_bases_in_read);
data/subread-2.0.1+dfsg/src/readSummary.c:7705:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(read_shift_size_str, "%d", read_shift_size);
data/subread-2.0.1+dfsg/src/removeDupReads.c:92:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/removeDupReads.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buffer [3000];
data/subread-2.0.1+dfsg/src/removeDupReads.c:206:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(( atoi(flgstr) & 4 )== 0) written_reads++;
data/subread-2.0.1+dfsg/src/removeDupReads.c:228:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_file_prefix[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/removeDupReads.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac_rand[13];
data/subread-2.0.1+dfsg/src/removeDupReads.c:330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_SAM_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/removeDupReads.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_SAM_file[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/removeDupReads.c:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/removeDupReads.c:385:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threads = atoi(optarg);
data/subread-2.0.1+dfsg/src/removeDupReads.c:393:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threshold = atoi(optarg);
data/subread-2.0.1+dfsg/src/sam2fq.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[200];
data/subread-2.0.1+dfsg/src/sam2fq.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[3000];
data/subread-2.0.1+dfsg/src/sam2fq.c:67:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(flds==1) flags = atoi(fldstr);
data/subread-2.0.1+dfsg/src/samMappedBases.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fline[2999];
data/subread-2.0.1+dfsg/src/samMappedBases.c:65:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int flags = atoi(flags_str);
data/subread-2.0.1+dfsg/src/sambam-file.c:85:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(fn, "rb");
data/subread-2.0.1+dfsg/src/sambam-file.c:87:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h2[2];
data/subread-2.0.1+dfsg/src/sambam-file.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fline[3000];
data/subread-2.0.1+dfsg/src/sambam-file.c:103:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int flags = atoi(strtok_r(NULL, "\t", &tok));
data/subread-2.0.1+dfsg/src/sambam-file.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&magic_4 , SB_READ(ret), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:193:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&l_text, SB_READ(ret), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:254:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ref_info_size, SB_READ(ret),4);
data/subread-2.0.1+dfsg/src/sambam-file.c:267:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ref_name_len, SB_READ(ret),4);
data/subread-2.0.1+dfsg/src/sambam-file.c:273:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret -> bam_chro_table[xk1].chro_name, SB_READ(ret), ref_readin_len);
data/subread-2.0.1+dfsg/src/sambam-file.c:277:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ret -> bam_chro_table[xk1].chro_length), SB_READ(ret),4);
data/subread-2.0.1+dfsg/src/sambam-file.c:482:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&header_txt_len, chunk + (*chunk_ptr),4);
data/subread-2.0.1+dfsg/src/sambam-file.c:521:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&chrs, chunk + (*chunk_ptr),4);
data/subread-2.0.1+dfsg/src/sambam-file.c:536:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&chro_name_len, chunk + (*chunk_ptr),4);
data/subread-2.0.1+dfsg/src/sambam-file.c:542:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&chro_len, chunk + (*chunk_ptr),4);
data/subread-2.0.1+dfsg/src/sambam-file.c:590:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bin_len, bam_bin, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:596:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpint, bam_bin + 16 ,4);
data/subread-2.0.1+dfsg/src/sambam-file.c:597:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sam_ptr += sprintf(sam_txt + sam_ptr, "%d\t", (tmpint >> 16) & 0xffff);
data/subread-2.0.1+dfsg/src/sambam-file.c:600:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpint, bam_bin + 4 ,4);
data/subread-2.0.1+dfsg/src/sambam-file.c:603:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpint, bam_bin + 8 ,4);
data/subread-2.0.1+dfsg/src/sambam-file.c:604:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sam_ptr += sprintf(sam_txt + sam_ptr, "%d\t", tmpint+1);
data/subread-2.0.1+dfsg/src/sambam-file.c:605:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpint, bam_bin + 12 ,4);
data/subread-2.0.1+dfsg/src/sambam-file.c:606:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sam_ptr += sprintf(sam_txt + sam_ptr, "%d\t", (tmpint >> 8) & 0xff);
data/subread-2.0.1+dfsg/src/sambam-file.c:611:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cigarint, bam_bin + name_len + 36 + cigar_i * 4,4);
data/subread-2.0.1+dfsg/src/sambam-file.c:612:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sam_ptr += sprintf(sam_txt + sam_ptr, "%u%c", cigarint >> 4, "MIDNSHP=X"[cigarint&0xf]);
data/subread-2.0.1+dfsg/src/sambam-file.c:616:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpint, bam_bin + 24, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:620:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpint, bam_bin + 28, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:621:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sam_ptr += sprintf(sam_txt + sam_ptr, "%d\t", tmpint+1);
data/subread-2.0.1+dfsg/src/sambam-file.c:623:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpint, bam_bin + 32, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:624:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sam_ptr += sprintf(sam_txt + sam_ptr, "%d\t", tmpint);
data/subread-2.0.1+dfsg/src/sambam-file.c:627:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq_len, bam_bin + 20,4);
data/subread-2.0.1+dfsg/src/sambam-file.c:651:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&elem_no, bam_bin + flex_ptr, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:678:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tagval, bam_bin + flex_ptr, type_bytes);
data/subread-2.0.1+dfsg/src/sambam-file.c:680:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(elemtype == 'i') sam_ptr += sprintf(sam_txt + sam_ptr, "%d,", (int)printv);
data/subread-2.0.1+dfsg/src/sambam-file.c:681:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(elemtype == 'I') sam_ptr += sprintf(sam_txt + sam_ptr, "%u,", (unsigned int)printv);
data/subread-2.0.1+dfsg/src/sambam-file.c:683:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(elemtype == 's') sam_ptr += sprintf(sam_txt + sam_ptr, "%d,", (short)printv);
data/subread-2.0.1+dfsg/src/sambam-file.c:684:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(elemtype == 'S') sam_ptr += sprintf(sam_txt + sam_ptr, "%u,", (unsigned short)printv);
data/subread-2.0.1+dfsg/src/sambam-file.c:686:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(elemtype == 'c') sam_ptr += sprintf(sam_txt + sam_ptr, "%d,", (char)printv);
data/subread-2.0.1+dfsg/src/sambam-file.c:687:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(elemtype == 'C') sam_ptr += sprintf(sam_txt + sam_ptr, "%u,", (unsigned char)printv);
data/subread-2.0.1+dfsg/src/sambam-file.c:690:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tagval, bam_bin + flex_ptr, type_bytes);
data/subread-2.0.1+dfsg/src/sambam-file.c:691:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sam_ptr += sprintf(sam_txt + sam_ptr, "%f,", tagval);
data/subread-2.0.1+dfsg/src/sambam-file.c:729:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tagval, bam_bin + flex_ptr, type_bytes);
data/subread-2.0.1+dfsg/src/sambam-file.c:732:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sam_ptr += sprintf(sam_txt + sam_ptr, "%I64d\t", printv);
data/subread-2.0.1+dfsg/src/sambam-file.c:734:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sam_ptr += sprintf(sam_txt + sam_ptr, "%lld\t", printv);
data/subread-2.0.1+dfsg/src/sambam-file.c:738:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sam_txt + sam_ptr, bam_bin + flex_ptr, type_bytes -1);
data/subread-2.0.1+dfsg/src/sambam-file.c:746:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tagval, bam_bin + flex_ptr, type_bytes);
data/subread-2.0.1+dfsg/src/sambam-file.c:747:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sam_ptr += sprintf(sam_txt + sam_ptr, "%f\t", tagval);
data/subread-2.0.1+dfsg/src/sambam-file.c:767:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block_size, chunk+(*chunk_ptr), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:773:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ref_id, chunk+(*chunk_ptr), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:779:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(aln -> chro_offset), chunk+(*chunk_ptr), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:783:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&comb1, chunk+(*chunk_ptr), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:789:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&comb2, chunk+(*chunk_ptr), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:795:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&read_len, chunk+(*chunk_ptr), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:800:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mate_ref_id, chunk+(*chunk_ptr), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:806:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(aln -> mate_chro_offset), chunk+(*chunk_ptr), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:809:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(aln -> templete_length), chunk+(*chunk_ptr), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:815:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aln -> read_name, chunk+(*chunk_ptr), read_name_len);
data/subread-2.0.1+dfsg/src/sambam-file.c:823:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar_piece_buf[BAM_MAX_CIGAR_LEN];
data/subread-2.0.1+dfsg/src/sambam-file.c:827:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cigar_piece, chunk+(*chunk_ptr),4);
data/subread-2.0.1+dfsg/src/sambam-file.c:830:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cigar_piece_buf, "%u%c", cigar_piece>>4, cigar_op_char(cigar_piece&0xf));
data/subread-2.0.1+dfsg/src/sambam-file.c:846:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( aln-> buff_for_seq, chunk+(*chunk_ptr), seq_qual_bytes);
data/subread-2.0.1+dfsg/src/sambam-file.c:849:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra_tags [CORE_ADDITIONAL_INFO_LENGTH];
data/subread-2.0.1+dfsg/src/sambam-file.c:854:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extag[2];
data/subread-2.0.1+dfsg/src/sambam-file.c:857:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extag, chunk+(*chunk_ptr), 2);
data/subread-2.0.1+dfsg/src/sambam-file.c:885:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&array_len, chunk+(*chunk_ptr), 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:897:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpi, chunk+(*chunk_ptr),delta);
data/subread-2.0.1+dfsg/src/sambam-file.c:899:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int sret = sprintf(extra_tags + strlen(extra_tags), "\t%c%c:i:%d", extag[0], extag[1], tmpi);
data/subread-2.0.1+dfsg/src/sambam-file.c:904:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_tags + strlen(extra_tags), "\t%c%c:Z:", extag[0], extag[1]);
data/subread-2.0.1+dfsg/src/sambam-file.c:907:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extra_tags + strlen(extra_tags), chunk + (*chunk_ptr), delta - 1);
data/subread-2.0.1+dfsg/src/sambam-file.c:912:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int sret = sprintf(extra_tags + strlen(extra_tags), "\t%c%c:A:%c", extag[0], extag[1], *(chunk + *chunk_ptr) );
data/subread-2.0.1+dfsg/src/sambam-file.c:1043:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(PDATA , PDATA + have - remainder_byte_len, remainder_byte_len);
data/subread-2.0.1+dfsg/src/sambam-file.c:1059:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(remainder_reads_data , PDATA + PDATA_ptr, have - PDATA_ptr);
data/subread-2.0.1+dfsg/src/sambam-file.c:1100:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/sambam-file.c:1246:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writer -> chunk_buffer, "BAM\1",4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1248:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writer -> chunk_buffer + writer -> chunk_buffer_used, &writer -> header_plain_text_buffer_used, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1253:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writer -> chunk_buffer + writer -> chunk_buffer_used , writer -> header_plain_text_buffer + header_block_start, header_ptr - header_block_start+1);
data/subread-2.0.1+dfsg/src/sambam-file.c:1266:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writer -> chunk_buffer, & writer -> chromosome_name_table -> numOfElements, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1277:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writer -> chunk_buffer + writer -> chunk_buffer_used , &chro_name_len, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1283:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writer -> chunk_buffer + writer -> chunk_buffer_used , &chro_len, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1370:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(memcmp(ret_tmp,"LN:", 3)==0) chro_len = atoi(ret_tmp + 3);
data/subread-2.0.1+dfsg/src/sambam-file.c:1482:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(datatype=='i') val = atoi(additional_columns+col_cursor+5);
data/subread-2.0.1+dfsg/src/sambam-file.c:1486:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin+bin_cursor+3, (datatype=='i')? ((void *)&val):((void *)&fval),4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1533:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cell_buff [30];
data/subread-2.0.1+dfsg/src/sambam-file.c:1536:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cell_buff, additional_columns + last_cursor, (col_cursor - last_cursor));
data/subread-2.0.1+dfsg/src/sambam-file.c:1539:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(celltype == 'i')intv = atoi(cell_buff);
data/subread-2.0.1+dfsg/src/sambam-file.c:1542:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin + bin_cursor, (celltype == 'i')?(void *)&intv:(void *)&fltv, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1616:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, rline+start_pos, end_pos -start_pos);
data/subread-2.0.1+dfsg/src/sambam-file.c:1640:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SamBam_writer_add_read(writer, thread_no, read_name, atoi(flag_str), chro_name, atoi(chro_position_str), atoi(mapping_quality_str), cigar, next_chro_name, atoi(next_chro_position_str), atoi(temp_len_str), strlen(read_text), read_text, qual_text, additional_columns, committable);
data/subread-2.0.1+dfsg/src/sambam-file.c:1640:82: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SamBam_writer_add_read(writer, thread_no, read_name, atoi(flag_str), chro_name, atoi(chro_position_str), atoi(mapping_quality_str), cigar, next_chro_name, atoi(next_chro_position_str), atoi(temp_len_str), strlen(read_text), read_text, qual_text, additional_columns, committable);
data/subread-2.0.1+dfsg/src/sambam-file.c:1640:107: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SamBam_writer_add_read(writer, thread_no, read_name, atoi(flag_str), chro_name, atoi(chro_position_str), atoi(mapping_quality_str), cigar, next_chro_name, atoi(next_chro_position_str), atoi(temp_len_str), strlen(read_text), read_text, qual_text, additional_columns, committable);
data/subread-2.0.1+dfsg/src/sambam-file.c:1640:157: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SamBam_writer_add_read(writer, thread_no, read_name, atoi(flag_str), chro_name, atoi(chro_position_str), atoi(mapping_quality_str), cigar, next_chro_name, atoi(next_chro_position_str), atoi(temp_len_str), strlen(read_text), read_text, qual_text, additional_columns, committable);
data/subread-2.0.1+dfsg/src/sambam-file.c:1640:187: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SamBam_writer_add_read(writer, thread_no, read_name, atoi(flag_str), chro_name, atoi(chro_position_str), atoi(mapping_quality_str), cigar, next_chro_name, atoi(next_chro_position_str), atoi(temp_len_str), strlen(read_text), read_text, qual_text, additional_columns, committable);
