Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamAlignmentPut.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamAlignmentPut.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationHash.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationHash.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationHashEntry.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationHashEntry.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationOutputVector.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationOutputVector.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationTempFileGenerator.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationTempFileGenerator.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationVector.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationVector.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollator.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollator.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollatorInterface.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamCollatorInterface.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamFileDecoder.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamFileDecoder.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamFlagBase.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamHeaderInfo.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamHeaderInfo.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamSingleAlignment.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamSingleAlignment.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamWriter.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BamWriter.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BgzfCompressor.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_BgzfCompressor.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_CharBuffer.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_CharBuffer.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_Chromosome.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_Chromosome.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_CollatorState.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_FastQRead.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_FormatAlignment.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_FormatAlignment.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_FormatNumber.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_FormatNumber.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_GzipFileDecoder.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_GzipFileDecoder.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_GzipReader.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_GzipReader.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_GzipWriter.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_GzipWriter.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_Hash.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_Hash.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_LineBuffer.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_LineBuffer.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_LineParsing.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_LineParsing.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_List.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_List.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_ListNode.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_ListNode.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_MergeHeapEntry.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_SamBamFileDecoder.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_SamBamFileDecoder.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_SamFileDecoder.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_SamFileDecoder.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_StrDup.c
Examining data/bambamc-0.0.50/src/bambamc/BamBam_StrDup.h
Examining data/bambamc-0.0.50/src/bambamc/BamBam_Unused.h
Examining data/bambamc-0.0.50/src/test/bamreadertest.c
Examining data/bambamc-0.0.50/src/test/bamwritertest.c
FINAL RESULTS:
data/bambamc-0.0.50/src/bambamc/BamBam_FormatNumber.c:130:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(smem,numlen+1,fs,(unsigned long long)num);
data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.c:595:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saminfo->rnext,saminfo->rname);
data/bambamc-0.0.50/src/bambamc/BamBam_BamAlignmentPut.c:110:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char const cmap[5] = {1,2,4,8,15};
data/bambamc-0.0.50/src/bambamc/BamBam_BamCollator.c:667:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(collator->headerline,s,BamBam_getLineLength(s));
data/bambamc-0.0.50/src/bambamc/BamBam_BamCollator.c:694:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(collator->vn,t+3,(nexttab-t)-3);
data/bambamc-0.0.50/src/bambamc/BamBam_BamCollator.c:709:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(collator->so,t+3,(nexttab-t)-3);
data/bambamc-0.0.50/src/bambamc/BamBam_BamCollator.c:759:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sn,t+3,(nexttab-t)-3);
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:175:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->headerlines[headerlines],c,len);
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:210:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->sortorder,d,e-d);
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:233:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->version,d,e-d);
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:418:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sn,c+3,(ce-c)-3);
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:531:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char const expMagic[4] = {'B','A','M',1};
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:588:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ztext,header->text,l);
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:868:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cname,name,namee-name);
data/bambamc-0.0.50/src/bambamc/BamBam_BamHeaderInfo.c:154:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char const magic[4] = { 'B', 'A', 'M', 1 };
data/bambamc-0.0.50/src/bambamc/BamBam_BamSingleAlignment.c:397:91: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
uint8_t const * BamBam_BamSingleAlignment_FindAux(BamBam_BamSingleAlignment const * algn, char const tag[2])
data/bambamc-0.0.50/src/bambamc/BamBam_BamSingleAlignment.c:1263:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data,block,blocksize);
data/bambamc-0.0.50/src/bambamc/BamBam_BamSingleAlignment.c:1301:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data,o->data,data->dataav);
data/bambamc-0.0.50/src/bambamc/BamBam_BamSingleAlignment.c:1309:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->query,o->query,o->queryspace);
data/bambamc-0.0.50/src/bambamc/BamBam_BamSingleAlignment.c:1317:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->qual,o->qual,o->qualspace);
data/bambamc-0.0.50/src/bambamc/BamBam_BamSingleAlignment.c:1325:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->cigar,o->cigar,o->cigarspace);
data/bambamc-0.0.50/src/bambamc/BamBam_BamSingleAlignment.h:111:98: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern uint8_t const * BamBam_BamSingleAlignment_FindAux(BamBam_BamSingleAlignment const * algn, char const tag[2]);
data/bambamc-0.0.50/src/bambamc/BamBam_BamWriter.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[3] = "w1\0";
