Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_atod.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_atod.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_qv.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_qv.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tp.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tp.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_default_table.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_default_table.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_get_mixed_bases.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_get_mixed_bases.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_parse.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_funs.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_funs.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_scf_data.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/FileHandler.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/FileHandler.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/SCF_Toolkit.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/SCF_Toolkit.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/example.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/nr.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/nr.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/tracepoly.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/tracepoly.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/util.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/util.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkbc.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkbcphd.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkqv.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkqvphd.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mklut/func_name.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mklut/func_name.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/mklut/get_thresholds.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mklut/get_thresholds.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/mklut/params.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/mklut/select.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mklut/select.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_compute_match.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_compute_match.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_sw.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_sw.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train_data.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train_data.h
Examining data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c
Examining data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c
FINAL RESULTS:
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.c:81:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(linebuf, "# Version %s", table_version) != 1)
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2319:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path1, path);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2320:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path2, path);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2337:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tokens[0], strtok(path2, "/"));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2341:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tokens[i], strtok(NULL, "/"));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2343:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(amplicon_name, tokens[num_tokens-3]);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2344:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(donor_name, tokens[num_tokens-4]);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2607:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scf_file_name, "%s_long", prefix_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2620:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scf_file_name, "%s_short", prefix_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1959:27: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PP( field,format) fprintf( fp, #field "=%" #format "\n" , pk->##field );
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:71:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DPRINT(x) fprintf(stderr, #x " = %g\n", (float)(x)) // for debugging
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:127:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Unable to open FastA file '%s'\n", file_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:657:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "gzip -d -f -c %s > TTUNERQQ.TMP", file_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:659:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) != 0)
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:661:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:672:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:680:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "gzip -d -f -c %s > TTUNERQQ.TMP", file_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:682:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) != 0)
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:684:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:693:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempFileName, "/tmp/%s", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:699:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "gunzip -f -c %s > %s", file_name, tempFileName);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:700:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) != 0)
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:702:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:713:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:719:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempFileName, "/tmp/%s", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:722:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "uncompress -f -c %s > %s", file_name, tempFileName);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:723:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) != 0)
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:725:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:735:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Error opening file: %s",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:748:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Error reading file: %s",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:758:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Error reading file: %s",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:793:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Error reading file: %s",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:805:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Error reading file: %s",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:824:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Error reading file: %s",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:836:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Error reading file: %s",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:896:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempFileName, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:907:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(phd_file_name, "%s\\%s.phd.1",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:910:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(phd_file_name, "%s/%s.phd.1",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:917:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(status_code, "%s", "PHREDFILE_FAILURE");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:918:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Could not read phd file: %s\n",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:941:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(status_code, "%s", "PHREDFILE_FAILURE");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:945:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Could not read phd file: %s\n",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1193:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qual_file_name, "%s\\%s.qual", path, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1195:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qual_file_name, "%s/%s.qual", path, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1204:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qual_file_name, "%s.qual", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1407:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tal_file_name, "%s\\%s.tal", path, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1409:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tal_file_name, "%s/%s.tal", path, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1414:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tal_file_name, "%s.tal", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1644:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(hpr_file_name, "%s\\%s.hpr", path, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1646:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(hpr_file_name, "%s/%s.hpr", path, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1651:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(hpr_file_name, "%s.hpr", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1759:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(phd_file_name, "%s\\%s.phd.1", path, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1761:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(phd_file_name, "%s/%s.phd.1", path, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1766:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(phd_file_name, "%s.phd.1", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1922:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttuner_name, TT_VERSION + 