data/subread-2.0.1+dfsg/src/sambam-file.c:1666:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char additional_bin[1000];
data/subread-2.0.1+dfsg/src/sambam-file.c:1695:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used) , & record_length , 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1715:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used) , & refID , 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1717:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used) , & chro_position , 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1719:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used) , & bin_mq_nl , 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1721:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used) , & fag_nc , 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1723:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used) , & read_len , 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1725:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used) , & nextRefID , 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1727:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used) , & next_chro_position , 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1729:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used) , & temp_len , 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1733:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used) , cigar_opts, 4*cigar_opt_len);
data/subread-2.0.1+dfsg/src/sambam-file.c:1737:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used), qual_text, read_len);
data/subread-2.0.1+dfsg/src/sambam-file.c:1742:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_chunk_buffer + (*this_chunk_buffer_used), additional_bin, additional_bin_len);
data/subread-2.0.1+dfsg/src/sambam-file.c:1806:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this_block_len, bin + bin_cursor, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1809:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_binpos, bin + bin_cursor+8, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1810:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_binpos+4, bin + bin_cursor+4, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1811:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_binpos+8, &bin_cursor, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1825:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block_len, bin + binpos[2] , 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1827:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nbin + nb_cursor, bin + binpos[2], 4+block_len);
data/subread-2.0.1+dfsg/src/sambam-file.c:1831:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin, nbin, binlen);
data/subread-2.0.1+dfsg/src/sambam-file.c:1834:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfname[MAX_FILE_NAME_LENGTH+40];
data/subread-2.0.1+dfsg/src/sambam-file.c:1838:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * tofp = fopen(tmpfname, "wb");
data/subread-2.0.1+dfsg/src/sambam-file.c:1876:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cops, bin+12, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1877:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rname_len, bin+8, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1883:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&copt, bin+32+rname_len+4*ii, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1898:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pos, writer -> chunk_buffer + inbin_pos + 4, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1899:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bin_mq_nl, writer -> chunk_buffer + inbin_pos + 8,4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1957:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writer -> chunk_buffer + writer -> chunk_buffer_used, &block_len, 4);
data/subread-2.0.1+dfsg/src/sambam-file.c:1982:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tfp[MAX_FILE_NAME_LENGTH+50];
data/subread-2.0.1+dfsg/src/sambam-file.c:1988:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * outbinfp = fopen(tfp,"wb");
data/subread-2.0.1+dfsg/src/sambam-file.c:1996:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tfpx[MAX_FILE_NAME_LENGTH+50];
data/subread-2.0.1+dfsg/src/sambam-file.c:2000:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sb_fps[bii] = fopen(tfpx,"r");
data/subread-2.0.1+dfsg/src/sambam-file.c:2197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tfp[MAX_FILE_NAME_LENGTH+40];
data/subread-2.0.1+dfsg/src/sambam-file.c:2201:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sb_fps[bii] = fopen(tfp,"r");
data/subread-2.0.1+dfsg/src/sambam-file.c:2293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tfp[MAX_FILE_NAME_LENGTH+40];
data/subread-2.0.1+dfsg/src/sambam-file.h:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_name[BAM_MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/sambam-file.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_name[BAM_MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/sambam-file.h:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cigar[BAM_MAX_CIGAR_LEN];
data/subread-2.0.1+dfsg/src/sambam-file.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence[BAM_MAX_READ_LEN];
data/subread-2.0.1+dfsg/src/sambam-file.h:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_quality[BAM_MAX_READ_LEN];
data/subread-2.0.1+dfsg/src/sambam-file.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff_for_seq[BAM_MAX_READ_LEN*2];
data/subread-2.0.1+dfsg/src/sambam-file.h:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpf_prefix[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/seek-zlib.c:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos -> dict_window, curr_block -> block_dict_window, curr_block -> block_dict_window_size);
data/subread-2.0.1+dfsg/src/seek-zlib.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp -> rolling_dict_window, pos -> dict_window, pos -> block_dict_window_size);
data/subread-2.0.1+dfsg/src/seek-zlib.c:262:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp -> rolling_dict_window + fp_start, txt + new_start, cplen);
data/subread-2.0.1+dfsg/src/seek-zlib.c:288:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp -> block_rolling_chain[empty_block_no].block_dict_window, fp -> rolling_dict_window, fp -> rolling_dict_window_used);
data/subread-2.0.1+dfsg/src/seek-zlib.c:479:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buff + line_write_ptr , cblk-> block_txt + fp-> current_block_txt_read_ptr, cp_bytes );
data/subread-2.0.1+dfsg/src/seek-zlib.c:562:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * tstfp = fopen(fname,"rb");
data/subread-2.0.1+dfsg/src/seek-zlib.c:631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname [MAX_FILE_NAME_LENGTH+1];
data/subread-2.0.1+dfsg/src/sorted-hashtable.c:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_pos_stack[10]; // max error bases = 10;
data/subread-2.0.1+dfsg/src/sorted-hashtable.c:370:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mutation_stack[10];
data/subread-2.0.1+dfsg/src/sorted-hashtable.c:452:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mutation_stack[10];
data/subread-2.0.1+dfsg/src/sorted-hashtable.c:511:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vote->max_indel_recorder, vote->indel_recorder[i][j], 3*MAX_INDEL_TOLERANCE * sizeof(*vote->max_indel_recorder));
data/subread-2.0.1+dfsg/src/sorted-hashtable.c:1354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tabname[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/sorted-hashtable.c:1355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic_chars[8];
data/subread-2.0.1+dfsg/src/sorted-hashtable.c:1395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic_chars[8];
data/subread-2.0.1+dfsg/src/subfilter.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter_mode[10];
data/subread-2.0.1+dfsg/src/subfilter.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/subread.h:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gene_name [MAX_GENE_NAME_LEN];
data/subread-2.0.1+dfsg/src/subread.h:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * malloc_ptr [GEHASH_MEM_PTR_NO];
data/subread-2.0.1+dfsg/src/subread.h:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_indel_cursor[GENE_VOTE_TABLE_SIZE][GENE_VOTE_SPACE];
data/subread-2.0.1+dfsg/src/subread.h:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toli[GENE_VOTE_TABLE_SIZE][GENE_VOTE_SPACE];
data/subread-2.0.1+dfsg/src/subread.h:346:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char is_reverse [BEXT_RESULT_LIMIT];
data/subread-2.0.1+dfsg/src/subread.h:384:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_names [EXON_BUFFER_SIZE][121];
data/subread-2.0.1+dfsg/src/subread.h:385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read [EXON_BUFFER_SIZE][1201];
data/subread-2.0.1+dfsg/src/subread.h:386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quality [EXON_BUFFER_SIZE][1201];
data/subread-2.0.1+dfsg/src/subread.h:403:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_dict_window[SEEKGZ_ZLIB_WINDOW_SIZE]; // copied from the rolling window before this block is decompressed.
data/subread-2.0.1+dfsg/src/subread.h:428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rolling_dict_window[SEEKGZ_ZLIB_WINDOW_SIZE];
data/subread-2.0.1+dfsg/src/subread.h:435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dict_window[SEEKGZ_ZLIB_WINDOW_SIZE];
data/subread-2.0.1+dfsg/src/subread.h:464:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bcl_format_string[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/subread.h:465:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter_format_string[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/subread.h:479:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_FILE_NAME_LENGTH+1];
data/subread-2.0.1+dfsg/src/subread.h:485:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char first_chars[2];
data/subread-2.0.1+dfsg/src/subread.h:502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bcl_format_string[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/subread.h:503:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter_format_string[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/subread.h:517:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename [300];
data/subread-2.0.1+dfsg/src/subread.h:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gzfa_last_name[MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/subread.h:532:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gzfa_last_name[MAX_READ_NAME_LEN];
data/subread-2.0.1+dfsg/src/subread.h:551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chromosome_name[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/subtools.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/subtools.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/subtools.c:130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fline[3000], temp_file_name[MAX_FILE_NAME_LENGTH], mac_rand[13];
data/subread-2.0.1+dfsg/src/subtools.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_buff[3000];
data/subread-2.0.1+dfsg/src/subtools.c:218:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(val_str) flags = atoi(val_str);
data/subread-2.0.1+dfsg/src/subtools.c:221:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(val_str) pos = atoi(val_str);
data/subread-2.0.1+dfsg/src/subtools.c:223:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(val_str) mapq = atoi(val_str);
data/subread-2.0.1+dfsg/src/subtools.c:228:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(val_str) mate_pos = atoi(val_str);
data/subread-2.0.1+dfsg/src/subtools.c:230:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(val_str) tlen = atoi(val_str);
data/subread-2.0.1+dfsg/src/test-seek-zlib.c:6:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int tested_cell_total = atoi(argv[4]);
data/subread-2.0.1+dfsg/src/test-seek-zlib.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1002];
data/subread-2.0.1+dfsg/src/test-seek-zlib.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char should[tested_cell_total][1002];
data/subread-2.0.1+dfsg/src/test-seek-zlib.c:22:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int rand_seed = atoi(argv[3]);
data/subread-2.0.1+dfsg/src/test_qs.c:66:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arri+start , tmp, sizeof(int)*(items1+items2));
data/subread-2.0.1+dfsg/src/tx-unique.c:17:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(context -> gene_name_column_name, "gene_id");
data/subread-2.0.1+dfsg/src/tx-unique.c:18:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(context -> transcript_id_column_name, "transcript_id");
data/subread-2.0.1+dfsg/src/tx-unique.c:19:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(context -> used_feature_type, "exon");
data/subread-2.0.1+dfsg/src/tx-unique.c:119:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memex, ArrayListGet(exs,0), sizeof(txunique_exon_t));
data/subread-2.0.1+dfsg/src/tx-unique.c:127:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memex, tryex, sizeof(txunique_exon_t));
data/subread-2.0.1+dfsg/src/tx-unique.c:181:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memex, try_ex, sizeof(txunique_exon_t));
data/subread-2.0.1+dfsg/src/tx-unique.c:217:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memedge, merged_edge, sizeof(struct _txunique_tmp_edges));
data/subread-2.0.1+dfsg/src/tx-unique.c:317:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash_key [ FEATURE_NAME_LENGTH * 2 + 20];
data/subread-2.0.1+dfsg/src/tx-unique.c:364:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * out_fp = fopen(context -> output_file_name, "w" );
data/subread-2.0.1+dfsg/src/tx-unique.h:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chro_name[MAX_CHROMOSOME_NAME_LEN];
data/subread-2.0.1+dfsg/src/tx-unique.h:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transcript_id[FEATURE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/tx-unique.h:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gene_name[FEATURE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/tx-unique.h:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_GTF_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/tx-unique.h:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_file_name[MAX_FILE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/tx-unique.h:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gene_name_column_name[FEATURE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/tx-unique.h:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transcript_id_column_name[FEATURE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/tx-unique.h:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char used_feature_type[FEATURE_NAME_LENGTH];
data/subread-2.0.1+dfsg/src/zlib_test.c:33:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * ofp = fopen("tt.gz","wb");
data/subread-2.0.1+dfsg/src/zlib_test.c:56:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fbig = fopen("t.bin","rb");
data/subread-2.0.1+dfsg/src/zlib_test.c:85:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fbigo = fopen("tt.bin.gz","wb");
data/subread-2.0.1+dfsg/src/HelperFunctions.c:68:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(memcmp( keyword, linebuf, strlen(keyword) ) == 0 && strstr(linebuf," kB")) {
data/subread-2.0.1+dfsg/src/HelperFunctions.c:71:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(ii=strlen(keyword);; ii++){
data/subread-2.0.1+dfsg/src/HelperFunctions.c:99:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(x1 = strlen(lname)-2; x1>=0; x1--){
data/subread-2.0.1+dfsg/src/HelperFunctions.c:129:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int xk1, jmlen=0, nclen=strlen(new_cigar);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:135:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jmlen = strlen(jump_mode);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:294:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * mem_chro = malloc(strlen(chro_name)+1);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:755:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_rep = strlen(rep);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:758:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_with = strlen(with);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:764:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = result = malloc(strlen(orig) + (len_with - len_rep) * count + 1);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:772:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
tmp = strncpy(tmp, orig, len_front) + len_front;