data/bambamc-0.0.50/src/bambamc/BamBam_BgzfCompressor.c:21:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char BamBam_GzipHeaderData[18] =
data/bambamc-0.0.50/src/bambamc/BamBam_BgzfCompressor.c:88:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(object->outbuffer,BamBam_GzipHeaderData,sizeof(BamBam_GzipHeaderData));
data/bambamc-0.0.50/src/bambamc/BamBam_BgzfCompressor.c:193:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(object->inbuffer+object->inbufferfill,data,towrite);
data/bambamc-0.0.50/src/bambamc/BamBam_BgzfCompressor.c:241:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
object->closefile = fopen(filename,"wb");
data/bambamc-0.0.50/src/bambamc/BamBam_CharBuffer.c:40:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(charbuffer->buffer,o->buffer,o->buffersize);
data/bambamc-0.0.50/src/bambamc/BamBam_CharBuffer.c:78:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuffer,buffer->buffer,buffer->bufferfill);
data/bambamc-0.0.50/src/bambamc/BamBam_FormatAlignment.c:117:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opc,alignment->query,seqlen); opc += seqlen; *(opc++) = term;
data/bambamc-0.0.50/src/bambamc/BamBam_FormatAlignment.c:121:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opc,alignment->qual,seqlen); opc += seqlen; *(opc++) = term;
data/bambamc-0.0.50/src/bambamc/BamBam_GzipWriter.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modestr[4] = { 'w', 'b', '0', 0 };
data/bambamc-0.0.50/src/bambamc/BamBam_GzipWriter.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modestr[4] = { 'w', 'b', '0', 0 };
data/bambamc-0.0.50/src/bambamc/BamBam_LineBuffer.c:122:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf,object->bufferptrout,numbytes);
data/bambamc-0.0.50/src/bambamc/BamBam_SamFileDecoder.c:155:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
object->closefile = fopen(filename,"rb");
data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.c:104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*str,field[0],fieldlen);
data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.c:162:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char BamBam_SamInfo_qnameValid[256];
data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.c:164:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char BamBam_SamInfo_rnameFirstValid[256];
data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.c:166:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char BamBam_SamInfo_rnameOtherValid[256];
data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.c:168:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char BamBam_SamInfo_seqValid[256];
data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.c:170:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char BamBam_SamInfo_qualValid[256];
data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.h:25:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char const * BamBam_SamInfo_cptrpair[2];
data/bambamc-0.0.50/src/bambamc/BamBam_StrDup.c:31:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c,s,len);
data/bambamc-0.0.50/src/bambamc/BamBam_StrDup.c:46:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c+0 ,sa,lena);
data/bambamc-0.0.50/src/bambamc/BamBam_StrDup.c:47:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c+lena,sb,lenb);
data/bambamc-0.0.50/src/bambamc/BamBam_BamAlignmentPut.c:104:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint64_t const qlen = strlen(query);
data/bambamc-0.0.50/src/bambamc/BamBam_BamAlignmentPut.c:106:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint64_t const namelen = strlen(name);
data/bambamc-0.0.50/src/bambamc/BamBam_BamAlignmentPut.c:292:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( strlen(tag) == 2 );
data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationHashEntry.c:124:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashentry->qnamelen = strlen(hashentry->qname);
data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationTempFileGenerator.c:57:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(prefix) +
data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationTempFileGenerator.c:59:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(spid) +
data/bambamc-0.0.50/src/bambamc/BamBam_BamCollationTempFileGenerator.c:61:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sid) +
data/bambamc-0.0.50/src/bambamc/BamBam_BamCollator.c:590:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempdirnamelen = strlen(tempdirname);
data/bambamc-0.0.50/src/bambamc/BamBam_BamCollator.c:591:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempfileprefixlen = tempdirnamelen + strlen(tempadd) + 1;
data/bambamc-0.0.50/src/bambamc/BamBam_BamCollator.c:653:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( collator->bamheadertext && (strlen(collator->bamheadertext) != 0) )
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:183:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(*hc) >= 4 && !strncmp("@HD\t",*hc,4) )
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:319:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(reader);
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:339:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(reader);
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:386:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(*hc) >= 4 && !strncmp("@SQ\t",*hc,4) )
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:817:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(*hc) >= 4
data/bambamc-0.0.50/src/bambamc/BamBam_BamFileHeader.c:838:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strlen(*hc) >= 4 && strncmp("@SQ\t",*hc,4) == 0 )
data/bambamc-0.0.50/src/bambamc/BamBam_BgzfCompressor.c:304:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t const len = strlen(c);
data/bambamc-0.0.50/src/bambamc/BamBam_BgzfCompressor.c:309:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t const len = strlen(c);
data/bambamc-0.0.50/src/bambamc/BamBam_FormatAlignment.c:115:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opc = BamBam_PutAtLine(qname,strlen(qname),flags,opc,term);
data/bambamc-0.0.50/src/bambamc/BamBam_FormatAlignment.c:130:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int const qnamelen = strlen(qname);
data/bambamc-0.0.50/src/bambamc/BamBam_LineParsing.c:84:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(filter) == (size_t)(se-sa)) && memcmp(filter,sa,se-sa) == 0 )
data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.c:439:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( exseqlen != strlen(saminfo->seq) )
data/bambamc-0.0.50/src/bambamc/BamBam_SamInfo.c:584:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int const rnamelen = strlen(saminfo->rname);
data/bambamc-0.0.50/src/bambamc/BamBam_StrDup.c:25:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const len = strlen(s);
data/bambamc-0.0.50/src/bambamc/BamBam_StrDup.c:39:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const lena = strlen(sa);
data/bambamc-0.0.50/src/bambamc/BamBam_StrDup.c:40:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const lenb = strlen(sb);
ANALYSIS SUMMARY:
Hits = 72
Lines analyzed = 9461 in approximately 0.28 seconds (33938 lines/second)
Physical Source Lines of Code (SLOC) = 6589
Hits@level = [0] 97 [1] 26 [2] 44 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 169 [1+] 72 [2+] 46 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 25.6488 [1+] 10.9273 [2+] 6.98133 [3+] 0.303536 [4+] 0.303536 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.