Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/canu-2.0+dfsg/src/AS_global.C Examining data/canu-2.0+dfsg/src/AS_global.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_AssemblyGraph.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_AssemblyGraph.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_BestOverlapGraph.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_BestOverlapGraph.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_BestOverlapGraph_implementation.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_ChunkGraph.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_ChunkGraph.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_DetectSpurs.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_DetectSpurs.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_Instrumentation.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_Instrumentation.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_MarkRepeatReads.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_MarkRepeatReads.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_MergeOrphans.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_MergeOrphans.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_OptimizePositions.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_Outputs.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_Outputs.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_OverlapCache.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_OverlapCache.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_PlaceContains.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_PlaceContains.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_PlaceReadUsingOverlaps.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_PlaceReadUsingOverlaps.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_PopulateUnitig.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_PopulateUnitig.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_PromoteToSingleton.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_PromoteToSingleton.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_ReadInfo.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_ReadInfo.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_SetParentAndHang.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_SetParentAndHang.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_SplitDiscontinuous.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_SplitDiscontinuous.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_TigGraph.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_TigGraph.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_TigVector.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_TigVector.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig.H Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_AddRead.C Examining data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C Examining data/canu-2.0+dfsg/src/bogart/analyzeBest.C Examining data/canu-2.0+dfsg/src/bogart/bogart.C Examining data/canu-2.0+dfsg/src/bogus/bogus.C Examining data/canu-2.0+dfsg/src/bogus/bogusUtil.C Examining data/canu-2.0+dfsg/src/bogus/bogusUtil.H Examining data/canu-2.0+dfsg/src/bogus/bogusness.C Examining data/canu-2.0+dfsg/src/correction/computeGlobalScore.C Examining data/canu-2.0+dfsg/src/correction/computeGlobalScore.H Examining data/canu-2.0+dfsg/src/correction/errorEstimate.C Examining data/canu-2.0+dfsg/src/correction/falconConsensus-alignTag.C Examining data/canu-2.0+dfsg/src/correction/falconConsensus-alignTag.H Examining data/canu-2.0+dfsg/src/correction/falconConsensus-msa.H Examining data/canu-2.0+dfsg/src/correction/falconConsensus.C Examining data/canu-2.0+dfsg/src/correction/falconConsensus.H Examining data/canu-2.0+dfsg/src/correction/falconsense.C Examining data/canu-2.0+dfsg/src/correction/filterCorrectionLayouts.C Examining data/canu-2.0+dfsg/src/correction/filterCorrectionOverlaps.C Examining data/canu-2.0+dfsg/src/correction/generateCorrectionLayouts.C Examining data/canu-2.0+dfsg/src/gfa/alignGFA.C