3);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1983:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fasta_file_name, "%s\\%s.seq", path, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1985:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fasta_file_name, "%s/%s.seq", path, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1994:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fasta_file_name, "%s.seq", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2111:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tip_file_name, "%s\\%s.tip", options.tip_dir,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2114:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tip_file_name, "%s.tip", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2117:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tip_file_name, "%s/%s.tip", options.tip_dir,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2120:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tip_file_name, "%s.tip", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2231:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tab_file_name, "%s\\%s.tab", options.tab_dir,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2234:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tab_file_name, "%s.tab", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2237:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tab_file_name, "%s/%s.tab", options.tab_dir,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2240:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tab_file_name, "%s.tab", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2609:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scf_file_name, "%s\\%s.scf", scf_dir, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2611:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scf_file_name, "%s/%s.scf", scf_dir, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2615:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scf_file_name, "%s.scf", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2622:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comments, "DYEP=%s\nCONV=%s", chemistry, TT_VERSION);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2950:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(poly_name, "%s.poly", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2954:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(poly_name, "%s\\%s.poly",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2957:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(poly_name, "%s/%s.poly",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2962:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Unable to open POLY file '%s'\n",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:3092:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(poly_name, "%s.poly", seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:3096:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(poly_name, "%s\\%s.poly",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:3099:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(poly_name, "%s/%s.poly",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:3104:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Unable to open POLY file '%s'\n",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/example.c:125:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.file_name, smptail);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:573:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options->file_name, seq_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:736:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(status_code, "%s", "TT_TRASH");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:842:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(status_code, "%s", "TT_SUCCESS");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:994:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filespec, "%s\\*.*", dir);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:998:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path_and_name, "%s\\%s", dir, fileinfo.name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1034:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path_and_name, "%s\\%s", dir, de->d_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1036:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path_and_name, "%s/%s", dir, de->d_name);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1110:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s\\A__hIgHlY___unLIkeLY_NamE", targetDirName);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1112:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/A__hIgHlY___unLIkeLY_NamE", targetDirName);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:2009:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(multiseqsFileName, "%s/tt.seq", MultiFastaFilesDirName);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:2010:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(multiqualFileName, "%s/tt.qual", MultiFastaFilesDirName);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:2011:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(multilocsFileName, "%s/tt.pos", MultiFastaFilesDirName);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:2012:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(multistatFileName, "%s/tt.status", MultiFastaFilesDirName);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:2044:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.path, argv[i]);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/util.c:499:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( fp,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/util.h:36:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(message->text, \
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:475:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(current, "%s", train_name);
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1151:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(current, "%s", train_name);
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1441:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(optarg, "%s", InputName) != 1) {
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:68:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Unable to open FastA file '%s'\n", file_name);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:542:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.inp_phd_dir, inp_phd_dir);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:543:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.file_name, frag_name);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:638:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.file_name, frag_name);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:980:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(path, "%s/%s", dir, de->d_name);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1047:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Unable to open project file '%s'\n",
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1067:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(current, "%s %s", ConsensusName, fragmentName);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:498:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(path, "%s/%s", dir, de->d_name);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:585:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(path, "%s/%s", dir, de->d_name);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:605:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(string, "%s/%s", tab_dir_name, name); // name ends in "phd.1"
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:665:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message->text, "Unable to open project file '%s'\n",
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:686:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(current, "%s %s", ConsensusName, phdFileName);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:721:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(previousConsensusName, ConsensusName);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:732:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(string, "%s/%s", tab_dir_name, name); // name ends in "phd.1"
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:931:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:940:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:959:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:967:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1011:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1018:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1034:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(string, "%s/%s", tab_dir_name, name);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1084:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1091:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1123:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1128:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1134:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1139:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, message.text);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:3552:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
debug = getenv("DEBUG");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:3711:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
debug = getenv("DEBUG");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c:476:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("DEBUG") != NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/example.c:67:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
lookup_table = getenv("LOOKUP_TABLE");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1926:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
lut_name = getenv("LOOKUP_TABLE");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/util.c:524:16: [3] (random) erand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v1=2.0*erand48(seed16v)-1.0;
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/util.c:525:16: [3] (random) erand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v2=2.0*erand48(seed16v)-1.0;
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/util.c:894:16: [3] (random) erand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v1=2.0*erand48(seed16v)-1.0;
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/util.c:895:16: [3] (random) erand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v2=2.0*erand48(seed16v)-1.0;
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkbc.c:153:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while( (i = getopt(argc, argv, "b:h") ) != EOF ) {
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkbcphd.c:295:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while( (i = getopt(argc, argv, "b:hcpvw") ) != EOF )
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkqv.c:174:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while( (i = getopt(argc, argv, "b:") ) != EOF ) {
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkqvphd.c:178:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while( (i = getopt(argc, argv, "b:ph") ) != EOF ) {
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1418:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "b:f:n:o:cCdQV")) != EOF)
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:810:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( (i = getopt(argc, argv, "P:V:S:M:X:G:C:o:d:r:f:j:v:a:l:t:ghp")) != EOF ) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curtag[4];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c:201:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file_name, gFile +
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c:208:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file_name, gFile +
