Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vsearch-2.15.1/src/align.cc
Examining data/vsearch-2.15.1/src/align.h
Examining data/vsearch-2.15.1/src/align_simd.cc
Examining data/vsearch-2.15.1/src/align_simd.h
Examining data/vsearch-2.15.1/src/allpairs.cc
Examining data/vsearch-2.15.1/src/allpairs.h
Examining data/vsearch-2.15.1/src/arch.h
Examining data/vsearch-2.15.1/src/attributes.cc
Examining data/vsearch-2.15.1/src/attributes.h
Examining data/vsearch-2.15.1/src/bitmap.cc
Examining data/vsearch-2.15.1/src/bitmap.h
Examining data/vsearch-2.15.1/src/chimera.cc
Examining data/vsearch-2.15.1/src/chimera.h
Examining data/vsearch-2.15.1/src/city.cc
Examining data/vsearch-2.15.1/src/city.h
Examining data/vsearch-2.15.1/src/citycrc.h
Examining data/vsearch-2.15.1/src/cluster.cc
Examining data/vsearch-2.15.1/src/cluster.h
Examining data/vsearch-2.15.1/src/cpu.cc
Examining data/vsearch-2.15.1/src/cpu.h
Examining data/vsearch-2.15.1/src/cut.cc
Examining data/vsearch-2.15.1/src/cut.h
Examining data/vsearch-2.15.1/src/db.cc
Examining data/vsearch-2.15.1/src/db.h
Examining data/vsearch-2.15.1/src/dbhash.cc
Examining data/vsearch-2.15.1/src/dbhash.h
Examining data/vsearch-2.15.1/src/dbindex.cc
Examining data/vsearch-2.15.1/src/dbindex.h
Examining data/vsearch-2.15.1/src/derep.cc
Examining data/vsearch-2.15.1/src/derep.h
Examining data/vsearch-2.15.1/src/dynlibs.cc
Examining data/vsearch-2.15.1/src/dynlibs.h
Examining data/vsearch-2.15.1/src/eestats.cc
Examining data/vsearch-2.15.1/src/eestats.h
Examining data/vsearch-2.15.1/src/fasta.cc
Examining data/vsearch-2.15.1/src/fasta.h
Examining data/vsearch-2.15.1/src/fastq.cc
Examining data/vsearch-2.15.1/src/fastq.h
Examining data/vsearch-2.15.1/src/fastqjoin.cc
Examining data/vsearch-2.15.1/src/fastqjoin.h
Examining data/vsearch-2.15.1/src/fastqops.cc
Examining data/vsearch-2.15.1/src/fastqops.h
Examining data/vsearch-2.15.1/src/fastx.cc
Examining data/vsearch-2.15.1/src/fastx.h
Examining data/vsearch-2.15.1/src/filter.cc
Examining data/vsearch-2.15.1/src/filter.h
Examining data/vsearch-2.15.1/src/getseq.cc
Examining data/vsearch-2.15.1/src/getseq.h
Examining data/vsearch-2.15.1/src/kmerhash.cc
Examining data/vsearch-2.15.1/src/kmerhash.h
Examining data/vsearch-2.15.1/src/linmemalign.cc
Examining data/vsearch-2.15.1/src/linmemalign.h
Examining data/vsearch-2.15.1/src/maps.cc
Examining data/vsearch-2.15.1/src/maps.h
Examining data/vsearch-2.15.1/src/mask.cc
Examining data/vsearch-2.15.1/src/mask.h
Examining data/vsearch-2.15.1/src/md5.c
Examining data/vsearch-2.15.1/src/md5.h
Examining data/vsearch-2.15.1/src/mergepairs.cc
Examining data/vsearch-2.15.1/src/mergepairs.h
Examining data/vsearch-2.15.1/src/minheap.cc
Examining data/vsearch-2.15.1/src/minheap.h
Examining data/vsearch-2.15.1/src/msa.cc
Examining data/vsearch-2.15.1/src/msa.h
Examining data/vsearch-2.15.1/src/otutable.cc
Examining data/vsearch-2.15.1/src/otutable.h
Examining data/vsearch-2.15.1/src/rerep.cc
Examining data/vsearch-2.15.1/src/rerep.h
Examining data/vsearch-2.15.1/src/results.cc
Examining data/vsearch-2.15.1/src/results.h
Examining data/vsearch-2.15.1/src/search.cc
Examining data/vsearch-2.15.1/src/search.h
Examining data/vsearch-2.15.1/src/searchcore.cc
Examining data/vsearch-2.15.1/src/searchcore.h
Examining data/vsearch-2.15.1/src/searchexact.cc
Examining data/vsearch-2.15.1/src/searchexact.h
Examining data/vsearch-2.15.1/src/sffconvert.cc
Examining data/vsearch-2.15.1/src/sffconvert.h
Examining data/vsearch-2.15.1/src/sha1.c
Examining data/vsearch-2.15.1/src/sha1.h
Examining data/vsearch-2.15.1/src/showalign.cc
Examining data/vsearch-2.15.1/src/showalign.h
Examining data/vsearch-2.15.1/src/shuffle.cc
Examining data/vsearch-2.15.1/src/shuffle.h
Examining data/vsearch-2.15.1/src/sintax.cc
Examining data/vsearch-2.15.1/src/sintax.h
Examining data/vsearch-2.15.1/src/sortbylength.cc
Examining data/vsearch-2.15.1/src/sortbylength.h
Examining data/vsearch-2.15.1/src/sortbysize.cc
Examining data/vsearch-2.15.1/src/sortbysize.h
Examining data/vsearch-2.15.1/src/subsample.cc
Examining data/vsearch-2.15.1/src/subsample.h
Examining data/vsearch-2.15.1/src/udb.cc