Examining data/canu-2.0+dfsg/src/gfa/bed.C Examining data/canu-2.0+dfsg/src/gfa/bed.H Examining data/canu-2.0+dfsg/src/gfa/gfa.C Examining data/canu-2.0+dfsg/src/gfa/gfa.H Examining data/canu-2.0+dfsg/src/haplotyping/splitHaplotype.C Examining data/canu-2.0+dfsg/src/meryl/meryl-import.C Examining data/canu-2.0+dfsg/src/meryl/meryl-lookup.C Examining data/canu-2.0+dfsg/src/meryl/meryl.C Examining data/canu-2.0+dfsg/src/meryl/meryl.H Examining data/canu-2.0+dfsg/src/meryl/merylCountArray.C Examining data/canu-2.0+dfsg/src/meryl/merylCountArray.H Examining data/canu-2.0+dfsg/src/meryl/merylInput.C Examining data/canu-2.0+dfsg/src/meryl/merylInput.H Examining data/canu-2.0+dfsg/src/meryl/merylOp-count.C Examining data/canu-2.0+dfsg/src/meryl/merylOp-countSimple.C Examining data/canu-2.0+dfsg/src/meryl/merylOp-histogram.C Examining data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C Examining data/canu-2.0+dfsg/src/meryl/merylOp.C Examining data/canu-2.0+dfsg/src/meryl/merylOp.H Examining data/canu-2.0+dfsg/src/mhap/mhapConvert.C Examining data/canu-2.0+dfsg/src/minimap/mmapConvert.C Examining data/canu-2.0+dfsg/src/overlapAlign/alignStats.H Examining data/canu-2.0+dfsg/src/overlapAlign/clearRangeFile.C Examining data/canu-2.0+dfsg/src/overlapAlign/clearRangeFile.H Examining data/canu-2.0+dfsg/src/overlapAlign/computeAlignments.C Examining data/canu-2.0+dfsg/src/overlapAlign/computeOverlapAlignment.C Examining data/canu-2.0+dfsg/src/overlapAlign/overlapAlign-computation.H Examining data/canu-2.0+dfsg/src/overlapAlign/overlapAlign-globalData.H Examining data/canu-2.0+dfsg/src/overlapAlign/overlapAlign-threadData.H Examining data/canu-2.0+dfsg/src/overlapAlign/overlapAlign.C Examining data/canu-2.0+dfsg/src/overlapAlign/trimRead.C Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/adjustFlipped.C Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/adjustNormal.C Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/adjustOverlaps.H Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/clearRangeFile.H Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/mergeRanges.C Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads-subReads.C Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads-trimBad.C Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads-workUnit.C Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads.C Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads.H Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads-bestEdge.C Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads-largestCovered.C Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.H Examining data/canu-2.0+dfsg/src/overlapBasedTrimming/trimStat.H Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Prefix_Edit_Distance.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Read_Olaps.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Redo_Olaps.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps.H Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctionOutput.H Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Analyze_Alignment.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Dump.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Prefix_Edit_Distance.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Process_Olap.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Read_Frags.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Read_Olaps.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors.C Examining data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors.H Examining data/canu-2.0+dfsg/src/overlapInCore/edalign.C Examining data/canu-2.0+dfsg/src/overlapInCore/liboverlap/Binomial_Bound.C Examining data/canu-2.0+dfsg/src/overlapInCore/liboverlap/Binomial_Bound.H Examining data/canu-2.0+dfsg/src/overlapInCore/liboverlap/Display_Alignment.C Examining data/canu-2.0+dfsg/src/overlapInCore/liboverlap/Display_Alignment.H Examining data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-allocateMoreSpace.C Examining data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-extend.C Examining