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c:231:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(software, gFile +
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c:237:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(software, gFile +
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c:259:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(called_bases, gFile + base_start, base_count);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c:280:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(edited_bases, gFile + base_start, base_count);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c:301:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cons_bases, gFile + base_start, base_count);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c:336:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(qv, gFile + qv_start, qv_count);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c:511:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[80];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/ABI_Toolkit.c:533:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"Unknown error code %d",k);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color2base[4]={'A','C','G','T'};
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:433:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
excelout = fopen("Spacing_curve.excel", "w");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:469:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xgraphout = fopen("Spacing_curve.xgraph", "w");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:599:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text, "Given position is out of bounds\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:1003:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:1011:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:1838:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen( fnames[c_indx], "w" );
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:1927:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context, &data->bases.bases[base_index -
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:2819:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:2836:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error computing peak1.area while splitting\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:2843:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:2863:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:2871:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:3239:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:3657:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error creating single peak list\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:4082:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context, &data->bases.bases[i -
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:4471:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context, &data->bases.bases[i -
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:4887:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error creating single peak list\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_call_bases.c:5674:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error reviewing peak list\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tp.c:634:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Btk_compute_tp(Data *data, char *color2base, double *params[NUM_PARAMS],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tp.c:656:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling get_trace_parameters_of_pure_bases\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tp.c:661:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling populate_params_array\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c:325:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c:429:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("Data", "w")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c:744:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling data_create\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c:752:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling data_populate\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c:769:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling data_populate\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c:794:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling process_peaks\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c:1004:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling get_trace_parameters_of_pure_bases\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c:1009:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling populate_params_array\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c:1023:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling get_trace_parameters_of_pure_bases\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_compute_tpars.c:1027:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling populate_params_array\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_get_mixed_bases.c:1216:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling data_create\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_get_mixed_bases.c:1224:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling data_populate\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_get_mixed_bases.c:1238:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error calling Btk_process_peaks\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_get_mixed_bases.c:1277:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char context[4] = {' ', ' ', ' ', '\0'};
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[MAXLINE], *s, *s1, *s2, *s3, *s4;
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table_version[20] = "1.0";
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.c:64:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.c:140:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qv = atoi(s1);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.c:141:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p1 = atoi(s2);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.c:142:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p2 = atoi(s3);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.c:143:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p3 = atoi(s4);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.c:144:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p4 = atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:559:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("Autocorrelations.xgr", "w");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char amplicon_name[MAXPATHLEN], donor_name[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path1[MAXPATHLEN], path2[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:217:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:256:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:322:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:651:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error in get_peak_position\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:792:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( "Peaks", "w" );
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:971:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Left half width1 <0\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:978:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Right half width1 <0\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:988:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Left half width1 <0\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:998:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Right half width1 <0\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1157:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1614:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1645:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1694:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1703:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,"Width1 <0 in case R2.1\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1720:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1770:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1779:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,"Width1 <0 in case R2.1\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1794:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1842:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1848:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1858:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1899:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1909:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,"Peak[%d].width1 = %f in case R3; peak.beg=%d peak.end=%d\n",
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:1926:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:2171:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( fname, "w" );
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_peaks.c:3543:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error creating single peak list\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:449:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, temp, num_data*sizeof(int));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:489:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, data, num_data*sizeof(int));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:565:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bl = memcpy(bl, data, num_data*sizeof(int));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:657:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, data, num_data*sizeof(int));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:724:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, data, num_data*sizeof(int));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:856:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:859:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "chromat_%c.xgr", base);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:860:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1040:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(histname, "w");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1199:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char