data/subread-2.0.1+dfsg/src/HelperFunctions.c:955:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sprintf(str_buff + 2*x1 , "%02X", fgetc(fp));
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1094:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int feature_name_len = strlen(feature_name);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1098:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int chro_name_len = strlen(chro_name);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1111:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(start_ptr) > 10 || strlen(end_ptr) > 10 || tv1 > 0x7fffffff || tv2> 0x7fffffff){
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1111:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(start_ptr) > 10 || strlen(end_ptr) > 10 || tv1 > 0x7fffffff || tv2> 0x7fffffff){
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1149:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(start_ptr) > 10 || strlen(end_ptr) > 10 || tv1 > 0x7fffffff || tv2> 0x7fffffff){
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1149:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(start_ptr) > 10 || strlen(end_ptr) > 10 || tv1 > 0x7fffffff || tv2> 0x7fffffff){
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1168:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(extra_attrs && (strlen(extra_attrs)>2)){
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1182:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ext_att_len = strlen(extra_attrs);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1191:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ext_att_len = strlen(extra_attrs);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1241:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sam_chr[strlen(sam_chr)-1]=0;
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1242:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(sam_chr[strlen(sam_chr)-1]=='\r') sam_chr[strlen(sam_chr)-1]=0;
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1242:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(sam_chr[strlen(sam_chr)-1]=='\r') sam_chr[strlen(sam_chr)-1]=0;
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1243:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * anno_chr_buf = malloc(strlen(anno_chr)+1);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1245:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * sam_chr_buf = malloc(strlen(sam_chr)+1);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1264:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(*lineptr) + 500 > linecap)
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1269:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf((*lineptr) + strlen(*lineptr), "\"%s\" ", argv[c]);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1272:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*lineptr);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1536:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Helper_md5sum(s, strlen(s), md5v);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1538:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
randv = plain_txt_to_long_rand(s, strlen(s));
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1791:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Helper_sha256sum(s, strlen(s), sha256v);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:1967:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(40000);
data/subread-2.0.1+dfsg/src/HelperFunctions.c:2677:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TNbignum_from_string(&n, modulus,strlen(modulus) );
data/subread-2.0.1+dfsg/src/SNPCalling.c:269:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int type_char = fgetc(tmp_fp), rlen=-1;
data/subread-2.0.1+dfsg/src/SNPCalling.c:300:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char read[MAX_READ_LENGTH];
data/subread-2.0.1+dfsg/src/SNPCalling.c:315:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = fread(read, sizeof(char), read_len, tmp_fp);
data/subread-2.0.1+dfsg/src/SNPCalling.c:355:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch(read[i])
data/subread-2.0.1+dfsg/src/SNPCalling.c:878:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(supporting_list,",");
data/subread-2.0.1+dfsg/src/SNPCalling.c:921:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sprint_line_len = strlen(sprint_line);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1033:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char nc = fgetc(in_fp);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1057:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ncx = fgetc(in_fp);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1338:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(del2,".");
data/subread-2.0.1+dfsg/src/SNPCalling.c:1342:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(del_suffix)>8)
data/subread-2.0.1+dfsg/src/SNPCalling.c:1356:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(del_name, "/");
data/subread-2.0.1+dfsg/src/SNPCalling.c:1430:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(one_fn, in_SAM_file+fpos0, fpos-fpos0);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1463:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(one_fn, in_SAM_file+fpos0, fpos-fpos0);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1705:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k=strlen(optarg);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1722:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_FASTA_file, optarg,MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1726:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_SAM_file, optarg,MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1730:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_BED_file, optarg,MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1747:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_path, optarg,MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/SNPCalling.c:1864:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(x1 = strlen(out_BED_file); x1 >= 0; x1--){
data/subread-2.0.1+dfsg/src/SUBindel.c:347:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.first_read_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/SUBindel.c:353:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.index_prefix, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/SUBindel.c:356:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.output_prefix, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-bigtable.c:283:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * dynamic_key = malloc(strlen(static_key) + 1);
data/subread-2.0.1+dfsg/src/core-indel.c:1365:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * mm_sort_key = malloc(strlen(sort_key)+1);
data/subread-2.0.1+dfsg/src/core-indel.c:1650:139: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int core_extend_covered_region_15(global_context_t * global_context, gene_value_index_t *array_index, unsigned int read_start_pos, char * read, int read_len, int cover_start, int cover_end, int window_size, int req_match_5end , int req_match_3end, int indel_tolerance, int space_type, int tail_indel, short * head_indel_pos, int * head_indel_movement, short * tail_indel_pos, int * tail_indel_movement, int is_head_high_quality, char * qual_txt, int qual_format, float head_matching_rate, float tail_matching_rate){
data/subread-2.0.1+dfsg/src/core-indel.c:1656:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SUBREADprintf("RTXT=%s, MAPP=%s\n", read, posout);
data/subread-2.0.1+dfsg/src/core-indel.c:1668:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
this_match_n = match_chro(read, array_index, read_start_pos - indel_movement, window_size, 0, space_type );
data/subread-2.0.1+dfsg/src/core-indel.c:1720:104: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int core_extend_covered_region_13(gene_value_index_t *array_index, unsigned int read_start_pos, char * read, int read_len, int cover_start, int cover_end, int window_size, int req_match_5end , int req_match_3end, int indel_tolerance, int space_type, int tail_indel, short * head_indel_pos, int * head_indel_movement, short * tail_indel_pos, int * tail_indel_movement, int is_head_high_quality, char * qual_txt, int qual_format, float head_matching_rate, float tail_matching_rate)
data/subread-2.0.1+dfsg/src/core-indel.c:1728:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int roughly_mapped = match_chro(read, array_index, read_start_pos, head_test_len , 0, space_type);
data/subread-2.0.1+dfsg/src/core-indel.c:1749:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
roughly_mapped = match_chro(read, array_index, read_start_pos, window_end_pos - right_match_number , 0, space_type);
data/subread-2.0.1+dfsg/src/core-indel.c:1901:101: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int core_dynamic_align(global_context_t * global_context, thread_context_t * thread_context, char * read, int read_len, unsigned int begin_position, char * movement_buffer, int expected_offset, char * read_name);
data/subread-2.0.1+dfsg/src/core-indel.c:1998:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(outstr+strlen(outstr),"%c",mc);
data/subread-2.0.1+dfsg/src/core-indel.c:2860:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int read_len = strlen(next_read_txt);
data/subread-2.0.1+dfsg/src/core-indel.c:2887:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int neighbour_read_len = strlen(neighbour_read_text);
data/subread-2.0.1+dfsg/src/core-indel.c:2983:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int read_len = strlen(start_read_txt), read_offset;
data/subread-2.0.1+dfsg/src/core-indel.c:3064:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int next_read_len = strlen(next_read_txt);
data/subread-2.0.1+dfsg/src/core-indel.c:3073:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( next_read_nonoverlap + strlen(next_read_txt) <= read_len)
data/subread-2.0.1+dfsg/src/core-indel.c:3172:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(mismatch<2)
data/subread-2.0.1+dfsg/src/core-indel.c:3253:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int new_bases = (search_direction>0)?strlen(next_read_txt)-(read_len - next_read_nonoverlap):-next_read_nonoverlap;
data/subread-2.0.1+dfsg/src/core-indel.c:3268:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(block_context -> rebuilt_window) != block_context ->rebuilt_window_size) return 1;
data/subread-2.0.1+dfsg/src/core-indel.c:3275:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int high_quality_offset = 0*min(2, strlen(next_read_txt) - new_bases);
data/subread-2.0.1+dfsg/src/core-indel.c:3280:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat(block_context -> rebuilt_window , next_read_txt + strlen(next_read_txt) - new_bases - high_quality_offset);
data/subread-2.0.1+dfsg/src/core-indel.c:3283:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat(block_context -> rebuilt_window , next_read_txt + strlen(next_read_txt) - new_bases);
data/subread-2.0.1+dfsg/src/core-indel.c:3291:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int high_quality_offset = 0*min(2, strlen(next_read_txt) - new_bases);
data/subread-2.0.1+dfsg/src/core-indel.c:3554:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int contig_len_1 = strlen(contig_1);
data/subread-2.0.1+dfsg/src/core-indel.c:3555:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int contig_len_2 = strlen(contig_2);
data/subread-2.0.1+dfsg/src/core-indel.c:3675:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( ( basic_ins_right + global_context -> config.reassembly_key_length - best_edge) >strlen(right_contig) ||base_index -> length + base_index -> start_base_offset <= basic_ins_right + global_context -> config.reassembly_key_length || basic_ins_left < base_index -> start_base_offset || best_edge >= base_index -> length + base_index -> start_base_offset) ret = 0;
data/subread-2.0.1+dfsg/src/core-indel.c:3679:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int right_match = match_chro(right_contig + strlen(right_contig)- ( basic_ins_right + global_context -> config.reassembly_key_length - best_edge), base_index, best_edge, basic_ins_right + global_context -> config.reassembly_key_length - best_edge, 0, global_context->config.space_type);
data/subread-2.0.1+dfsg/src/core-indel.c:4137:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int xk2, full_rebuilt_window_size = strlen(full_rebuilt_window);
data/subread-2.0.1+dfsg/src/core-indel.c:4171:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(contig_CIGAR+strlen(contig_CIGAR), "%dM%d%c", indels_read_positions[xk2] - read_position_cursor, abs(indels), indels<0?'I':'D');
data/subread-2.0.1+dfsg/src/core-indel.c:4425:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(del2,".");
data/subread-2.0.1+dfsg/src/core-indel.c:4429:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(del_suffix)>8)
data/subread-2.0.1+dfsg/src/core-indel.c:4443:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(del_name, "/");
data/subread-2.0.1+dfsg/src/core-indel.c:4618:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(x1 = strlen(context->config.output_prefix); x1 >=0; x1--){
data/subread-2.0.1+dfsg/src/core-indel.c:4628:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(context->config.temp_file_prefix+strlen(context->config.temp_file_prefix), "/core-temp-sum-%06u-%s", getpid(), mac_rand );
data/subread-2.0.1+dfsg/src/core-indel.c:4644:101: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int core_dynamic_align(global_context_t * global_context, thread_context_t * thread_context, char * read, int read_len, unsigned int begin_position, char * movement_buffer, int expected_offset, char * read_name)
data/subread-2.0.1+dfsg/src/core-indel.c:4684:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SUBREADprintf ("\n%s\n", read);
data/subread-2.0.1+dfsg/src/core-indel.c:4726:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char is_matched_ij = (chromo_ch == read[j])?CORE_DPALIGN_MATCH_SCORE:CORE_DPALIGN_MISMATCH_PENALTY;
data/subread-2.0.1+dfsg/src/core-indel.c:4746:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
table_mask[i][j]= (chromo_ch == read[j])?INDEL_MASK_BY_MATCH:INDEL_MASK_BY_MISMATCH;
data/subread-2.0.1+dfsg/src/core-indel.c:4751:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
table_mask[i][j]= (chromo_ch == read[j])?INDEL_MASK_BY_MATCH:INDEL_MASK_BY_MISMATCH;
data/subread-2.0.1+dfsg/src/core-indel.c:4766:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SUBREADprintf("%c%c\t", chromo_ch, read[j]);
data/subread-2.0.1+dfsg/src/core-indel.h:194:101: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int core_dynamic_align(global_context_t * global_context, thread_context_t * thread_context, char * read, int read_len, unsigned int begin_position, char * movement_buffer, int expected_offset, char * read_name);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:351:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.exon_annotation_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:354:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.exon_annotation_alias_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:406:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.first_read_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:410:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.second_read_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:413:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.index_prefix, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:416:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.output_prefix, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:510:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(global_context->config.read_group_txt, "\t");
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:593:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.exon_annotation_feature_name_column, optarg, MAX_READ_NAME_LEN - 1);
data/subread-2.0.1+dfsg/src/core-interface-aligner.c:597:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.exon_annotation_gene_id_column, optarg, MAX_READ_NAME_LEN - 1);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:338:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.first_read_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:353:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.exon_annotation_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:356:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.exon_annotation_alias_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:424:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.second_read_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:427:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.index_prefix, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:430:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.output_prefix, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:515:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(global_context->config.read_group_txt, "\t");