data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-forward.C Examining data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C Examining data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-reverse.C Examining data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance.C Examining data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance.H Examining data/canu-2.0+dfsg/src/overlapInCore/overlapConvert.C Examining data/canu-2.0+dfsg/src/overlapInCore/overlapImport.C Examining data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Build_Hash_Index.C Examining data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Find_Overlaps.C Examining data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Output.C Examining data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Process_Overlaps.C Examining data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Process_String_Overlaps.C Examining data/canu-2.0+dfsg/src/overlapInCore/overlapInCore.C Examining data/canu-2.0+dfsg/src/overlapInCore/overlapInCore.H Examining data/canu-2.0+dfsg/src/overlapInCore/overlapInCorePartition.C Examining data/canu-2.0+dfsg/src/overlapInCore/overlapPair.C Examining data/canu-2.0+dfsg/src/overlapInCore/overlapReadCache.C Examining data/canu-2.0+dfsg/src/overlapInCore/overlapReadCache.H Examining data/canu-2.0+dfsg/src/sequence/sequence-extract.C Examining data/canu-2.0+dfsg/src/sequence/sequence-generate.C Examining data/canu-2.0+dfsg/src/sequence/sequence-mutate.C Examining data/canu-2.0+dfsg/src/sequence/sequence-sample.C Examining data/canu-2.0+dfsg/src/sequence/sequence-shiftregister-emit-fast.C Examining data/canu-2.0+dfsg/src/sequence/sequence-shiftregister-gf4.H Examining data/canu-2.0+dfsg/src/sequence/sequence-shiftregister-search-fast.C Examining data/canu-2.0+dfsg/src/sequence/sequence-shiftregister-search-slow.C Examining data/canu-2.0+dfsg/src/sequence/sequence-shiftregister.C Examining data/canu-2.0+dfsg/src/sequence/sequence-simulate.C Examining data/canu-2.0+dfsg/src/sequence/sequence-summarize.C Examining data/canu-2.0+dfsg/src/sequence/sequence.C Examining data/canu-2.0+dfsg/src/sequence/sequence.H Examining data/canu-2.0+dfsg/src/stores/dumpBlob.C Examining data/canu-2.0+dfsg/src/stores/libsnappy/snappy-internal.h Examining data/canu-2.0+dfsg/src/stores/libsnappy/snappy-sinksource.cc Examining data/canu-2.0+dfsg/src/stores/libsnappy/snappy-sinksource.h Examining data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-internal.cc Examining data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-internal.h Examining data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-public.h Examining data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc Examining data/canu-2.0+dfsg/src/stores/libsnappy/snappy.h Examining data/canu-2.0+dfsg/src/stores/loadCorrectedReads.C Examining data/canu-2.0+dfsg/src/stores/loadErates.C Examining data/canu-2.0+dfsg/src/stores/loadTrimmedReads.C Examining data/canu-2.0+dfsg/src/stores/ovOverlap.C Examining data/canu-2.0+dfsg/src/stores/ovOverlap.H Examining data/canu-2.0+dfsg/src/stores/ovStore.C Examining data/canu-2.0+dfsg/src/stores/ovStore.H Examining data/canu-2.0+dfsg/src/stores/ovStoreBucketizer.C Examining data/canu-2.0+dfsg/src/stores/ovStoreBuild.C Examining data/canu-2.0+dfsg/src/stores/ovStoreConfig.C Examining data/canu-2.0+dfsg/src/stores/ovStoreConfig.H Examining data/canu-2.0+dfsg/src/stores/ovStoreDump.C Examining data/canu-2.0+dfsg/src/stores/ovStoreFile.C Examining data/canu-2.0+dfsg/src/stores/ovStoreFile.H Examining data/canu-2.0+dfsg/src/stores/ovStoreFilter.C Examining data/canu-2.0+dfsg/src/stores/ovStoreFilter.H Examining data/canu-2.0+dfsg/src/stores/ovStoreHistogram.C Examining data/canu-2.0+dfsg/src/stores/ovStoreHistogram.H Examining data/canu-2.0+dfsg/src/stores/ovStoreIndexer.C Examining data/canu-2.0+dfsg/src/stores/ovStoreSorter.C Examining data/canu-2.0+dfsg/src/stores/ovStoreStats.C Examining data/canu-2.0+dfsg/src/stores/ovStoreWriter.C Examining data/canu-2.0+dfsg/src/stores/sqCache.C Examining