histname[100];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1201:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(histname, "hist_spacings_0%d.xgr", ind_win);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1203:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(histname, "hist_spacings_%d.xgr", ind_win);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1302:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "Mob_shift_curve_%d.xgr", color);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1303:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1362:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1528:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1535:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "Spacing_curve.xgr");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1536:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1619:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1622:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "Spacing_curve.xgr");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:1623:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "a");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2057:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2059:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "analyzed_data_0%d.xgr", i);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2061:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "analyzed_data_%d.xgr", i);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2105:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen("tt_rel_spac_var", "w")) != NULL ) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2170:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2172:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "analyzed_data_shifted_0%d.xgr", i0);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2174:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "analyzed_data_shifted_%d.xgr", i0);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2254:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2256:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "analyzed_data_shifted_0%d.xgr", i);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2258:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "analyzed_data_shifted_%d.xgr", i);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2355:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2357:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "analyzed_data_shifted_0%d.xgr", i);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2359:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "analyzed_data_shifted_%d.xgr", i);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2556:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->color_data[color].data, new_trace,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2647:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen("tt_make_optimal_DP_mobility_shifts", "w")) != NULL ) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2657:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen("tt_dp_mob_shift_curves", "w")) != NULL )
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2674:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen("tt_dp_spacing", "w")) != NULL ) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2724:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen("tt_peaks", "w")) != NULL ) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2805:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("Normalization_curves.xgr", "w");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:2852:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("Log_normalization_curves.xgr", "w");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:3496:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xgrfilename1[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:3497:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xgrfilename2[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:3498:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xgrfilename1, "2_%d_Prefilt_mult_data.xgr", i+1);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:3499:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xgrfilename2,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_raw_data.c:3665:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error creating single peak list\n");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv.h:123:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[BTKMESSAGE_LENGTH];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color2base[NUM_COLORS];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chemistry[MAX_NAME_LENGTH];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[MAX_NAME_LENGTH]; /* sample file name */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inp_phd_dir[MAX_NAME_LENGTH]; /* read input phd file(s) from this dir */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scf_dir[MAX_NAME_LENGTH]; /* output directory name */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_NAME_LENGTH]; /* path to the sample file */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char poly_dir[MAX_NAME_LENGTH]; /* output directory name */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h:193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tab_dir[MAX_NAME_LENGTH]; /* output directory name */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tal_dir[MAX_NAME_LENGTH];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hpr_dir[MAX_NAME_LENGTH];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_data.h:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tip_dir[MAX_NAME_LENGTH]; /* output directory name */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:126:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile=fopen(file_name,"r"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:616:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color2base[5];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:618:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[2];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:620:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempFileName[MAX_FILE_NAME_LENGTH] = "";
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:621:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[2048];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:622:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phd_file_name[1000];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:643:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "r")) == NULL)
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:645:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:655:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempFileName, "TTUNERQQ.TMP");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:678:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempFileName, "TTUNERQQ.TMP");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:747:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(status_code, "ABIFILE_FAILURE");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:757:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(status_code, "ABIFILE_FAILURE");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:792:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(status_code, "ABIFILE_FAILURE");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:804:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(status_code, "ABIFILE_FAILURE");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:823:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(status_code, "ABIFILE_FAILURE");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:835:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(status_code, "ABIFILE_FAILURE");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:975:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text, "unknown color '%c'", color2base[0]);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:993:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text, "unknown color '%c'", color2base[1]);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1011:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text, "unknown color '%c'", color2base[2]);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1029:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(message->text, "unknown color '%c'", color2base[3]);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq_name, qual_file_name[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1197:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dir_out = fopen(qual_file_name, "w")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1206:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((qv_out = fopen(qual_file_name, "w")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1213:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((multi_out = fopen(multiqualFileName, "a")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq_name, tal_file_name[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1417:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tal_out = fopen(tal_file_name, "w")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1620:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq_name, hpr_file_name[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1653:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hpr_out = fopen(hpr_file_name, "w")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1736:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq_name, phd_file_name[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1769:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((phd_out = fopen(phd_file_name, "w")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1845:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq_name, ttuner_name[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1849:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((seqs_out = fopen(multiseqsFileName, "a")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1854:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((qual_out = fopen(multiqualFileName, "a")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1859:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((locs_out = fopen(multilocsFileName, "a")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1864:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((stat_out = fopen(multistatFileName, "a")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1966:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq_name, fasta_file_name[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1987:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dir_out = fopen(fasta_file_name, "w")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1996:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fasta_out = fopen(fasta_file_name, "w")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2003:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((multi_out = fopen(multiseqFileName, "a")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2089:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq_name, tip_file_name[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2124:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tip_out = fopen(tip_file_name, "w")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq_name, tab_file_name[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2244:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tab_out = fopen(tab_file_name, "w")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq_name, scf_file_name[MAXPATHLEN], *suffix = NULL;