Examining data/vsearch-2.15.1/src/udb.h
Examining data/vsearch-2.15.1/src/unique.cc
Examining data/vsearch-2.15.1/src/unique.h
Examining data/vsearch-2.15.1/src/userfields.cc
Examining data/vsearch-2.15.1/src/userfields.h
Examining data/vsearch-2.15.1/src/util.cc
Examining data/vsearch-2.15.1/src/util.h
Examining data/vsearch-2.15.1/src/vsearch.cc
Examining data/vsearch-2.15.1/src/vsearch.h
Examining data/vsearch-2.15.1/src/xstring.h
Examining data/vsearch-2.15.1/src/arch.cc
FINAL RESULTS:
data/vsearch-2.15.1/src/align_simd.cc:1419:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pcigar[cand_id], s->cigar);
data/vsearch-2.15.1/src/chimera.cc:1177:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ci->query_head, fasta_get_header(query_fasta_h));
data/vsearch-2.15.1/src/chimera.cc:1178:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ci->query_seq, fasta_get_sequence(query_fasta_h));
data/vsearch-2.15.1/src/chimera.cc:1198:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ci->query_head, db_getheader(seqno));
data/vsearch-2.15.1/src/chimera.cc:1199:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ci->query_seq, db_getsequence(seqno));
data/vsearch-2.15.1/src/cluster.cc:162:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(si->qsequence, db_getsequence(seqno));
data/vsearch-2.15.1/src/cluster.cc:337:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(label, "%s%d", opt_relabel, clusterno+1);
data/vsearch-2.15.1/src/cluster.cc:1262:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn_clusters, "%s%d", opt_clusters, clusterno);
data/vsearch-2.15.1/src/fastqjoin.cc:161:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq, fastq_get_sequence(fastq_fwd));
data/vsearch-2.15.1/src/fastqjoin.cc:162:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qual, fastq_get_quality(fastq_fwd));
data/vsearch-2.15.1/src/fastqjoin.cc:165:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq + len, padgap);
data/vsearch-2.15.1/src/fastqjoin.cc:166:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qual + len, padgapq);
data/vsearch-2.15.1/src/getseq.cc:155:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(field_buffer, "%s=", opt_label_field);
data/vsearch-2.15.1/src/getseq.cc:191:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(field_buffer + field_len + 1, needle);
data/vsearch-2.15.1/src/getseq.cc:232:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(field_buffer + field_len + 1, needle);
data/vsearch-2.15.1/src/linmemalign.cc:222:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" %2" PRId64, scorematrix[16*i+j]);
data/vsearch-2.15.1/src/mask.cc:128:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, m);
data/vsearch-2.15.1/src/mergepairs.cc:978:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip->fwd_header, fastq_get_header(fastq_fwd));
data/vsearch-2.15.1/src/mergepairs.cc:979:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip->rev_header, fastq_get_header(fastq_rev));
data/vsearch-2.15.1/src/mergepairs.cc:980:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip->fwd_sequence, fastq_get_sequence(fastq_fwd));
data/vsearch-2.15.1/src/mergepairs.cc:981:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip->rev_sequence, fastq_get_sequence(fastq_rev));
data/vsearch-2.15.1/src/mergepairs.cc:982:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip->fwd_quality, fastq_get_quality(fastq_fwd));
data/vsearch-2.15.1/src/mergepairs.cc:983:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ip->rev_quality, fastq_get_quality(fastq_rev));
data/vsearch-2.15.1/src/msa.cc:366:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp_profile, "\t%" PRId64, profile[PROFSIZE*i+c]);
data/vsearch-2.15.1/src/msa.cc:368:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp_profile, "\t%" PRId64, profile[PROFSIZE*i+5]);
data/vsearch-2.15.1/src/msa.cc:370:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp_profile, "\t%" PRId64, profile[PROFSIZE*i+4]);
data/vsearch-2.15.1/src/otutable.cc:243:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "\t%" PRIu64, a);
data/vsearch-2.15.1/src/otutable.cc:282:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "vsearch\t%s\t%" PRId64, it_sample->c_str(), numotus);