data/canu-2.0+dfsg/src/stores/sqCache.H Examining data/canu-2.0+dfsg/src/stores/sqLibrary.C Examining data/canu-2.0+dfsg/src/stores/sqLibrary.H Examining data/canu-2.0+dfsg/src/stores/sqRead.H Examining data/canu-2.0+dfsg/src/stores/sqReadData.C Examining data/canu-2.0+dfsg/src/stores/sqReadDataWriter.C Examining data/canu-2.0+dfsg/src/stores/sqStore.C Examining data/canu-2.0+dfsg/src/stores/sqStore.H Examining data/canu-2.0+dfsg/src/stores/sqStoreBlob.C Examining data/canu-2.0+dfsg/src/stores/sqStoreConstructor.C Examining data/canu-2.0+dfsg/src/stores/sqStoreCreate.C Examining data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C Examining data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C Examining data/canu-2.0+dfsg/src/stores/sqStoreInfo.C Examining data/canu-2.0+dfsg/src/stores/tgStore.C Examining data/canu-2.0+dfsg/src/stores/tgStore.H Examining data/canu-2.0+dfsg/src/stores/tgStoreCompress.C Examining data/canu-2.0+dfsg/src/stores/tgStoreDump.C Examining data/canu-2.0+dfsg/src/stores/tgStoreFilter.C Examining data/canu-2.0+dfsg/src/stores/tgStoreLoad.C Examining data/canu-2.0+dfsg/src/stores/tgTig.C Examining data/canu-2.0+dfsg/src/stores/tgTig.H Examining data/canu-2.0+dfsg/src/stores/tgTigDisplay.C Examining data/canu-2.0+dfsg/src/stores/tgTigMultiAlignDisplay.C Examining data/canu-2.0+dfsg/src/stores/tgTigSizeAnalysis.C Examining data/canu-2.0+dfsg/src/stores/tgTigSizeAnalysis.H Examining data/canu-2.0+dfsg/src/utgcns/libNDalign/Binomial_Bound.C Examining data/canu-2.0+dfsg/src/utgcns/libNDalign/Binomial_Bound.H Examining data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalgorithm-allocateMoreSpace.C Examining data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalgorithm-extend.C Examining data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalgorithm-forward.C Examining data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalgorithm-reverse.C Examining data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalgorithm.C Examining data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalgorithm.H Examining data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalign.C Examining data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalign.H Examining data/canu-2.0+dfsg/src/utgcns/libNNalign/NNalgorithm.C Examining data/canu-2.0+dfsg/src/utgcns/libNNalign/NNalign.C Examining data/canu-2.0+dfsg/src/utgcns/libNNalign/NNalign.H Examining data/canu-2.0+dfsg/src/utgcns/libpbutgcns/Alignment.H Examining data/canu-2.0+dfsg/src/utgcns/libpbutgcns/AlnGraphBoost.C Examining data/canu-2.0+dfsg/src/utgcns/libpbutgcns/AlnGraphBoost.H Examining data/canu-2.0+dfsg/src/utgcns/stashContains.C Examining data/canu-2.0+dfsg/src/utgcns/stashContains.H Examining data/canu-2.0+dfsg/src/utgcns/unitigConsensus.C Examining data/canu-2.0+dfsg/src/utgcns/unitigConsensus.H Examining data/canu-2.0+dfsg/src/utgcns/utgcns.C Examining data/canu-2.0+dfsg/src/utility/arrays.H Examining data/canu-2.0+dfsg/src/utility/bits.C Examining data/canu-2.0+dfsg/src/utility/bits.H Examining data/canu-2.0+dfsg/src/utility/bitsTest.C Examining data/canu-2.0+dfsg/src/utility/edlib.C Examining data/canu-2.0+dfsg/src/utility/edlib.H Examining data/canu-2.0+dfsg/src/utility/files-buffered-implementation.H Examining data/canu-2.0+dfsg/src/utility/files-buffered.C Examining data/canu-2.0+dfsg/src/utility/files-buffered.H Examining data/canu-2.0+dfsg/src/utility/files-compressed.C Examining data/canu-2.0+dfsg/src/utility/files-compressed.H Examining data/canu-2.0+dfsg/src/utility/files-memoryMapped.C Examining data/canu-2.0+dfsg/src/utility/files-memoryMapped.H Examining data/canu-2.0+dfsg/src/utility/files.C Examining data/canu-2.0+dfsg/src/utility/files.H Examining data/canu-2.0+dfsg/src/utility/filesTest.C Examining data/canu-2.0+dfsg/src/utility/hexDump.C Examining data/canu-2.0+dfsg/src/utility/hexDump.H Examining data/canu-2.0+dfsg/src/utility/intervalList.H Examining data/canu-2.0+dfsg/src/utility/intervalListTest.C Examining data/canu-2.0+dfsg/src/utility/kmers-exact.C Examining data/canu-2.0+dfsg/src/utility/kmers-reader.C Examining data/canu-2.0+dfsg/src/utility/kmers-statistics.C Examining data/canu-2.0+dfsg/src/utility/kmers-writer-block.C Examining data/canu-2.0+dfsg/src/utility/kmers-writer-block.H Examining data/canu-2.0+dfsg/src/utility/kmers-writer-stream.C Examining data/canu-2.0+dfsg/src/utility/kmers-writer-stream.H Examining data/canu-2.0+dfsg/src/utility/kmers-writer.C Examining data/canu-2.0+dfsg/src/utility/kmers.C Examining data/canu-2.0+dfsg/src/utility/kmers.H Examining data/canu-2.0+dfsg/src/utility/libbacktrace/atomic.