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:606:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.exon_annotation_feature_name_column, optarg, MAX_READ_NAME_LEN - 1);
data/subread-2.0.1+dfsg/src/core-interface-subjunc.c:610:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.exon_annotation_gene_id_column, optarg, MAX_READ_NAME_LEN - 1);
data/subread-2.0.1+dfsg/src/core-junction.c:3254:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(piece_cigar+strlen(piece_cigar), "%d%c", abs(event_after->indel_length), event_after->indel_length>0?'D':'I');
data/subread-2.0.1+dfsg/src/core-junction.c:3295:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(piece_cigar+strlen(piece_cigar), "%u%c", (int)movement, jump_mode);
data/subread-2.0.1+dfsg/src/core-junction.c:3297:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(event_after -> indel_at_junction) sprintf(piece_cigar+strlen(piece_cigar), "%dI", event_after -> indel_at_junction);
data/subread-2.0.1+dfsg/src/core-junction.c:3304:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(tmp_cigar) > CORE_MAX_CIGAR_STR_LEN - 14){
data/subread-2.0.1+dfsg/src/core-junction.c:5012:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int core13_test_donor(char *read, int read_len, unsigned int pos1, unsigned int pos2, int guess_break_point, char negative_strand, int test_range, char is_soft_condition, int EXON_INDEL_TOLERANCE, int* real_break_point, gene_value_index_t * my_value_array_index, int indel_offset1, int indel_offset2, int is_reversed, int space_type, int * best_donor_score, int * is_GTAG)
data/subread-2.0.1+dfsg/src/core-junction.c:5076:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(memcmp(read, TEST_TARGET, 15)==0)
data/subread-2.0.1+dfsg/src/core-junction.c:5111:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(memcmp(read, TEST_TARGET, 15)==0)
data/subread-2.0.1+dfsg/src/core-junction.c:5112:98: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SUBREADprintf("SELECRED!!!_BREAKPOINT=%d, RAW POS=%u,%u, R=%s\n", best_break, pos1 , pos2, read);
data/subread-2.0.1+dfsg/src/core-junction.c:5121:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(memcmp(read, TEST_TARGET, 15)==0)
data/subread-2.0.1+dfsg/src/core-junction.c:5122:74: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SUBREADprintf("KILLED!!!_BREAKPOINT=%d, R=%s\n", best_break+ pos1, read);
data/subread-2.0.1+dfsg/src/core-junction.c:5136:126: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void core_fragile_junction_voting(global_context_t * global_context, thread_context_t * thread_context, char * rname, char * read, char * qual, unsigned int full_rl, int negative_strand, int color_space, unsigned int low_border, unsigned int high_border, gene_vote_t *vote_p1)
data/subread-2.0.1+dfsg/src/core-junction.h:156:126: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void core_fragile_junction_voting(global_context_t * global_context, thread_context_t * thread_context, char * rname, char * read, char * qual, unsigned int full_rl, int negative_strand, int color_space, unsigned int low_border, unsigned int high_border, gene_vote_t *vote_p1);
data/subread-2.0.1+dfsg/src/core.c:148:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(out_ptr + strlen(linebuf) < out_limit){
data/subread-2.0.1+dfsg/src/core.c:150:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_ptr += strlen(linebuf);
data/subread-2.0.1+dfsg/src/core.c:184:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int is_R_code,x1,content_len = strlen(content), state, txt_len, is_cut = 0, real_lenwidth;
data/subread-2.0.1+dfsg/src/core.c:253:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out_line_buff,"=");
data/subread-2.0.1+dfsg/src/core.c:266:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for(x1=0;x1<left_stars-2;x1++) strcat(out_line_buff,"=");
data/subread-2.0.1+dfsg/src/core.c:267:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(out_line_buff+strlen(out_line_buff),"%c[36m", CHAR_ESC);
data/subread-2.0.1+dfsg/src/core.c:268:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(out_line_buff+strlen(out_line_buff)," %s ", content);
data/subread-2.0.1+dfsg/src/core.c:269:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(out_line_buff+strlen(out_line_buff),"%c[0m", CHAR_ESC);
data/subread-2.0.1+dfsg/src/core.c:270:36: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for(x1=0;x1<right_stars-2;x1++) strcat(out_line_buff,"=");
data/subread-2.0.1+dfsg/src/core.c:319:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out_line_buff," ");
data/subread-2.0.1+dfsg/src/core.c:320:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(out_line_buff+strlen(out_line_buff),"%c[36m", CHAR_ESC);
data/subread-2.0.1+dfsg/src/core.c:322:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(out_line_buff+strlen(out_line_buff),"%c[0m", CHAR_ESC);
data/subread-2.0.1+dfsg/src/core.c:334:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(out_line_buff+strlen(out_line_buff)," %c[0m%s", CHAR_ESC , spaces + (78 - right_spaces + 1));
data/subread-2.0.1+dfsg/src/core.c:700:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.first_read_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core.c:704:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.second_read_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core.c:707:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.index_prefix, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core.c:710:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_context->config.output_prefix, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/core.c:1013:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ret = sort_SAM_add_line(&writer, fline, strlen(fline));
data/subread-2.0.1+dfsg/src/core.c:1400:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(head_S > 0) sprintf(cigar_added + strlen(cigar_added), "%dS", head_S );
data/subread-2.0.1+dfsg/src/core.c:1402:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(cigar_added + strlen(cigar_added), "%d%c", remainder_tmpi , nch );
data/subread-2.0.1+dfsg/src/core.c:1405:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tail_S > 0) sprintf(cigar_added + strlen(cigar_added), "%dS", tail_S );
data/subread-2.0.1+dfsg/src/core.c:1480:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(r->additional_information + strlen(r->additional_information), "\tCG:Z:%s\tCP:i:%u\tCT:Z:%c\tCC:Z:%s", r->out_cigars[xk1] , max(1,chimeric_pos + soft_clipping_movement + 1), strand_xor?'-':'+' , chimaric_chr );
data/subread-2.0.1+dfsg/src/core.c:1515:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(r->additional_information + strlen(r->additional_information), "\tXS:A:%c", (current_result -> realign_flags & CORE_IS_GT_AG_DONORS)?'+':'-');
data/subread-2.0.1+dfsg/src/core.c:1638:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(dst + strlen(dst), "%uM", last_M + head_clip);
data/subread-2.0.1+dfsg/src/core.c:1642:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(dst + strlen(dst), "%u%c", tmpi, nch);
data/subread-2.0.1+dfsg/src/core.c:1649:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(dst + strlen(dst), "%uM" , last_M + tail_clip + head_clip);
data/subread-2.0.1+dfsg/src/core.c:1912:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(2);
data/subread-2.0.1+dfsg/src/core.c:2056:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read_text_1[strlen(read_text_1)-1]=0;
data/subread-2.0.1+dfsg/src/core.c:2058:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read_text_2[strlen(read_text_2)-1]=0;
data/subread-2.0.1+dfsg/src/core.c:2064:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(rec1->additional_information + strlen( rec1->additional_information), "\tNM:i:%d", rec1_edit );
data/subread-2.0.1+dfsg/src/core.c:2069:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(rec2->additional_information + strlen( rec2->additional_information), "\tNM:i:%d", rec2_edit );
data/subread-2.0.1+dfsg/src/core.c:3738:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(SUBREAD_VERSION) == 8) spaces = "";
data/subread-2.0.1+dfsg/src/core.c:3739:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(SUBREAD_VERSION) == 5) spaces = " ";
data/subread-2.0.1+dfsg/src/core.c:4862:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * fixed_len = malloc(strlen(flen)+1);
data/subread-2.0.1+dfsg/src/detection-calls.c:52:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_exon -> gene_name, gene_name, FEATURE_NAME_LENGTH);
data/subread-2.0.1+dfsg/src/detection-calls.c:53:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_exon -> chro_name, chro_name, MAX_CHROMOSOME_NAME_LEN);
data/subread-2.0.1+dfsg/src/detection-calls.c:99:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curr_chro_mem = malloc(strlen(fl));
data/subread-2.0.1+dfsg/src/detection-calls.c:171:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(NULL == bin2 && strlen(chro) <3){
data/subread-2.0.1+dfsg/src/detection-calls.c:179:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(NULL == bin2 && strlen(chro) >3 && memcmp("chr", chro, 3)==0){
data/subread-2.0.1+dfsg/src/detection-calls.c:269:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(NULL == in_chro_exons && strlen(current_chro) < 3){
data/subread-2.0.1+dfsg/src/filterJunctionTable.c:17:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curr_line_len = strlen(new_line);
data/subread-2.0.1+dfsg/src/filterJunctionTable.c:60:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!ll || strlen(ll)<4) break;
data/subread-2.0.1+dfsg/src/filterJunctionTable.c:74:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(chrostr)<3)strcpy(chro_mem, "chr");
data/subread-2.0.1+dfsg/src/flattenAnnotations.c:113:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * mem_gene = malloc(strlen(gene_name)+1);
data/subread-2.0.1+dfsg/src/fullscan.c:79:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void scan_test_match(char * read, char * read_rev, char * chro, int rl, unsigned int pos)
data/subread-2.0.1+dfsg/src/fullscan.c:82:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int m = str_match_count(read, chro, rl, rl- threshold);
data/subread-2.0.1+dfsg/src/fullscan.c:101:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int read_len = strlen(read_str);
data/subread-2.0.1+dfsg/src/fullscan.c:169:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(index_name, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/fullscan.c:192:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(read_str, argv[optind], 1199);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:688:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * seqname_buf = malloc(strlen(seqname)+1);
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:789:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name = malloc(strlen(clinebuf));
data/subread-2.0.1+dfsg/src/gen_rand_reads.c:989:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(ret && strlen(grc.output_prefix)>0){
data/subread-2.0.1+dfsg/src/gene-algorithms.c:105:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nch = fgetc(fp);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:283:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bar_width = width - 7 - strlen(hint) , i;
data/subread-2.0.1+dfsg/src/gene-algorithms.c:316:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(lbuf, "=");
data/subread-2.0.1+dfsg/src/gene-algorithms.c:317:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(lbuf, ">");
data/subread-2.0.1+dfsg/src/gene-algorithms.c:319:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(lbuf, " ");
data/subread-2.0.1+dfsg/src/gene-algorithms.c:320:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(lbuf, "]");
data/subread-2.0.1+dfsg/src/gene-algorithms.c:656:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void compress_cigar(char *cigar, int total_length, char * read, int * pos_offset, int *rl_adjust)
data/subread-2.0.1+dfsg/src/gene-algorithms.c:661:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cigar_len = strlen(cigar);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:788:119: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void show_cigar(char * info, int len, int is_reversed_map, char * buf, int indel_tolerance, int total_subreads, char *read, int * pos_offset, int * adjust_len)
data/subread-2.0.1+dfsg/src/gene-algorithms.c:802:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, info+1, 98);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:803:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
compress_cigar(buf, len, read, pos_offset, adjust_len);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:832:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf), "%d%c%dM", abs(offset), offset>0?'I':'D', base_end - cursor - (offset>0?offset:0));
data/subread-2.0.1+dfsg/src/gene-algorithms.c:837:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf), "%dM", base_end);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:841:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
compress_cigar(buf, len, read, pos_offset, adjust_len);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1024:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int vpos = strlen(tmp_cigar);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1052:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int vpos = strlen(tmp_cigar);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1061:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int vpos = strlen(tmp_cigar);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1081:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int vpos = strlen(tmp_cigar);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1104:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int vpos = strlen(tmp_cigar);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1116:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vpos = strlen(tmp_cigar);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1135:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(allvote -> max_indel_recorder + qid * allvote -> indel_recorder_length+1, tmp_cigar, allvote -> indel_recorder_length - 2);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1157:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
next_char=fgetc(fp);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1190:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_chro_indel(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand, int space_type, int indel_size, gene_vote_number_t * indel_recorder, int total_subreads)
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1217:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_chro_indel_old(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand, int space_type, int indel_size)
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1225:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret += match_chro(read, index, pos + i, test_len, is_negative_strand, space_type);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1520:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn)<2)continue;
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1707:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int search_DP_branch(char * read, int read_len, gene_value_index_t * index, unsigned int begin_position, int path_i, int path_j, short ** table,char ** table_mask, int max_indel, char * movement_buffer, int expected_offset, int current_score, int out_pos, int current_offset, int init_read_offset, int shutdown_read_offset, int * all_steps)
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1737:71: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char is_matched_ij = gvindex_get(index, begin_position + path_j) == read[path_i]?DPALIGN_MATCH_SCORE :DPALIGN_MISMATCH_PENALTY;
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1759:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
found =search_DP_branch (read, read_len, index, begin_position, path_i , path_j -1, table , table_mask, max_indel, movement_buffer, expected_offset, left_score, out_pos -1, current_offset - ((path_i >= init_read_offset && path_i <= shutdown_read_offset)?1:0), init_read_offset, shutdown_read_offset, all_steps);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1767:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