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2585:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comments[2048];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2617:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((scf_out = fopen(scf_file_name, "wb")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2818:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, buffer[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2820:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((phd_inp = fopen(phd_file_name, "r")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2852:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2856:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((phd_inp = fopen(phd_file_name, "r")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2894:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2898:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tab_inp = fopen(tab_file_name, "r")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2931:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq_name, poly_name[MAX_FILE_NAME_LENGTH];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2961:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((poly_out=fopen(poly_name,"w"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:3073:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *seq_name, poly_name[MAX_FILE_NAME_LENGTH];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:3103:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((poly_out=fopen(poly_name,"w"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_scf_data.h:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[4];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_scf_data.h:55:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char spare[3];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/FileHandler.c:43:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(file_name, "rb");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/SCF_Toolkit.c:47:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scf_version_string[5];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/SCF_Toolkit.c:72:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scf_version_string[5];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/SCF_Toolkit.c:101:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scf_version_string[5];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/SCF_Toolkit.c:135:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf1, ((unsigned char *) gFile +
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.c:472:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[27]; /* just for the heck of it to test things out */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.c:580:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Int_to_ACGT[4] = { 'A', 'C', 'G', 'T' };
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.c:681:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_context[32];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.c:704:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.c:779:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map[4];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.c:920:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_indices_[32], char_init_[32], base_code_[32];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.c:1126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char context[32]; /* 4^^32 is a big number */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.c:1156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, linebuf[MAXLINE];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.c:1159:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/example.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status_code[100];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char InputName[BUFLEN]; /* path of dir or file-of-files */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ConsensusName[BUFLEN]; /* path of consensus file */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:79:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char FastaDirName[BUFLEN]; /* path of dir */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char MultiFastaFilesDirName[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char multiseqsFileName[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:85:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char multiqualFileName[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:86:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char multilocsFileName[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char multistatFileName[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:88:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char status_code[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:94:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char SCFDirName[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:98:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char PhdDirName[BUFLEN]; /* path of dir */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:102:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char QualDirName[BUFLEN]; /* path of dir */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:106:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char QualRptName[BUFLEN];/* filename for quality report */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:113:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char multiqualFileName[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:114:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char multiseqFileName[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:362:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(filename, "w")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:595:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(status_code, "ABIFILE_FAILURE");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:621:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,"Can't process - no base calls in file.");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:625:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,"Can't process - no peak locations in file.");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:906:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[BUFLEN], *s;
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:915:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fileoffiles, "r")) == NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:987:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filespec[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:991:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_and_name[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1077:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1024];
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1114:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "w");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1474:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.indloc = (int)atoi(argv[++optind]);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1479:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.indsize = (int)atoi(argv[++optind]);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1699:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trim_window = atoi(argv[++optind]);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/util.c:1103:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Error creating single peak list\n");
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[1024], *s, new_frag_beg = 0;
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:74:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpos = atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:82:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
is_match=atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:86:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spos = atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[MAXLINE], *s;
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:276:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*cpos=atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:284:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*is_match = atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:288:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*spos=atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[MAXLINE], *s;
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:436:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*cpos=atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:444:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*is_match=atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:448:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*spos=atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkbc.c:160:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
BinSize = atoi(optarg);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkbcphd.c:24:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char color2base[6]={'A', 'C', 'G', 'T', 'N', '-'};
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkbcphd.c:300:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
BinSize = atoi(optarg);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkqv.c:177:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
BinSize = atoi(optarg);
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/checkqvphd.c:182:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
BinSize = atoi(optarg);
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char OutputName[BUFLEN]; /* Name of the Output lookup table file. */
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char train_name[BUFLEN], *s, *current;
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:439:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:444:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fileoffiles=fopen(InputName,"r"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:476:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((trainfile=fopen(train_name,"r"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:500:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spos = atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:508:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpos = atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char train_name[BUFLEN], *s, *current;
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1116:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fileoffiles=fopen(InputName,"r"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1154:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((trainfile=fopen(train_name,"r"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1179:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spos = atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1187:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpos = atoi(s);