data/vsearch-2.15.1/src/otutable.cc:296:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "\t%" PRIu64, a);
data/vsearch-2.15.1/src/results.cc:298:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "%" PRId64, hp ? (hp->strand ? qseqlen : 1) : 0);
data/vsearch-2.15.1/src/results.cc:301:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "%" PRId64, hp ? (hp->strand ? 1 : qseqlen) : 0);
data/vsearch-2.15.1/src/results.cc:307:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "%" PRId64, tseqlen);
data/vsearch-2.15.1/src/results.cc:313:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "%" PRId64, qseqlen);
data/vsearch-2.15.1/src/results.cc:316:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "%" PRId64, hp ? tseqlen : 0);
data/vsearch-2.15.1/src/results.cc:319:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "%" PRId64, qseqlen);
data/vsearch-2.15.1/src/results.cc:322:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "%" PRId64, hp ? tseqlen : 0);
data/vsearch-2.15.1/src/results.cc:423:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "%" PRId64, hp ? qseqlen - hp->trim_q_right : 0);
data/vsearch-2.15.1/src/results.cc:429:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "%" PRId64, hp ? tseqlen - hp->trim_t_right : 0);
data/vsearch-2.15.1/src/results.cc:481:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int qlenlen = snprintf(0, 0, "%" PRId64, qseqlen);
data/vsearch-2.15.1/src/results.cc:482:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int tlenlen = snprintf(0, 0, "%" PRId64, dseqlen);
data/vsearch-2.15.1/src/search.cc:341:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(si_plus[t].query_head, qhead);
data/vsearch-2.15.1/src/search.cc:342:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(si_plus[t].qsequence, qseq);
data/vsearch-2.15.1/src/search.cc:353:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(si_minus[t].query_head, si_plus[t].query_head);
data/vsearch-2.15.1/src/searchcore.cc:292:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(p, "%" PRId64, &run);
data/vsearch-2.15.1/src/searchexact.cc:411:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(si_plus[t].query_head, qhead);
data/vsearch-2.15.1/src/searchexact.cc:412:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(si_plus[t].qsequence, qseq);
data/vsearch-2.15.1/src/searchexact.cc:423:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(si_minus[t].query_head, si_plus[t].query_head);
data/vsearch-2.15.1/src/sintax.cc:467:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(si_plus[t].query_head, qhead);
data/vsearch-2.15.1/src/sintax.cc:468:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(si_plus[t].qsequence, qseq);
data/vsearch-2.15.1/src/sintax.cc:479:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(si_minus[t].query_head, si_plus[t].query_head);
data/vsearch-2.15.1/src/util.cc:133:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, format, message);
data/vsearch-2.15.1/src/util.cc:139:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp_log, format, message);
data/vsearch-2.15.1/src/util.cc:150:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(p, s);
data/vsearch-2.15.1/src/util.cc:168:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int len = vsnprintf(0, 0, format, ap);
data/vsearch-2.15.1/src/util.cc:174:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(p, len + 1, format, ap);
data/vsearch-2.15.1/src/vsearch.cc:4980:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmdline, argv[i]);
data/vsearch-2.15.1/src/xstring.h:140:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string + length, s);
data/vsearch-2.15.1/src/arch.cc:172:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(GetTickCount());
data/vsearch-2.15.1/src/arch.cc:180:7: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/vsearch-2.15.1/src/arch.cc:186:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/vsearch-2.15.1/src/arch.cc:188:7: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/vsearch-2.15.1/src/arch.cc:198:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random();