found =search_DP_branch (read, read_len, index, begin_position, path_i -1 , path_j , table , table_mask , max_indel, movement_buffer, expected_offset, upper_score, out_pos -1, current_offset + ((path_i >= init_read_offset && path_i <= shutdown_read_offset)?1:0), init_read_offset, shutdown_read_offset, all_steps);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1774:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
found = search_DP_branch (read, read_len, index, begin_position, path_i -1 , path_j -1, table , table_mask, max_indel, movement_buffer, expected_offset, upperleft_score, out_pos -1, current_offset, init_read_offset, shutdown_read_offset, all_steps);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1783:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int window_indel_align(char * read, int read_len, gene_value_index_t * index, unsigned int begin_position, int max_indel, char * movement_buffer, int expected_offset, int init_read_offset, int shutdown_read_offset)
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1821:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
j = read[read_len];
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1822:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[read_len]=0;
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1824:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ddprintf ("CHRO=%s\nREAD=%s\n", chro_str, read);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1889:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[read_len] = j;
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1893:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int dynamic_align(char * read, int read_len, gene_value_index_t * index, unsigned int begin_position, int max_indel, char * movement_buffer, int expected_offset, int init_read_offset, int shutdown_read_offset, short **table , char ** table_mask)
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1907:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SUBREADprintf ("\n%s\n", read);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1935:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char is_matched_ij = (chromo_ch == read[i])?DPALIGN_MATCH_SCORE:DPALIGN_MISMATCH_PENALTY;
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1947:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SUBREADprintf("%c%c\t", chromo_ch, read[i]);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1987:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
out_pos = search_DP_branch(read, read_len, index, begin_position, path_i, j, table, table_mask, max_indel, out_tmp , expected_offset, current_score , out_pos, 0, init_read_offset,shutdown_read_offset, &all_steps);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:1998:96: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int extend_covered_region(gene_value_index_t *array_index, unsigned int read_start_pos, char * read, int read_len, int cover_start, int cover_end, int window_size, int req_match_5end , int req_match_3end, int indel_tolerance, int space_type, int tail_indel, short * head_indel_pos, int * head_indel_movement, short * tail_indel_pos, int * tail_indel_movement, int is_head_high_quality, char * qual_txt, int qual_format, float head_matching_rate, float tail_matching_rate)
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2006:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int roughly_mapped = match_chro(read, array_index, read_start_pos, head_test_len , 0, space_type);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2027:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
roughly_mapped = match_chro(read, array_index, read_start_pos, window_end_pos - right_match_number , 0, space_type);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2265:157: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
float final_mapping_quality(gene_value_index_t *array_index, unsigned int pos, char * read_txt, char * qual_txt, char * cigar_txt, int phred_version, int * mismatch, int rl, char * refined_cigar, unsigned int * new_pos)
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2270:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cigar_length = strlen(cigar_txt);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2289:170: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
float nret = match_base_quality(array_index, read_txt + read_cursor, chromosome_cursor , (qual_txt && qual_txt[0])?qual_txt + read_cursor:NULL, x, 0, phred_version, mismatch, &all_MM, 200000,0,0);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2455:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(refined_cigar+strlen(refined_cigar), "%d%c", out_len, cigar_txt[cigar_cursor]);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2468:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(refined_cigar+strlen(refined_cigar), "%I64d%c", x, cigar_txt[cigar_cursor]);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2470:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(refined_cigar+strlen(refined_cigar), "%lld%c", x, cigar_txt[cigar_cursor]);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2486:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(refined_cigar+strlen(refined_cigar),"%dS",rl-last_confirmed_read_pos);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2576:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ncg2, ncg, 99);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2577:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ncg, ncg2, 99);
data/subread-2.0.1+dfsg/src/gene-algorithms.c:2584:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ncg, ncg2, 99);
data/subread-2.0.1+dfsg/src/gene-algorithms.h:96:114: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void show_cigar(char * info, int len, int is_reversed_map, char * buf, int max_indel, int total_subreads, char * read, int * pos_offset, int * adjust_rl);
data/subread-2.0.1+dfsg/src/gene-algorithms.h:98:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int dynamic_align(char * read, int read_len, gene_value_index_t * index, unsigned int begin_position, int max_indel, char * movement_buffer, int expected_offset,int begin_read_offset, int end_read_offset, short **dynamic_programming_short , char** dynamic_programming_char );
data/subread-2.0.1+dfsg/src/gene-algorithms.h:100:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int window_indel_align(char * read, int read_len, gene_value_index_t * index, unsigned int begin_position, int max_indel, char * movement_buffer, int expected_offset,int begin_read_offset, int end_read_offset);
data/subread-2.0.1+dfsg/src/gene-algorithms.h:106:96: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int extend_covered_region(gene_value_index_t *array_index, unsigned int read_start_pos, char * read, int read_len, int cover_start, int cover_end, int window_size, int match_req_5end, int match_req_3end, int indel_tolerance, int space_type, int tail_indel, short * head_indel_pos, int * head_indel_movement, short * tail_indel_pos, int * tail_indel_movement, int is_head_high_quality, char * qual_str, int qual_format, float head_matching_rate, float tail_matching_rate);
data/subread-2.0.1+dfsg/src/gene-algorithms.h:108:157: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
float final_mapping_quality(gene_value_index_t *array_index, unsigned int pos, char * read_txt, char * qual_txt, char * cigar_txt, int phred_version, int * mismatch, int rl, char * refined_cigar, unsigned int * new_pos);
data/subread-2.0.1+dfsg/src/gene-algorithms.h:116:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void compress_cigar(char * cigar, int read_len, char *read, int * position_offset, int * adjust_rl);
data/subread-2.0.1+dfsg/src/gene-algorithms.h:138:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_chro_indel(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand, int space_type, int indel_size, gene_vote_number_t * indel_recorder, int total_subreads);
data/subread-2.0.1+dfsg/src/gene-value-index.c:231:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_chro_wronglen(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int space_type, int * left_match_bases, int * right_match_bases)
data/subread-2.0.1+dfsg/src/gene-value-index.c:250:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newv = read[i] == '0'+chars2color(last_char, tt);
data/subread-2.0.1+dfsg/src/gene-value-index.c:254:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newv =read[i] == tt;
data/subread-2.0.1+dfsg/src/gene-value-index.c:277:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_indel_chro_to_front(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int * indels, int * indel_point, int max_indel_number, int max_test_length)
data/subread-2.0.1+dfsg/src/gene-value-index.c:293:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read[i]==tt)ret++;
data/subread-2.0.1+dfsg/src/gene-value-index.c:336:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret += read[i] == tt;
data/subread-2.0.1+dfsg/src/gene-value-index.c:412:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void match_indel_table_to_front_in(HashTable * indel_table , char * read, int read_pos_first_base, gene_value_index_t * index, unsigned int first_base_pos, int test_len, short * total_indels, short * indel_point, int max_indel_number, int min_test_offset, short * indels, short * indel_poses, int sofar_matched_bases, short * best_indels, short * best_indel_poses, int * best_matching_bases, int level);
data/subread-2.0.1+dfsg/src/gene-value-index.c:416:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_indel_table_to_front(HashTable * indel_table , char * read, gene_value_index_t * index, unsigned int first_base_pos, int test_len, short * indels, short * indel_point, int max_indel_number, int min_test_offset, struct explorer_section_t * sec)
data/subread-2.0.1+dfsg/src/gene-value-index.c:434:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
match_indel_table_to_front_in(indel_table, read, 0, index, first_base_pos, test_len , indels , indel_point , max_indel_number , min_test_offset , tmp_indel_rec , tmp_indel_pos_rec , 0, best_indel_rec, best_indel_pos_rec , &best_matching_bases , 0);
data/subread-2.0.1+dfsg/src/gene-value-index.c:443:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void match_indel_table_to_front_in(HashTable * indel_table , char * read, int read_pos_first_base, gene_value_index_t * index, unsigned int first_base_pos, int test_len, short * total_indels, short * indel_point, int max_indel_number, int min_test_offset, short * indels, short * indel_poses, int sofar_matched_bases, short * best_indels, short * best_indel_poses, int * best_matching_bases, int level)
data/subread-2.0.1+dfsg/src/gene-value-index.c:457:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(0&&memcmp(read + test_len - 1 - 30, TEST_TARGET +strlen(TEST_TARGET) -1 - 30, 30)==0)
data/subread-2.0.1+dfsg/src/gene-value-index.c:464:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section_matched_bases = match_chro(read, index, first_base_pos, xi ,0,GENE_SPACE_BASE);
data/subread-2.0.1+dfsg/src/gene-value-index.c:500:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int onepiece_matched_bases = match_chro(read, index, first_base_pos, test_len ,0,GENE_SPACE_BASE);
data/subread-2.0.1+dfsg/src/gene-value-index.c:509:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(0&&memcmp(read + test_len - 1 - 30, TEST_TARGET + strlen(TEST_TARGET) - 31, 30)==0)
data/subread-2.0.1+dfsg/src/gene-value-index.c:546:68: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void match_indel_table_to_back_in(HashTable * indel_table , char * read, gene_value_index_t * index, unsigned int last_base_pos, int test_len, short * total_indels, short * indel_point, int max_indel_number, int min_test_offset, short * indels, short * indel_poses, int sofar_matched_bases, short * best_indels, short * best_indel_poses, int * best_matching_bases, int level);
data/subread-2.0.1+dfsg/src/gene-value-index.c:547:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_indel_table_to_back(HashTable * indel_table, char * read, gene_value_index_t * index, unsigned int last_base_pos, int test_len, short * indels, short * indel_point, int max_indel_number, int min_test_offset, struct explorer_section_t * sec)
data/subread-2.0.1+dfsg/src/gene-value-index.c:558:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
match_indel_table_to_back_in(indel_table, read, index, last_base_pos, test_len , indels , indel_point , max_indel_number , min_test_offset , tmp_indel_rec , tmp_indel_pos_rec , 0, best_indel_rec, best_indel_pos_rec , &best_matching_bases , 0);
data/subread-2.0.1+dfsg/src/gene-value-index.c:579:68: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void match_indel_table_to_back_in(HashTable * indel_table , char * read, gene_value_index_t * index, unsigned int last_base_pos, int test_len, short * total_indels, short * indel_point, int max_indel_number, int min_test_offset, short * indels, short * indel_poses, int sofar_matched_bases, short * best_indels, short * best_indel_poses, int * best_matching_bases, int level)
data/subread-2.0.1+dfsg/src/gene-value-index.c:591:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(0&&memcmp(read, TEST_TARGET, 60)==0)
data/subread-2.0.1+dfsg/src/gene-value-index.c:592:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("BACK-OUT: %s, LEV=%d, LEN=%d, TAILPOS=%u\n",read, level, test_len, last_base_pos);
data/subread-2.0.1+dfsg/src/gene-value-index.c:618:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
match_indel_table_to_back_in(indel_table, read, index, next_last_base_pos , remainder_testlen , total_indels, indel_point, max_indel_number, min_test_offset, indels, indel_poses, sofar_matched_bases + section_matched_bases, best_indels, best_indel_poses, best_matching_bases, level+1) ;
data/subread-2.0.1+dfsg/src/gene-value-index.c:632:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int onepiece_matched_bases = match_chro(read, index, last_base_pos - test_len, test_len ,0,GENE_SPACE_BASE);
data/subread-2.0.1+dfsg/src/gene-value-index.c:640:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(0&&memcmp(read, TEST_TARGET, 60)==0)
data/subread-2.0.1+dfsg/src/gene-value-index.c:675:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_indel_chro_to_back(char * read, gene_value_index_t * index, unsigned int pos /*_of_the_first_base (assumed)*/, int test_len, int * indels, int * indel_point, int max_indel_number, int min_test_offset)
data/subread-2.0.1+dfsg/src/gene-value-index.c:703:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read[test_len - i - 1] ==tt)ret++;
data/subread-2.0.1+dfsg/src/gene-value-index.c:719:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int matched_tail = match_chro(read , index, tail_pos - test_len - indel_test , test_len - i ,0,GENE_SPACE_BASE);
data/subread-2.0.1+dfsg/src/gene-value-index.c:729:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int matched_tail = match_chro(read, index, tail_pos - test_len - indel_test , test_len - i + indel_test ,0,GENE_SPACE_BASE);
data/subread-2.0.1+dfsg/src/gene-value-index.c:752:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret += read[test_len - i - 1] == tt;
data/subread-2.0.1+dfsg/src/gene-value-index.c:766:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float match_chro_support(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand, int space_type, char * qual_txt, int qual_format)
data/subread-2.0.1+dfsg/src/gene-value-index.c:782:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'A': is_correct = read[i] == 'T'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:783:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'T': is_correct = read[i] == 'A'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:784:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'G': is_correct = read[i] == 'C'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:785:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'C': is_correct = read[i] == 'G'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:819:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int is_correct =read[i] == tt;
data/subread-2.0.1+dfsg/src/gene-value-index.c:836:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int is_correct =read[i] == tt;
data/subread-2.0.1+dfsg/src/gene-value-index.c:853:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int is_correct =read[i] == tt;
data/subread-2.0.1+dfsg/src/gene-value-index.c:873:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_chro(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand, int space_type)
data/subread-2.0.1+dfsg/src/gene-value-index.c:894:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret += read[i] == '0'+chars2color(tt, last_char);