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1491:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout=fopen(OutputName, "w"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:67:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile=fopen(file_name,"r"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:185:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "No ^ found in restriction site.\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:194:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:209:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Primer not found in vector.\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:220:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Restriction site not found in vector.\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:533:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:554:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Sequence is too small.\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:755:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Sub-contig length is too large.\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_sw.c:444:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_sw.c:452:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Alignment backtrace hit boundary\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_sw.c:504:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_sw.c:513:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Alignment backtrace hit boundary\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char InputName[BUFLEN]; /* Path of dir or project file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ConsensusName[BUFLEN]; /* Name of the Consensus file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:90:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char OutputName[BUFLEN]; /* Name of the Output file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:93:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char PrimerName[BUFLEN]; /* Name of the Primer file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:96:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char VectorName[BUFLEN]; /* Name of the Vector file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:99:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char SiteName[BUFLEN]; /* Name of the Site file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:110:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char status_code[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:129:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inp_phd_dir[BUFLEN]; /* Name of input phd directory */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:609:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,"No called base information in input file");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:617:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text,"No peak information in input file");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:968:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1037:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer1[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1038:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1042:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fragmentName[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1046:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile=fopen(projectFile,"r"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1314:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GapExt=-atoi(argv[++optind]);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1385:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Match=atoi(argv[++optind]);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1449:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_read_length=atoi(argv[++optind]);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1515:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MisMatch=-atoi(argv[++optind]);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1589:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout=fopen(OutputName, "w"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1921:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( "stats.dat", "w" );
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char InputName[BUFLEN]; /* Path of dir or project file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:76:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ConsensusName[BUFLEN]; /* Name of the Consensus file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:79:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char OutputName[BUFLEN]; /* Name of the Output file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:82:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char PrimerName[BUFLEN]; /* Name of the Primer file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:85:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char VectorName[BUFLEN]; /* Name of the Vector file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:88:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char SiteName[BUFLEN]; /* Name of the Site file. */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:114:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tab_file_name[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:115:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tab_dir_name[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:529:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen( "Histogram", "w" );
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:570:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:571:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path2[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:611:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(path2, "tab");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:652:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer1[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:654:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char previousConsensusName[BUFLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:658:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phdFileName[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:659:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tabFileName[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:660:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:664:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile=fopen(projectFile,"r"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:695:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Can not release consensus\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:699:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Can not release rev_consensus\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:707:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Can not read consensus\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:715:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Can not get reverse consensus\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:738:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tabFileName, "tab");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:745:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message->text, "Can not process phd file\n");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:825:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Match=atoi(optarg);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:832:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MisMatch=atoi(optarg);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:839:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GapInit=atoi(optarg);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:840:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GapExt=atoi(optarg);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:878:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
read_direction=atoi(optarg);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:884:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_read_length=atoi(optarg);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:918:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout=fopen(OutputName, "w"))== NULL) {
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1026:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAXPATHLEN];
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1044:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tab_file_name, "tab");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_lookup_table.c:77:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(linebuf, " \t\r\n") == strlen(linebuf)) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2191:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "Base1=%s length=%d\n", base, strlen(base));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2351:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(amplicon_name, "?");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2352:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(donor_name, "?");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2357:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(amplicon_name, "?");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2358:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(donor_name, "?");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2450:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indloc, long_called_seq, strlen(long_called_seq),
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2470:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen(options.file_name) - strlen(suffix);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2470:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen(options.file_name) - strlen(suffix);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_process_indels.c:2471:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prefix_name, options.file_name, prefix_len-1);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:156:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len = strlen(buffer);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:171:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&((*sequence)[curr_len-line_len]),buffer,line_len+1);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:200:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(sequence);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:669:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (seq_name[strlen(seq_name) - 2] != '.' ||
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:670:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 1] != 'Z')
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:694:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (seq_name[strlen(seq_name) - 3] == '.' &&