data/vsearch-2.15.1/src/subsample.cc:150:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random < x)
data/vsearch-2.15.1/src/vsearch.h:173:26: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt_long_only getopt_long
data/vsearch-2.15.1/src/align.cc:85:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[25];
data/vsearch-2.15.1/src/align.cc:86:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(buf, "%d", *count);
data/vsearch-2.15.1/src/align.cc:88:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*cigarendp, buf, (size_t)len);
data/vsearch-2.15.1/src/align.cc:102:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[25];
data/vsearch-2.15.1/src/align.cc:103:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(buf, "%d", *count);
data/vsearch-2.15.1/src/align.cc:105:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*cigarendp, buf, (size_t)len);
data/vsearch-2.15.1/src/align_simd.cc:770:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/vsearch-2.15.1/src/align_simd.cc:771:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(buf, "%d", s->opcount);
data/vsearch-2.15.1/src/align_simd.cc:773:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->cigarend, buf, len);
data/vsearch-2.15.1/src/align_simd.cc:787:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/vsearch-2.15.1/src/align_simd.cc:788:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(buf, "%d", s->opcount);
data/vsearch-2.15.1/src/align_simd.cc:790:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->cigarend, buf, len);
data/vsearch-2.15.1/src/arch.cc:174:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/urandom", O_RDONLY);
data/vsearch-2.15.1/src/arch.cc:287:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(path, O_RDONLY);
data/vsearch-2.15.1/src/arch.cc:298:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(path,
data/vsearch-2.15.1/src/attributes.cc:143:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t number = atol(header + start + 5);
data/vsearch-2.15.1/src/chimera.cc:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * nwcigar[maxcandidates];
data/vsearch-2.15.1/src/chimera.cc:145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * paln[2];
data/vsearch-2.15.1/src/city.cc:597:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[240];
data/vsearch-2.15.1/src/city.cc:598:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s, len);
data/vsearch-2.15.1/src/cluster.cc:342:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "%.*s", seqlen, sequence);
data/vsearch-2.15.1/src/db.cc:174:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datap + header_p,
data/vsearch-2.15.1/src/db.cc:181:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datap + sequence_p,
data/vsearch-2.15.1/src/db.cc:190:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datap+quality_p,
data/vsearch-2.15.1/src/fasta.cc:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[200];
data/vsearch-2.15.1/src/fastq.cc:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[200];
data/vsearch-2.15.1/src/fastx.cc:125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_buffer->data + dest_buffer->length,
data/vsearch-2.15.1/src/fastx.cc:275:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[2];
data/vsearch-2.15.1/src/getseq.cc:91:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[buffer_size];
data/vsearch-2.15.1/src/maps.cc:375:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char chrmap_complement[256] =
data/vsearch-2.15.1/src/maps.cc:406:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char chrmap_normalize[256] =
data/vsearch-2.15.1/src/maps.cc:438:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char chrmap_upcase[256] =
data/vsearch-2.15.1/src/maps.cc:470:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char chrmap_no_change[256] =
data/vsearch-2.15.1/src/maps.cc:501:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char chrmap_identity[256] =
data/vsearch-2.15.1/src/maps.h:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char sym_nt_2bit[5];
data/vsearch-2.15.1/src/maps.h:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char sym_nt_4bit[17];