data/subread-2.0.1+dfsg/src/gene-value-index.c:906:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'A': ret += read[i] == 'T'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:907:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'T': ret += read[i] == 'A'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:908:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'G': ret += read[i] == 'C'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:909:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'C': ret += read[i] == 'G'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:933:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char tv = read[i];
data/subread-2.0.1+dfsg/src/gene-value-index.c:969:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret += read[i] == '0'+chars2color(last_char, tt);
data/subread-2.0.1+dfsg/src/gene-value-index.c:979:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_chro_slow(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand, int space_type)
data/subread-2.0.1+dfsg/src/gene-value-index.c:982:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return match_chro_slow(read, index, pos, test_len, is_negative_strand, space_type);
data/subread-2.0.1+dfsg/src/gene-value-index.c:992:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret += ((index -> values[offset] >> bits) & 0x3 )== base2int(*read);
data/subread-2.0.1+dfsg/src/gene-value-index.c:999:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int match_chro_range(char * read, gene_value_index_t * index, unsigned int pos, int read_len, int search_length, int search_to_back)
data/subread-2.0.1+dfsg/src/gene-value-index.c:1008:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
key[i] = key[i] << 2 | base2int(read[j]);
data/subread-2.0.1+dfsg/src/gene-value-index.c:1042:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int retv = match_chro_maxerror(read, index, hit_pos, read_len, 0, 0, 0);
data/subread-2.0.1+dfsg/src/gene-value-index.c:1054:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_chro_maxerror(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand, int space_type, int max_error)
data/subread-2.0.1+dfsg/src/gene-value-index.c:1074:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret += read[i] != '0'+chars2color(tt, last_char);
data/subread-2.0.1+dfsg/src/gene-value-index.c:1080:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'A': ret += read[i] != 'T'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:1081:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'T': ret += read[i] != 'A'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:1082:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'G': ret += read[i] != 'C'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:1083:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'C': ret += read[i] != 'G'; break;
data/subread-2.0.1+dfsg/src/gene-value-index.c:1097:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret += read[i] != '0'+chars2color(last_char, tt);
data/subread-2.0.1+dfsg/src/gene-value-index.c:1101:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret +=read[i] != tt;
data/subread-2.0.1+dfsg/src/gene-value-index.h:46:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_chro(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand, int space_type);
data/subread-2.0.1+dfsg/src/gene-value-index.h:47:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float match_chro_support(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand, int space_type, char * qual_str, int qual_format);
data/subread-2.0.1+dfsg/src/gene-value-index.h:50:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_chro_maxerror(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand, int space_type, int maxerror);
data/subread-2.0.1+dfsg/src/gene-value-index.h:54:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_chro_wronglen(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int space_type, int * left_match_bases, int * right_match_bases);
data/subread-2.0.1+dfsg/src/gene-value-index.h:56:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_indel_chro_to_front(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int * indels, int * indel_point,int max_indel_number, int max_test_len);
data/subread-2.0.1+dfsg/src/gene-value-index.h:57:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_indel_chro_to_back(char * read, gene_value_index_t * index, unsigned int pos, int test_len, int * indels, int * indel_point,int max_indel_number, int min_test_offset);
data/subread-2.0.1+dfsg/src/gene-value-index.h:59:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_indel_table_to_front(HashTable * indel_table , char * read, gene_value_index_t * index, unsigned int pos, int test_len, short * indels, short * indel_point, int max_indel_number, int min_test_offset, struct explorer_section_t * sec);
data/subread-2.0.1+dfsg/src/gene-value-index.h:60:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int match_indel_table_to_back(HashTable * indel_table , char * read, gene_value_index_t * index, unsigned int pos, int test_len, short * indels, short * indel_point, int max_indel_number, int min_test_offset, struct explorer_section_t * sec);
data/subread-2.0.1+dfsg/src/gene-value-index.h:62:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int match_chro_range(char * read, gene_value_index_t * index, unsigned int pos, int read_len, int search_length, int search_to_back);
data/subread-2.0.1+dfsg/src/global-reassembly.c:314:87: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int GRA_scan_best_overlap(GRA_global_context_t * global_context, char * piece, char * read, int rlen)
data/subread-2.0.1+dfsg/src/global-reassembly.c:338:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int r1len = strlen(r1);
data/subread-2.0.1+dfsg/src/global-reassembly.c:363:52: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define SKIP_LINE {char tmpchr; while (1){tmpchr = fgetc(current_fp); if(tmpchr=='\n') break;}}
data/subread-2.0.1+dfsg/src/global-reassembly.c:448:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_readname[strlen(in_readname)-1]=0;
data/subread-2.0.1+dfsg/src/global-reassembly.c:454:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_rl = strlen(in_sequence) - 1;
data/subread-2.0.1+dfsg/src/global-reassembly.c:523:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int new_rl = strlen(new_read_start);
data/subread-2.0.1+dfsg/src/global-reassembly.c:752:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:754:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:756:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:758:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:837:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:839:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:841:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:843:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:891:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:893:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:895:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:897:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_fraglist);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1522:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_tailK_bases, global_context -> contig_str + global_context -> contig_len - old_tail_len, 999);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1524:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_tailK_bases, new_bases_added, 999);
data/subread-2.0.1+dfsg/src/global-reassembly.c:1798:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmptmp, "/");
data/subread-2.0.1+dfsg/src/index-builder.c:101:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (index_prefix) > 290)
data/subread-2.0.1+dfsg/src/index-builder.c:294:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char bnch = fgetc(ginp.input_fp);
data/subread-2.0.1+dfsg/src/index-builder.c:499:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (index_prefix) > 290)
data/subread-2.0.1+dfsg/src/index-builder.c:682:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* back = s + strlen(s);
data/subread-2.0.1+dfsg/src/index-builder.c:731:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nch = fgetc(warn_fp);
data/subread-2.0.1+dfsg/src/index-builder.c:755:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(log_fp,"%s%s\n",line_buf,strlen(line_buf)<16?" ":"");
data/subread-2.0.1+dfsg/src/index-builder.c:839:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int line_buf_len = strlen(line_buf);
data/subread-2.0.1+dfsg/src/index-builder.c:875:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(read_head_buf, "\n");
data/subread-2.0.1+dfsg/src/index-builder.c:940:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int line_buf_len = strlen(line_buf);
data/subread-2.0.1+dfsg/src/index-builder.c:953:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(read_head_buf, "\n");
data/subread-2.0.1+dfsg/src/index-builder.c:1060:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(output_file, optarg, MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/index-builder.c:1223:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(x1 = strlen(output_file); x1 >=0; x1--){
data/subread-2.0.1+dfsg/src/index-builder.c:1233:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(tmp_fa_file+strlen(tmp_fa_file), "/subread-index-sam-%06u-%06d", getpid(),(int)(time(NULL) % 1000000));
data/subread-2.0.1+dfsg/src/index-builder.c:1235:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(tmp_fa_file+strlen(tmp_fa_file), "/subread-index-sam-%06u-XXXXXX", getpid());
data/subread-2.0.1+dfsg/src/input-blc.c:98:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(0==memcmp(data_dir+ strlen(data_dir)-5, SR_PATH_SPLIT_STR "L001",5 ) && strstr( dp->d_name , "s_1.filter")){
data/subread-2.0.1+dfsg/src/input-blc.c:116:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(0==memcmp(data_dir+ strlen(data_dir)-5, SR_PATH_SPLIT_STR "L001",5 ) && strstr( dp->d_name , "0001.bcl." ) && !strstr( dp->d_name , ".bci") ){
data/subread-2.0.1+dfsg/src/input-blc.c:124:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(testfile_name+strlen(testfile_name), gen_fmt, 1, 2+tti);
data/subread-2.0.1+dfsg/src/input-blc.c:234:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(xx = 0; xx < 4; xx++) fgetc(blc_input -> bcl_fps[fii]); // skip the first 32-b integer
data/subread-2.0.1+dfsg/src/input-blc.c:253:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(xx = 0; xx < 12; xx++) fgetc(blc_input -> filter_fp); // skip the 12-byte header
data/subread-2.0.1+dfsg/src/input-blc.c:497:83: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int iBLC_current_lane_next_read(input_BLC_t * blc_input, char * readname , char * read, char * qual){
data/subread-2.0.1+dfsg/src/input-blc.c:517:92: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fch = blc_input -> filter_is_gzipped? seekgz_next_int8(blc_input -> filter_gzip_fp) :fgetc(blc_input -> filter_fp);
data/subread-2.0.1+dfsg/src/input-blc.c:521:91: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nch = blc_input -> bcl_is_gzipped?seekgz_next_int8(blc_input -> bcl_gzip_fps[bii]):fgetc(blc_input -> bcl_fps[bii]), bv, qv;
data/subread-2.0.1+dfsg/src/input-blc.c:541:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[baseii] = bv;
data/subread-2.0.1+dfsg/src/input-blc.c:562:75: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int input_BLC_next_read(input_BLC_t * blc_input , char * readname, char * read, char * qual){
data/subread-2.0.1+dfsg/src/input-blc.c:568:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int rv = iBLC_current_lane_next_read(blc_input, readname, read, qual);
data/subread-2.0.1+dfsg/src/input-blc.c:679:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(linebuf)<5)continue;
data/subread-2.0.1+dfsg/src/input-blc.c:908:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(-1==known_cell_barcode_length) known_cell_barcode_length = strlen(bcbstr);
data/subread-2.0.1+dfsg/src/input-blc.c:909:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(known_cell_barcode_length != strlen(bcbstr)){
data/subread-2.0.1+dfsg/src/input-blc.c:910:161: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SUBREADprintf("ERROR: the cell barcodes have different lengths (%d!=%ld at %d). The program cannot process the cell barcodes.\n", known_cell_barcode_length, strlen(bcbstr),xx1);
data/subread-2.0.1+dfsg/src/input-blc.h:12:76: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int input_BLC_next_read( input_BLC_t * blc_input, char * readname , char * read, char * qual );
data/subread-2.0.1+dfsg/src/input-files.c:67:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/subread-2.0.1+dfsg/src/input-files.c:82:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ilen = strlen(in);
data/subread-2.0.1+dfsg/src/input-files.c:197:137: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define geinput_getc(input) ( input -> file_type == GENE_INPUT_GZIP_FASTQ? (seekgz_next_char((seekable_zfile_t*)input -> input_fp)):(fgetc((FILE*)input -> input_fp)) )
data/subread-2.0.1+dfsg/src/input-files.c:272:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc(fp);
data/subread-2.0.1+dfsg/src/input-files.c:285:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc(fp);
data/subread-2.0.1+dfsg/src/input-files.c:309:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc(fp);
data/subread-2.0.1+dfsg/src/input-files.c:327:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ch = fgetc(fp);
data/subread-2.0.1+dfsg/src/input-files.c:422:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename)>298)
data/subread-2.0.1+dfsg/src/input-files.c:433:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
id1 = fgetc(TMP_FP);
data/subread-2.0.1+dfsg/src/input-files.c:434:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
id2 = fgetc(TMP_FP);
data/subread-2.0.1+dfsg/src/input-files.c:514:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char nch = fgetc((FILE *)input->input_fp);
data/subread-2.0.1+dfsg/src/input-files.c:554:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int bc_nch = fgetc(input->input_fp);
data/subread-2.0.1+dfsg/src/input-files.c:569:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(out_buf)>0)
data/subread-2.0.1+dfsg/src/input-files.c:570:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_buf[strlen(out_buf)-1]=0;
data/subread-2.0.1+dfsg/src/input-files.c:627:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nch = fgetc(input->input_fp);
data/subread-2.0.1+dfsg/src/input-files.c:711:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char nch = fgetc(input->input_fp);
data/subread-2.0.1+dfsg/src/input-files.c:883:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(read_name, read_string+1, MAX_READ_NAME_LEN);
data/subread-2.0.1+dfsg/src/input-files.c:895:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nch = fgetc(input->input_fp);
data/subread-2.0.1+dfsg/src/input-files.c:1548:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int linelen = strlen(line_buffer);
data/subread-2.0.1+dfsg/src/input-files.c:1746:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(com_sec)==strlen(ref_seq))
data/subread-2.0.1+dfsg/src/input-files.c:1746:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(com_sec)==strlen(ref_seq))
data/subread-2.0.1+dfsg/src/input-files.c:1755:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
}else if(strlen(ref_seq) == strlen(alt_seq)) is_snp=1;
data/subread-2.0.1+dfsg/src/input-files.c:1755:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
}else if(strlen(ref_seq) == strlen(alt_seq)) is_snp=1;
data/subread-2.0.1+dfsg/src/input-files.c:1897:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(quality_string)<2)
data/subread-2.0.1+dfsg/src/input-files.c:1922:122: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
float match_rate = final_mapping_quality(array_index, linear_pos, sequence, quality_string, cigar, FASTQ_PHRED33, & mismatch, rl, NULL, NULL);
data/subread-2.0.1+dfsg/src/input-files.c:1923:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(mismatch>8 || match_rate < 160)
data/subread-2.0.1+dfsg/src/input-files.c:2152:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((*output_genes)[gene_number].gene_name , old_gene_name, MAX_GENE_NAME_LEN);
data/subread-2.0.1+dfsg/src/input-files.c:2199:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(old_gene_name, this_gene_name , MAX_GENE_NAME_LEN);
data/subread-2.0.1+dfsg/src/input-files.c:2262:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(del2,".");
data/subread-2.0.1+dfsg/src/input-files.c:2268:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(del_suffix)>8)