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:695:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 2] == 'g' &&
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:696:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 1] == 'z')
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:697:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempFileName[strlen(tempFileName) - 3] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:710:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (seq_name[strlen(seq_name) - 2] != '.' ||
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:711:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 1] != 'Z')
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:720:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempFileName[strlen(tempFileName) - 2] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:897:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (seq_name[strlen(seq_name) - 3] == '.' &&
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:898:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 2] == 'g' &&
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:899:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 1] == 'z') {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:900:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempFileName[strlen(tempFileName) - 3] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:902:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (seq_name[strlen(seq_name) - 2] == '.' &&
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:903:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 1] == 'Z') {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:904:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempFileName[strlen(tempFileName) - 2] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1442:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qv = CALLOC(int, strlen(consensus_seq));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:1445:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(consensus_seq), qv, &message)
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2216:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (seq_name[strlen(seq_name) - 3] == '.' &&
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2217:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 2] == 'g' &&
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2218:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 1] == 'z') {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2219:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 3] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2221:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (seq_name[strlen(seq_name) - 2] == '.' &&
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2222:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 1] == 'Z') {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2223:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq_name[strlen(seq_name) - 2] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2633:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header.comments_size = (unsigned int) strlen(comments) + 1;
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/Btk_qv_io.c:2636:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(header.version, (scf_version == 2) ? "2.00" : "3.00", 4);
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/context_table.c:1168:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(linebuf, " \t\r\n") == strlen(linebuf)) {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:675:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path[strlen(path) - 3] == '.' &&
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:676:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path[strlen(path) - 2] == 'g' &&
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:677:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path[strlen(path) - 1] == 'z') {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:678:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path[strlen(path) - 3] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:680:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path[strlen(path) - 2] == '.' &&
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:681:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path[strlen(path) - 1] == 'Z') {
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:682:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path[strlen(path) - 2] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1317:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1323:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1329:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1335:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1346:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(ConsensusName, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1348:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1366:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1371:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1376:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(options.poly_dir, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1379:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1386:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(InputName, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1391:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(PhdDirName, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1397:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(SCFDirName, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1400:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(options.scf_dir, SCFDirName,
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1413:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args)-1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1421:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(InputName, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1437:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1442:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(options.hpr_dir, ".");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1445:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1450:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(options.hpr_dir, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1453:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1463:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1470:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1475:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1480:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1485:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(options.inp_phd_dir, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1487:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1500:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1516:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1524:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1534:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1541:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1546:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(MultiFastaFilesDirName, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1549:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1566:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1572:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(multiqualFileName, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1574:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1580:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(QualDirName, argv[++optind], sizeof(QualDirName));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1582:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1587:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(QualRptName, argv[++optind], sizeof(QualRptName));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1588:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1613:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1624:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1630:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1636:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(multiseqFileName, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1638:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1644:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(FastaDirName, argv[++optind], sizeof(FastaDirName));
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1646:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1653:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1657:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(options.tip_dir, ".");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1659:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1663:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(options.tip_dir, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1666:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1670:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(options.tab_dir, ".");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1672:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1676:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(options.tab_dir, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1679:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1684:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(options.tal_dir, ".");
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1687:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1692:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(options.tal_dir, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1695:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1700:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1709:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1759:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1763:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1767:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/compute_qv/main.c:1779:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:59:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(linebuf, " \t\r\n") == strlen(linebuf))
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:92:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:261:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(linebuf, " \t\r\n") == strlen(linebuf)) {
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:294:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s+=strlen(s)+1;
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:417:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(linebuf, " \t\r\n") == strlen(linebuf)) {
data/tracetuner-3.0.6~beta+dfsg/src/mkchk/check_data.c:454:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s+=strlen(s)+1;