data/vsearch-2.15.1/src/maps.h:74:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char chrmap_complement[256];
data/vsearch-2.15.1/src/maps.h:75:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char chrmap_normalize[256];
data/vsearch-2.15.1/src/maps.h:76:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char chrmap_upcase[256];
data/vsearch-2.15.1/src/maps.h:77:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char chrmap_no_change[256];
data/vsearch-2.15.1/src/maps.h:78:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char chrmap_identity[256];
data/vsearch-2.15.1/src/md5.c:226:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/vsearch-2.15.1/src/md5.c:230:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, free);
data/vsearch-2.15.1/src/md5.c:241:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/vsearch-2.15.1/src/md5.h:41:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/vsearch-2.15.1/src/mergepairs.cc:101:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char merge_qual_same[128][128];
data/vsearch-2.15.1/src/mergepairs.cc:102:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char merge_qual_diff[128][128];
data/vsearch-2.15.1/src/otutable.cc:316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[50];
data/vsearch-2.15.1/src/results.cc:647:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5hex[LEN_HEX_DIG_MD5];
data/vsearch-2.15.1/src/searchcore.cc:512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * nwcigar_list[MAXDELAYED];
data/vsearch-2.15.1/src/sffconvert.cc:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BLOCKSIZE];
data/vsearch-2.15.1/src/sffconvert.cc:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_kind[9];
data/vsearch-2.15.1/src/sha1.c:143:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, buffer, 64);
data/vsearch-2.15.1/src/sha1.c:215:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], data, (i = 64-j));
data/vsearch-2.15.1/src/sha1.c:223:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], &data[i], len - i);
data/vsearch-2.15.1/src/sha1.c:270:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[SHA1_DIGEST_SIZE], buffer[16384];
data/vsearch-2.15.1/src/sha1.c:283:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(file = fopen(argv[1], "rb"))) {
data/vsearch-2.15.1/src/sha1.c:327:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c,"%02X", digest[i*4+j]);
data/vsearch-2.15.1/src/sha1.c:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[80];
data/vsearch-2.15.1/src/util.cc:310:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[LEN_DIG_SHA1];
data/vsearch-2.15.1/src/util.cc:333:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[LEN_DIG_MD5];
data/vsearch-2.15.1/src/util.cc:350:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[LEN_HEX_DIG_SHA1];
data/vsearch-2.15.1/src/util.cc:357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[LEN_HEX_DIG_MD5];
data/vsearch-2.15.1/src/util.cc:374:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(filename, "rb");
data/vsearch-2.15.1/src/util.cc:389:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(filename, "w");
data/vsearch-2.15.1/src/vsearch.cc:315:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char progheader[80];
data/vsearch-2.15.1/src/vsearch.cc:5012:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_string[26];
data/vsearch-2.15.1/src/vsearch.cc:5109:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_string[26];
data/vsearch-2.15.1/src/xstring.h:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char empty_string[1] = "";
data/vsearch-2.15.1/src/xstring.h:128:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + length, "%d", d);
data/vsearch-2.15.1/src/align_simd.cc:1418:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcigar[cand_id] = (char *) xmalloc(strlen(s->cigar)+1);
data/vsearch-2.15.1/src/allpairs.cc:226:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(query_head),
data/vsearch-2.15.1/src/allpairs.cc:241:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(query_head),
data/vsearch-2.15.1/src/arch.cc:177:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, & seed, sizeof(seed)) < 0)