data/subread-2.0.1+dfsg/src/input-files.c:2281:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(del_name, "/");
data/subread-2.0.1+dfsg/src/input-files.c:2481:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(pairer -> in_file_name, "<STDIN>", MAX_FILE_NAME_LENGTH);
data/subread-2.0.1+dfsg/src/input-files.c:2483:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pairer -> in_file_name, in_file, MAX_FILE_NAME_LENGTH);
data/subread-2.0.1+dfsg/src/input-files.c:2683:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nch = fgetc(fp);
data/subread-2.0.1+dfsg/src/input-files.c:3085:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int reflen = strlen(ref);
data/subread-2.0.1+dfsg/src/input-files.c:3545:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_name = strlen(realname);
data/subread-2.0.1+dfsg/src/input-files.c:3801:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mem_name = malloc(strlen(read_full_name) + 5);
data/subread-2.0.1+dfsg/src/input-files.c:4035:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * name_tmp_1 = malloc(strlen(names+(min_name_fileno * max_name_len))+5), *name_tmp_2 = malloc(strlen(names+(min_name_fileno * max_name_len))+5);
data/subread-2.0.1+dfsg/src/input-files.c:4035:105: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * name_tmp_1 = malloc(strlen(names+(min_name_fileno * max_name_len))+5), *name_tmp_2 = malloc(strlen(names+(min_name_fileno * max_name_len))+5);
data/subread-2.0.1+dfsg/src/input-files.c:4058:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wlen = strlen( names+(min_name_fileno * max_name_len) );
data/subread-2.0.1+dfsg/src/input-files.c:4267:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *name_tmp_1 = malloc(strlen(names+(min_name_fileno * max_name_len))+5), *name_tmp_2 = malloc(strlen(names+(min_name_fileno * max_name_len))+5);
data/subread-2.0.1+dfsg/src/input-files.c:4267:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *name_tmp_1 = malloc(strlen(names+(min_name_fileno * max_name_len))+5), *name_tmp_2 = malloc(strlen(names+(min_name_fileno * max_name_len))+5);
data/subread-2.0.1+dfsg/src/input-files.c:4355:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen((char *)name_list[x1]);
data/subread-2.0.1+dfsg/src/input-files.c:4516:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(PAIRER_WAIT_TICK_TIME);
data/subread-2.0.1+dfsg/src/input-files.c:4661:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x1 = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4663:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x1 = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4665:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x1 = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4667:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x1 = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4670:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x1 = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4671:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x1 = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4672:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x1 = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4673:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x1 = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4675:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x1 = fgetc(in);//XFL
data/subread-2.0.1+dfsg/src/input-files.c:4677:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x1 = fgetc(in);//OS
data/subread-2.0.1+dfsg/src/input-files.c:4679:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xlen = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4680:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xlen += fgetc(in) * 256;
data/subread-2.0.1+dfsg/src/input-files.c:4684:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int si1 = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4685:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int si2 = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4686:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int slen = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4687:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
slen += fgetc(in) * 256;
data/subread-2.0.1+dfsg/src/input-files.c:4689:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bsize = fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:4690:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bsize += 256*fgetc(in);
data/subread-2.0.1+dfsg/src/input-files.c:5184:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(nosort_tick_time);
data/subread-2.0.1+dfsg/src/input-files.c:5343:19: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if(need_sleep) usleep(nosort_tick_time);
data/subread-2.0.1+dfsg/src/input-files.c:5355:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header_buffer_safe_size += strlen(line_ptr);
data/subread-2.0.1+dfsg/src/input-files.c:5463:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
record_len = strlen(line_ptr);
data/subread-2.0.1+dfsg/src/input-files.c:5474:19: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if(need_sleep) usleep(nosort_tick_time);
data/subread-2.0.1+dfsg/src/input-files.c:5659:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(slash_pos = strlen(output_file); slash_pos >=0; slash_pos--){
data/subread-2.0.1+dfsg/src/input-files.c:5867:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read_name_buf[strlen(read_name_buf)]='\t';
data/subread-2.0.1+dfsg/src/input-files.c:6128:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len = strlen(second_col_pos);
data/subread-2.0.1+dfsg/src/input-files.c:6144:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(chromosome_2_name , "*");
data/subread-2.0.1+dfsg/src/input-files.c:6152:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(chromosome_1_name , "*");
data/subread-2.0.1+dfsg/src/input-files.c:6163:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(read_name+strlen(read_name), "\t%s:%u:%s:%u%s",chromosome_2_name, pos_2, chromosome_1_name, pos_1, hi_key);
data/subread-2.0.1+dfsg/src/input-files.c:6165:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(read_name+strlen(read_name), "\t%s:%u:%s:%u%s",chromosome_1_name, pos_1, chromosome_2_name, pos_2, hi_key);
data/subread-2.0.1+dfsg/src/input-files.c:6170:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int read_name_len = strlen(read_name);
data/subread-2.0.1+dfsg/src/input-files.c:6390:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nch = fgetc(fp);
data/subread-2.0.1+dfsg/src/input-files.c:6405:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
second_line_len = strlen(test_buf);
data/subread-2.0.1+dfsg/src/input-files.c:6428:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(rptr && second_line_len == strlen(test_buf))
data/subread-2.0.1+dfsg/src/input-files.c:6439:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nch = fgetc(fp);
data/subread-2.0.1+dfsg/src/input-files.c:6498:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nch = fgetc(fp);
data/subread-2.0.1+dfsg/src/input-files.c:6514:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
second_line_len = strlen(test_buf);
data/subread-2.0.1+dfsg/src/input-files.c:6537:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(rptr && second_line_len == strlen(test_buf))
data/subread-2.0.1+dfsg/src/input-files.c:6581:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nch = fgetc(fp);
data/subread-2.0.1+dfsg/src/input-files.c:6654:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!found) if(strlen(t1chro)>3 && t1chro[0]=='c'&&t1chro[1]=='h'&&t1chro[2]=='r' ) found = HashTableGet(t2, t1chro+3) != NULL;
data/subread-2.0.1+dfsg/src/input-files.c:6714:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int line_len = strlen(buff);
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:144:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int LRMvalidate_mapping(LRMcontext_t * context, char * read, char * cigar, LRMgene_value_index_t * index, unsigned int pos, int neg, int * maplen, int show_txt){
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:149:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(neg) LRMreverse_read(read, strlen(read));
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:149:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(neg) LRMreverse_read(read, strlen(read));
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:149:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(neg) LRMreverse_read(read, strlen(read));
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:170:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int readval = read[txt_read_chrsor];
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:188:88: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(nch == 'I' && show_txt) for(x1 = 0; x1 < tmpi ; x1++) LRMprintf("%c[32m%c", 27, read[ read_chrsor + x1 ]);
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:189:92: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(nch == 'S' && show_txt) for(x1 = 0; x1 < tmpi ; x1++) LRMprintf("%c[4m%c%c[0m", 27, read[ read_chrsor + x1 ], 27);
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:207:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(neg) LRMreverse_read(read, strlen(read));
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:207:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(neg) LRMreverse_read(read, strlen(read));
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:207:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(neg) LRMreverse_read(read, strlen(read));
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:211:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int LRMmatch_chro(char * read, LRMgene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand){
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:225:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'A': ret += read[i] == 'T'; break;
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:226:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'T': ret += read[i] == 'A'; break;
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:227:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'G': ret += read[i] == 'C'; break;
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:228:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case 'C': ret += read[i] == 'G'; break;
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.c:242:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char tv = read[i];
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.h:33:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int LRMmatch_chro(char * read, LRMgene_value_index_t * index, unsigned int pos, int test_len, int is_negative_strand);
data/subread-2.0.1+dfsg/src/longread-one/LRMbase-index.h:37:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int LRMvalidate_mapping(LRMcontext_t * context, char * read, char * cigar, LRMgene_value_index_t * index, unsigned int pos, int rev, int * mapped_length, int show_txt);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:35:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename)>LRMMAX_FILENAME_LENGTH-2)
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:45:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
id1 = fgetc(TMP_FP);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:46:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
id2 = fgetc(TMP_FP);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:95:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc((FILE*)input -> input_fp);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:250:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int LRMgenerate_bam_record_encode_read_qual(char * bin, char * read, char * qual, int rlen){
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:255:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(fourbit=0;fourbit<15;fourbit++) if("=ACMGRSVTWYHKDBN"[fourbit] == read[xk1])break;
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:280:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(iteration_context -> read_name)+1;
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:383:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char c = fgetc(fp);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:420:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn)<2)continue;
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:505:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int chro_namelen = strlen(chro_name)+1;
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:533:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cigar_len = strlen(cigar);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:534:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rname_len = strlen(iteration_context->read_name);
data/subread-2.0.1+dfsg/src/longread-one/LRMfile-io.c:597:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else strcpy(txt, "*");
data/subread-2.0.1+dfsg/src/longread-one/LRMseek-zlib.c:154:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char nch = fgetc(fp->gz_fp);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:187:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf((*context) -> user_command_line+strlen( (*context) -> user_command_line), "\"%s\" ", argv[c]);
data/subread-2.0.1+dfsg/src/longread-one/longread-mapping.c:989:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(thread_context -> final_cigar_string, "*");
data/subread-2.0.1+dfsg/src/mergeVCF.c:109:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lenstr = strlen(str);
data/subread-2.0.1+dfsg/src/mergeVCF.c:110:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lensuffix = strlen(suffix);
data/subread-2.0.1+dfsg/src/mergeVCF.c:170:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(pos_str == NULL|| strlen(pos_str)>10|| tmp_pnt == NULL)
data/subread-2.0.1+dfsg/src/mergeVCF.c:208:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * ky = malloc(strlen(chro)+strlen(alt_one)+strlen(ref)+40);
data/subread-2.0.1+dfsg/src/mergeVCF.c:208:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * ky = malloc(strlen(chro)+strlen(alt_one)+strlen(ref)+40);
data/subread-2.0.1+dfsg/src/mergeVCF.c:208:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * ky = malloc(strlen(chro)+strlen(alt_one)+strlen(ref)+40);
data/subread-2.0.1+dfsg/src/mergeVCF.c:214:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * IQF_buf = malloc(strlen(qual_str)+strlen(filter_str)+strlen(id_str)+4);
data/subread-2.0.1+dfsg/src/mergeVCF.c:214:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * IQF_buf = malloc(strlen(qual_str)+strlen(filter_str)+strlen(id_str)+4);
data/subread-2.0.1+dfsg/src/mergeVCF.c:214:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * IQF_buf = malloc(strlen(qual_str)+strlen(filter_str)+strlen(id_str)+4);
data/subread-2.0.1+dfsg/src/mergeVCF.c:215:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * info_buf = malloc(strlen(info)+1);
data/subread-2.0.1+dfsg/src/mergeVCF.c:243:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * info_buf = malloc(strlen(info)+1);
data/subread-2.0.1+dfsg/src/mergeVCF.c:244:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * IQF_buf = malloc(strlen(qual_str)+strlen(filter_str)+strlen(id_str)+4);
data/subread-2.0.1+dfsg/src/mergeVCF.c:244:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * IQF_buf = malloc(strlen(qual_str)+strlen(filter_str)+strlen(id_str)+4);
data/subread-2.0.1+dfsg/src/mergeVCF.c:244:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * IQF_buf = malloc(strlen(qual_str)+strlen(filter_str)+strlen(id_str)+4);
data/subread-2.0.1+dfsg/src/mergeVCF.c:321:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(info[strlen(info)-1]=='\n') brk="";
data/subread-2.0.1+dfsg/src/propmapped.c:92:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(del2,".");
data/subread-2.0.1+dfsg/src/propmapped.c:96:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(del_suffix)>8)
data/subread-2.0.1+dfsg/src/propmapped.c:110:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(del_name, "/");
data/subread-2.0.1+dfsg/src/propmapped.c:268:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rname_len = strlen(read_name);
data/subread-2.0.1+dfsg/src/propmapped.c:284:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rname_len = strlen(read_name);
data/subread-2.0.1+dfsg/src/propmapped.c:309:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(x1 = strlen(context->output_file_name) ; x1 >=0; x1--){
data/subread-2.0.1+dfsg/src/propmapped.c:318:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(context->temp_file_prefix+strlen(context->temp_file_prefix), "/prpm-temp-sum-%06u-%s", getpid(), mac_rand);