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:464:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(current, " \t\r\n") == strlen(current)) {
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:488:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(train_name, " \t\r\n") == strlen(train_name))
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:514:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1140:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(current, " \t\r\n") == strlen(current)) {
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1167:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(train_name, " \t\r\n") == strlen(train_name))
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1193:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/tracetuner-3.0.6~beta+dfsg/src/mklut/lut.c:1459:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(OutputName, optarg, sizeof(OutputName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:99:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len = strlen(buffer);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:114:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&sequence[curr_len-line_len],buffer,line_len+1);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:118:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(sequence);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:189:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(s, s+1, (strlen(s)-1)*sizeof(char) );
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:230:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contig_create( &(vector->postCut), &s2[cutPoint], strlen(&s2[cutPoint]),
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:884:60: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
set_alignment_parameters( Align_params *ap, int match, int mismatch,
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:904:36: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ap->matrix[i][j] = mismatch;
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:961:64: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
set_alignment_parameters_IUB( Align_params *ap, int match, int mismatch,
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/Btk_match_data.c:982:32: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
matrix[i][j] = mismatch;
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:544:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(options.path, "");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:584:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(consensus_seq), quality_values, message);
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:628:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (frag_name[strlen(frag_name) - 3] == '.' &&
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:629:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
frag_name[strlen(frag_name) - 2] == 'g' &&
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:630:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
frag_name[strlen(frag_name) - 1] == 'z') {
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:631:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
frag_name[strlen(frag_name) - 3] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:633:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (frag_name[strlen(frag_name) - 2] == '.' &&
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:634:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
frag_name[strlen(frag_name) - 1] == 'Z') {
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:635:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
frag_name[strlen(frag_name) - 2] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:639:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(options.path, "");
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1058:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(current, " \t\r\n") == strlen(current)) {
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1286:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1291:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1297:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(ConsensusName, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1321:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args)-1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1333:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1338:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1348:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args)-1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1357:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(inp_phd_dir, argv[++optind],
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1359:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1375:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1380:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args)-1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1395:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1400:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(OutputName, argv[++optind], sizeof(OutputName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1414:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1418:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1422:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1426:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1431:26: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(InputName, argv[++optind], sizeof(InputName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1437:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(PrimerName, argv[++optind], sizeof(PrimerName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1456:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args) - 1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1469:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args)-1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1473:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args)-1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1477:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args)-1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1481:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(args)-1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1495:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shift++; j = strlen(args)-1; /* break out of inner loop */
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1501:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(SiteName, argv[++optind], sizeof(SiteName)); break;
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/train.c:1511:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(VectorName, argv[++optind], sizeof(VectorName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:608:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path2, string, strlen(string)-strlen(name)); // remove the phd.1 suffix
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:608:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(path2, string, strlen(string)-strlen(name)); // remove the phd.1 suffix
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:608:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(path2, string, strlen(string)-strlen(name)); // remove the phd.1 suffix
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:609:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path2[strlen(string)-strlen(name)] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:609:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path2[strlen(string)-strlen(name)] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:676:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(current, " \t\r\n") == strlen(current)) {
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:735:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tabFileName, string, strlen(string)-strlen(name)); // remove the phd.1 suffix
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:735:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tabFileName, string, strlen(string)-strlen(name)); // remove the phd.1 suffix
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:735:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tabFileName, string, strlen(string)-strlen(name)); // remove the phd.1 suffix
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:736:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tabFileName[strlen(string)-strlen(name)] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:736:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tabFileName[strlen(string)-strlen(name)] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:814:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(PrimerName, optarg, sizeof(PrimerName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:818:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(VectorName, optarg, sizeof(VectorName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:822:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(SiteName, optarg, sizeof(SiteName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:849:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(ConsensusName, optarg, sizeof(ConsensusName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:856:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(OutputName, optarg, sizeof(OutputName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:860:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(InputName, optarg, sizeof(InputName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:864:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(InputName, optarg, sizeof(InputName));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:896:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(tab_dir_name, optarg, sizeof(tab_dir_name));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1041:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tab_file_name, string, strlen(string)-strlen(name));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1041:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tab_file_name, string, strlen(string)-strlen(name));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1041:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tab_file_name, string, strlen(string)-strlen(name));
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1042:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tab_file_name[strlen(string)-strlen(name)] = '\0';
data/tracetuner-3.0.6~beta+dfsg/src/mktrain/trainphd.c:1042:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tab_file_name[strlen(string)-strlen(name)] = '\0';
ANALYSIS SUMMARY:
Hits = 687
Lines analyzed = 84696 in approximately 2.79 seconds (30312 lines/second)
Physical Source Lines of Code (SLOC) = 71640
Hits@level = [0] 1557 [1] 199 [2] 348 [3] 15 [4] 125 [5] 0
Hits@level+ = [0+] 2244 [1+] 687 [2+] 488 [3+] 140 [4+] 125 [5+] 0
Hits/KSLOC@level+ = [0+] 31.3233 [1+] 9.58961 [2+] 6.81184 [3+] 1.95422 [4+] 1.74484 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.