data/vsearch-2.15.1/src/attributes.cc:83:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int alen = strlen(attribute);
data/vsearch-2.15.1/src/chimera.cc:221:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * e = p + strlen(p);
data/vsearch-2.15.1/src/chimera.cc:401:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * e = p + strlen(p);
data/vsearch-2.15.1/src/chimera.cc:460:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * e = p + strlen(p);
data/vsearch-2.15.1/src/chimera.cc:1051:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(si->qsequence, p, len);
data/vsearch-2.15.1/src/cluster.cc:336:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label = (char*) xmalloc(strlen(opt_relabel) + 21);
data/vsearch-2.15.1/src/cluster.cc:421:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(query_head),
data/vsearch-2.15.1/src/cluster.cc:472:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(query_head),
data/vsearch-2.15.1/src/cluster.cc:1219:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn_clusters = (char *) xmalloc(strlen(opt_clusters) + 25);
data/vsearch-2.15.1/src/cut.cc:291:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(pattern);
data/vsearch-2.15.1/src/derep.cc:629:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(bp->seq),
data/vsearch-2.15.1/src/derep.cc:631:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(bp->header),
data/vsearch-2.15.1/src/derep.cc:655:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int64_t len = strlen(bp->seq);
data/vsearch-2.15.1/src/fastq.cc:519:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(sequence);
data/vsearch-2.15.1/src/fastq.cc:520:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int hlen = strlen(header);
data/vsearch-2.15.1/src/fastqjoin.cc:100:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint64_t padlen = strlen(padgap);
data/vsearch-2.15.1/src/fastqjoin.cc:112:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (padlen != strlen(padgapq))
data/vsearch-2.15.1/src/getseq.cc:95:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buffer);
data/vsearch-2.15.1/src/getseq.cc:148:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
field_len = strlen(opt_label_field);
data/vsearch-2.15.1/src/getseq.cc:151:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
field_buffer_size += strlen(opt_label_word);
data/vsearch-2.15.1/src/getseq.cc:161:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int wlen = strlen(needle);
data/vsearch-2.15.1/src/getseq.cc:180:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int wlen = strlen(needle);
data/vsearch-2.15.1/src/getseq.cc:194:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int wlen = strlen(needle);
data/vsearch-2.15.1/src/getseq.cc:235:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int wlen = strlen(needle);
data/vsearch-2.15.1/src/linmemalign.cc:114:74: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int64_t * LinearMemoryAligner::scorematrix_create(int64_t match, int64_t mismatch)
data/vsearch-2.15.1/src/linmemalign.cc:127:19: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
value = mismatch;
data/vsearch-2.15.1/src/linmemalign.h:133:55: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int64_t * scorematrix_create(int64_t match, int64_t mismatch);
data/vsearch-2.15.1/src/mergepairs.cc:398:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ip->fwd_header),
data/vsearch-2.15.1/src/mergepairs.cc:412:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ip->fwd_header),
data/vsearch-2.15.1/src/mergepairs.cc:502:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ip->fwd_header),
data/vsearch-2.15.1/src/mergepairs.cc:513:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ip->rev_header),
data/vsearch-2.15.1/src/mergepairs.cc:525:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ip->fwd_header),
data/vsearch-2.15.1/src/mergepairs.cc:538:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ip->rev_header),
data/vsearch-2.15.1/src/msa.cc:127:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * e = p + strlen(p);
data/vsearch-2.15.1/src/msa.cc:211:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * e = p + strlen(p);