data/subread-2.0.1+dfsg/src/qualityScores.c:255:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int qblen = strlen(qual_buff);
data/subread-2.0.1+dfsg/src/qualityScores.c:394:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rlen = strlen(linebuff);
data/subread-2.0.1+dfsg/src/readSummary.c:611:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * tmp_ptr1 = NULL , * next_fn, *sam_used = malloc(strlen(sam)+MAX_FILE_NAME_LENGTH), sam_ntxt[30],bam_ntxt[30], next_ntxt[50];
data/subread-2.0.1+dfsg/src/readSummary.c:642:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(next_fn == NULL || strlen(next_fn)<1) break;
data/subread-2.0.1+dfsg/src/readSummary.c:687:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(next_fn == NULL || strlen(next_fn)<1) break;
data/subread-2.0.1+dfsg/src/readSummary.c:841:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * new_name = malloc(strlen(chro)+1);
data/subread-2.0.1+dfsg/src/readSummary.c:867:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char lneeded[strlen(needed)+1];
data/subread-2.0.1+dfsg/src/readSummary.c:896:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(list == NULL && strlen(chro)>3 && memcmp(chro, "chr", 3)==0){
data/subread-2.0.1+dfsg/src/readSummary.c:993:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(chro_name)>=CHROMOSOME_NAME_LENGTH)
data/subread-2.0.1+dfsg/src/readSummary.c:1043:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int feature_name_len = strlen(feature_name);
data/subread-2.0.1+dfsg/src/readSummary.c:1055:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int chro_name_len = strlen(seq_name);
data/subread-2.0.1+dfsg/src/readSummary.c:1071:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(start_ptr) > 10 || strlen(end_ptr) > 10 || tv1 > 0x7fffffff || tv2> 0x7fffffff){
data/subread-2.0.1+dfsg/src/readSummary.c:1071:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(start_ptr) > 10 || strlen(end_ptr) > 10 || tv1 > 0x7fffffff || tv2> 0x7fffffff){
data/subread-2.0.1+dfsg/src/readSummary.c:1109:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int gclen = strlen(GCcontent);
data/subread-2.0.1+dfsg/src/readSummary.c:1171:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(start_ptr) > 10 || strlen(end_ptr) > 10 || tv1 > 0x7fffffff || tv2> 0x7fffffff){
data/subread-2.0.1+dfsg/src/readSummary.c:1171:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(start_ptr) > 10 || strlen(end_ptr) > 10 || tv1 > 0x7fffffff || tv2> 0x7fffffff){
data/subread-2.0.1+dfsg/src/readSummary.c:1195:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(extra_attrs && (strlen(extra_attrs)>2))
data/subread-2.0.1+dfsg/src/readSummary.c:1242:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ext_att_len = strlen(extra_attrs);
data/subread-2.0.1+dfsg/src/readSummary.c:1249:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int feature_name_len = strlen(feature_name_tmp);
data/subread-2.0.1+dfsg/src/readSummary.c:1256:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int chro_name_len = strlen(seq_name);
data/subread-2.0.1+dfsg/src/readSummary.c:1907:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(lastRGptr)>0){
data/subread-2.0.1+dfsg/src/readSummary.c:2543:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * rg_name_mem = malloc(strlen(rg_name)+1);
data/subread-2.0.1+dfsg/src/readSummary.c:2585:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else new_tags_length += 4 + strlen((char *)vals[tagi]);
data/subread-2.0.1+dfsg/src/readSummary.c:2607:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int vlen = strlen((char *)(vals[tagi]))+1;
data/subread-2.0.1+dfsg/src/readSummary.c:3220:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(this_chro_info == NULL && strlen(ChroNames[cigar_section_id])<=2)
data/subread-2.0.1+dfsg/src/readSummary.c:3424:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * this_key = malloc(strlen(j_one->chromosome_name_left) + strlen(j_one->chromosome_name_right) + 36);
data/subread-2.0.1+dfsg/src/readSummary.c:3424:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * this_key = malloc(strlen(j_one->chromosome_name_left) + strlen(j_one->chromosome_name_right) + 36);
data/subread-2.0.1+dfsg/src/readSummary.c:3433:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * left_key = malloc(strlen(j_one->chromosome_name_left) + 16);
data/subread-2.0.1+dfsg/src/readSummary.c:3434:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * right_key = malloc(strlen(j_one->chromosome_name_right) + 16);
data/subread-2.0.1+dfsg/src/readSummary.c:3492:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(ubc) < MAX_UMI_BARCODE_LENGTH);
data/subread-2.0.1+dfsg/src/readSummary.c:4053:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(final_feture_names)< (GENE_NAME_LIST_BUFFER_SIZE - 40 - FEATURE_NAME_LENGTH)) {
data/subread-2.0.1+dfsg/src/readSummary.c:4064:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(is_etc) sprintf(final_feture_names + strlen(final_feture_names), "... (%d names omitted),", is_etc);
data/subread-2.0.1+dfsg/src/readSummary.c:4077:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ffnn = strlen(final_feture_names);
data/subread-2.0.1+dfsg/src/readSummary.c:4175:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int x2, x3, umilen = strlen(umistr), found=0;
data/subread-2.0.1+dfsg/src/readSummary.c:4844:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * new_key = malloc(strlen(junckey)+1);
data/subread-2.0.1+dfsg/src/readSummary.c:4860:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * new_key = malloc(strlen(junckey)+1);
data/subread-2.0.1+dfsg/src/readSummary.c:4947:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*out_ptr) = malloc(strlen(in_fnames)+1);
data/subread-2.0.1+dfsg/src/readSummary.c:4993:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bcl =strlen(bc);
data/subread-2.0.1+dfsg/src/readSummary.c:5140:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( x1 = strlen(output_fname)-1; x1 >= 0; x1 --){
data/subread-2.0.1+dfsg/src/readSummary.c:5148:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(global_context -> output_file_path, ".");
data/subread-2.0.1+dfsg/src/readSummary.c:5427:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int srclen = strlen(src);
data/subread-2.0.1+dfsg/src/readSummary.c:5579:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int exlen = strlen( this_col), ollen = strlen(out_extra_columns[xk4]);
data/subread-2.0.1+dfsg/src/readSummary.c:5579:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int exlen = strlen( this_col), ollen = strlen(out_extra_columns[xk4]);
data/subread-2.0.1+dfsg/src/readSummary.c:5623:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _cut_tail(x) (x)[strlen(x)-1]=0
data/subread-2.0.1+dfsg/src/readSummary.c:6667:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(argc>30 && strlen(argv[30])>0 && argv[30][0]!=' ')
data/subread-2.0.1+dfsg/src/readSummary.c:6784:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(argc>56 && strlen(argv[56])>0 && argv[56][0]!=' ') scRNA_sample_sheet = argv[56];
data/subread-2.0.1+dfsg/src/readSummary.c:6787:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(argc>57 && strlen(argv[57])>0 && argv[57][0]!=' ') scRNA_cell_barcode_list = argv[57];
data/subread-2.0.1+dfsg/src/readSummary.c:6879:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * file_list_used = malloc(strlen(file_name_ptr)+1);
data/subread-2.0.1+dfsg/src/readSummary.c:6880:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * file_list_used2 = malloc(strlen(file_name_ptr)+1);
data/subread-2.0.1+dfsg/src/readSummary.c:6881:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * is_unique = malloc(strlen(file_name_ptr)+1);
data/subread-2.0.1+dfsg/src/readSummary.c:6938:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(next_fn==NULL || strlen(next_fn)<1 || global_context.disk_is_full) break;
data/subread-2.0.1+dfsg/src/readSummary.c:7011:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rg_name_len = strlen(rg_name);
data/subread-2.0.1+dfsg/src/readSummary.c:7015:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int file_len = strlen(mem_file_name);
data/subread-2.0.1+dfsg/src/readSummary.c:7176:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * mem_bucket_key = malloc(strlen(bucket_key) + 1);
data/subread-2.0.1+dfsg/src/readSummary.c:7353:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(cmd_rebuilt) + 1000 > cmd_rebuilt_size)
data/subread-2.0.1+dfsg/src/readSummary.c:7358:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(cmd_rebuilt+strlen(cmd_rebuilt), "\"%s\" ", argv[c]);
data/subread-2.0.1+dfsg/src/readSummary.c:7676:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curr_strlen = strlen(very_long_file_names);
data/subread-2.0.1+dfsg/src/readSummary.c:7688:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
very_long_file_names[strlen(very_long_file_names)-1]=0;
data/subread-2.0.1+dfsg/src/removeDupReads.c:178:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int linelen = strlen(line_buffer) -1;
data/subread-2.0.1+dfsg/src/removeDupReads.c:371:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(input_SAM_file, optarg,MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/removeDupReads.c:375:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(output_SAM_file, optarg,MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/removeDupReads.c:380:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_path, optarg,MAX_FILE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/sam2fq.c:74:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rlen = strlen(readtxt);
data/subread-2.0.1+dfsg/src/sam2fq.c:79:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reverse_read( strlen(readtxt), readtxt);
data/subread-2.0.1+dfsg/src/sam2fq.c:80:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reverse_qual( strlen(readtxt), qualtxt);
data/subread-2.0.1+dfsg/src/sambam-file.c:127:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nch0=fgetc(ret -> os_file);
data/subread-2.0.1+dfsg/src/sambam-file.c:148:28: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned char first_ch = fgetc(ret->os_file);
data/subread-2.0.1+dfsg/src/sambam-file.c:149:29: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned char second_ch = fgetc(ret->os_file);
data/subread-2.0.1+dfsg/src/sambam-file.c:291:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlenbuff = strlen(buff);
data/subread-2.0.1+dfsg/src/sambam-file.c:301:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = getc(fp->os_file);
data/subread-2.0.1+dfsg/src/sambam-file.c:560:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(chro_name)>=BAM_MAX_CHROMOSOME_NAME_LEN) chro_name[BAM_MAX_CHROMOSOME_NAME_LEN-1]=0;
data/subread-2.0.1+dfsg/src/sambam-file.c:831:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(cigar_piece_buf)+strlen(aln->cigar)<BAM_MAX_CIGAR_LEN-1)
data/subread-2.0.1+dfsg/src/sambam-file.c:831:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(cigar_piece_buf)+strlen(aln->cigar)<BAM_MAX_CIGAR_LEN-1)
data/subread-2.0.1+dfsg/src/sambam-file.c:899:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sret = sprintf(extra_tags + strlen(extra_tags), "\t%c%c:i:%d", extag[0], extag[1], tmpi);
data/subread-2.0.1+dfsg/src/sambam-file.c:904:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(extra_tags + strlen(extra_tags), "\t%c%c:Z:", extag[0], extag[1]);
data/subread-2.0.1+dfsg/src/sambam-file.c:906:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(extra_tags + strlen(extra_tags)+delta-1) = 0;
data/subread-2.0.1+dfsg/src/sambam-file.c:907:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(extra_tags + strlen(extra_tags), chunk + (*chunk_ptr), delta - 1);
data/subread-2.0.1+dfsg/src/sambam-file.c:912:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sret = sprintf(extra_tags + strlen(extra_tags), "\t%c%c:A:%c", extag[0], extag[1], *(chunk + *chunk_ptr) );
data/subread-2.0.1+dfsg/src/sambam-file.c:949:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(aln -> seq_quality, "*");
data/subread-2.0.1+dfsg/src/sambam-file.c:1275:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int chro_name_len = strlen(chro_name)+1;
data/subread-2.0.1+dfsg/src/sambam-file.c:1345:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int new_text_len = strlen(header_text);
data/subread-2.0.1+dfsg/src/sambam-file.c:1357:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(writer -> header_plain_text_buffer + writer -> header_plain_text_buffer_used, "\n");
data/subread-2.0.1+dfsg/src/sambam-file.c:1391:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * chro_name_space = malloc(strlen(chro_name)+1);
data/subread-2.0.1+dfsg/src/sambam-file.c:1463:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int col_cursor = 0 , col_len = strlen(additional_columns);
data/subread-2.0.1+dfsg/src/sambam-file.c:1608:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end_pos = strlen(rline);
data/subread-2.0.1+dfsg/src/sambam-file.c:1640:207: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SamBam_writer_add_read(writer, thread_no, read_name, atoi(flag_str), chro_name, atoi(chro_position_str), atoi(mapping_quality_str), cigar, next_chro_name, atoi(next_chro_position_str), atoi(temp_len_str), strlen(read_text), read_text, qual_text, additional_columns, committable);
data/subread-2.0.1+dfsg/src/sambam-file.c:1669:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int read_name_len = 1+strlen(read_name) ;
data/subread-2.0.1+dfsg/src/seek-zlib.c:174:3: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp->gz_fp);
data/subread-2.0.1+dfsg/src/seek-zlib.c:183:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char nch = fgetc(fp->gz_fp);
data/subread-2.0.1+dfsg/src/seek-zlib.c:566:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc1 = fgetc(tstfp);
data/subread-2.0.1+dfsg/src/seek-zlib.c:567:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc2 = fgetc(tstfp);
data/subread-2.0.1+dfsg/src/seek-zlib.c:609:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else ret = strlen(buf);
data/subread-2.0.1+dfsg/src/seek-zlib.c:622:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = fgetc(fp -> plain_fp);
data/subread-2.0.1+dfsg/src/sublog.c:128:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(vsbuf)>0)
data/subread-2.0.1+dfsg/src/subread.h:114:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strnlen(a,l) strlen(a)
data/subread-2.0.1+dfsg/src/subread.h:385:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char read [EXON_BUFFER_SIZE][1201];
data/subread-2.0.1+dfsg/src/subtools.c:148:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ret = sort_SAM_add_line(&writer, fline, strlen(fline));
data/subread-2.0.1+dfsg/src/subtools.c:187:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tail_pos = strlen(in_buff)-1;
data/subread-2.0.1+dfsg/src/subtools.c:252:107: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SamBam_writer_add_read(& out_writer, rname, flags, chro, pos, mapq, cigar, mate_chro, mate_pos, tlen, strlen(read_text), read_text, qual_text, extra);
data/subread-2.0.1+dfsg/src/tx-unique.c:48:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag_gene -> gene_name, gene_name, FEATURE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/tx-unique.c:66:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag_tx -> transcript_id, transcript_id, FEATURE_NAME_LENGTH-1);
data/subread-2.0.1+dfsg/src/tx-unique.c:73:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag_exon -> chro_name, chrome_name, MAX_CHROMOSOME_NAME_LEN -1);
data/subread-2.0.1+dfsg/src/tx-unique.c:289:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * hash_key = malloc(strlen(try_tx->transcript_id) + strlen(gene -> gene_name)+20);
data/subread-2.0.1+dfsg/src/tx-unique.c:289:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * hash_key = malloc(strlen(try_tx->transcript_id) + strlen(gene -> gene_name)+20);
data/subread-2.0.1+dfsg/src/tx-unique.c:295:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hash_key = malloc(strlen(try_tx->transcript_id) + strlen(gene -> gene_name)+20);
data/subread-2.0.1+dfsg/src/tx-unique.c:295:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hash_key = malloc(strlen(try_tx->transcript_id) + strlen(gene -> gene_name)+20);
data/subread-2.0.1+dfsg/src/zlib_test.c:60:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nch = fgetc(fbig);
ANALYSIS SUMMARY:
Hits = 2506
Lines analyzed = 67894 in approximately 1.84 seconds (36897 lines/second)
Physical Source Lines of Code (SLOC) = 51329
Hits@level = [0] 332 [1] 604 [2] 1391 [3] 24 [4] 485 [5] 2
Hits@level+ = [0+] 2838 [1+] 2506 [2+] 1902 [3+] 511 [4+] 487 [5+] 2
Hits/KSLOC@level+ = [0+] 55.2904 [1+] 48.8223 [2+] 37.0551 [3+] 9.95539 [4+] 9.48781 [5+] 0.0389643
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.