data/vsearch-2.15.1/src/otutable.cc:153:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sample_name, start_sample, len_sample);
data/vsearch-2.15.1/src/otutable.cc:174:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(otu_name, start_otu, len_otu);
data/vsearch-2.15.1/src/otutable.cc:191:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tax_name, start_tax, len_tax);
data/vsearch-2.15.1/src/results.cc:83:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(query_head),
data/vsearch-2.15.1/src/results.cc:502:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hp->nwalignment)
data/vsearch-2.15.1/src/results.cc:560:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * e = p + strlen(p);
data/vsearch-2.15.1/src/search.cc:220:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(query_head),
data/vsearch-2.15.1/src/search.cc:235:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(query_head),
data/vsearch-2.15.1/src/searchcore.cc:282:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * e = hit->nwalignment + strlen(hit->nwalignment);
data/vsearch-2.15.1/src/searchexact.cc:292:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(query_head),
data/vsearch-2.15.1/src/searchexact.cc:307:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(query_head),
data/vsearch-2.15.1/src/sffconvert.cc:336:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(read_name),
data/vsearch-2.15.1/src/sha1.c:330:9: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(c, " ");
data/vsearch-2.15.1/src/sha1.c:347:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1_Update(&context, (uint8_t*)test_data[k], strlen(test_data[k]));
data/vsearch-2.15.1/src/showalign.cc:270:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r, s, len);
data/vsearch-2.15.1/src/sintax.cc:115:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int alen = strlen(attribute);
data/vsearch-2.15.1/src/udb.cc:104:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint64_t bytesread = read(fd, ((char*)buf) + i, rem);
data/vsearch-2.15.1/src/udb.cc:158:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint64_t bytesread = read(fd, & magic, 4);
data/vsearch-2.15.1/src/udb.cc:179:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint64_t bytesread = read(fd_udbinfo, buffer, 4 * 50);
data/vsearch-2.15.1/src/userfields.cc:120:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * e = p + strlen(p); // pointer to end of string
data/vsearch-2.15.1/src/userfields.cc:147:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strncmp(p, *u, n) == 0) && (strlen(*u) == n))
data/vsearch-2.15.1/src/util.cc:148:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/vsearch-2.15.1/src/util.cc:161:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (char *)s + strlen(s);
data/vsearch-2.15.1/src/vsearch.cc:409:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i=0; i<strlen(arg); i++)
data/vsearch-2.15.1/src/vsearch.cc:448:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)skip < strlen(arg))
data/vsearch-2.15.1/src/vsearch.cc:453:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)skip < strlen(arg))
data/vsearch-2.15.1/src/vsearch.cc:631:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ret == 0) || (((unsigned int)(len)) < strlen(arg)))
data/vsearch-2.15.1/src/vsearch.cc:641:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ret == 0) || (((unsigned int)(len)) < strlen(arg)))
data/vsearch-2.15.1/src/vsearch.cc:4971:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(argv[i]);
data/vsearch-2.15.1/src/vsearch.cc:4979:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmdline, " ");
data/vsearch-2.15.1/src/xstring.h:134:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t needed = strlen(s);
ANALYSIS SUMMARY:
Hits = 204
Lines analyzed = 36457 in approximately 0.99 seconds (36776 lines/second)
Physical Source Lines of Code (SLOC) = 24334
Hits@level = [0] 700 [1] 70 [2] 70 [3] 7 [4] 57 [5] 0
Hits@level+ = [0+] 904 [1+] 204 [2+] 134 [3+] 64 [4+] 57 [5+] 0
Hits/KSLOC@level+ = [0+] 37.1497 [1+] 8.38333 [2+] 5.5067 [3+] 2.63006 [4+] 2.3424 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.