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/backtrace-supported.h Examining data/canu-2.0+dfsg/src/utility/libbacktrace/backtrace.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/backtrace.h Examining data/canu-2.0+dfsg/src/utility/libbacktrace/config.h Examining data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/elf.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/fileline.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/internal.h Examining data/canu-2.0+dfsg/src/utility/libbacktrace/mmap.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/mmapio.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/posix.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/print.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/simple.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/sort.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/state.c Examining data/canu-2.0+dfsg/src/utility/libbacktrace/unknown.c Examining data/canu-2.0+dfsg/src/utility/logging.C Examining data/canu-2.0+dfsg/src/utility/logging.H Examining data/canu-2.0+dfsg/src/utility/loggingTest.C Examining data/canu-2.0+dfsg/src/utility/md5.C Examining data/canu-2.0+dfsg/src/utility/md5.H Examining data/canu-2.0+dfsg/src/utility/memoryMappedFileTest.C Examining data/canu-2.0+dfsg/src/utility/mt19937ar.C Examining data/canu-2.0+dfsg/src/utility/mt19937ar.H Examining data/canu-2.0+dfsg/src/utility/mt19937arTest.C Examining data/canu-2.0+dfsg/src/utility/objectStore.C Examining data/canu-2.0+dfsg/src/utility/objectStore.H Examining data/canu-2.0+dfsg/src/utility/sampledDistribution.H Examining data/canu-2.0+dfsg/src/utility/sequence.C Examining data/canu-2.0+dfsg/src/utility/sequence.H Examining data/canu-2.0+dfsg/src/utility/speedCounter.C Examining data/canu-2.0+dfsg/src/utility/speedCounter.H Examining data/canu-2.0+dfsg/src/utility/stddev.H Examining data/canu-2.0+dfsg/src/utility/stddevTest.C Examining data/canu-2.0+dfsg/src/utility/strings.C Examining data/canu-2.0+dfsg/src/utility/strings.H Examining data/canu-2.0+dfsg/src/utility/stringsTest.C Examining data/canu-2.0+dfsg/src/utility/sweatShop.C Examining data/canu-2.0+dfsg/src/utility/sweatShop.H Examining data/canu-2.0+dfsg/src/utility/system-stackTrace.C Examining data/canu-2.0+dfsg/src/utility/system.C Examining data/canu-2.0+dfsg/src/utility/system.H Examining data/canu-2.0+dfsg/src/utility/testRand.C Examining data/canu-2.0+dfsg/src/utility/types.H Examining data/canu-2.0+dfsg/src/wtdbg/wtdbgConvert.C FINAL RESULTS: data/canu-2.0+dfsg/src/utility/files.C:377:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(path, m) == -1) { data/canu-2.0+dfsg/src/utility/files.C:410:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(path, s.st_mode | (w & u)) == -1) { data/canu-2.0+dfsg/src/bogart/AS_BAT_BestOverlapGraph.C:558:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(N, "%s.spur-scores-iter-%u", prefix, iter); data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.C:212:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.C:247:17: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. lf->length += vfprintf(lf->file, fmt, ap); data/canu-2.0+dfsg/src/bogus/bogusUtil.H:96:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rsrefName, cn); data/canu-2.0+dfsg/src/bogus/bogusness.C:89:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(utgID, _utgID); data/canu-2.0+dfsg/src/gfa/alignGFA.C:140:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(Pname, "plot-%s-%s", Aname, Bname); data/canu-2.0+dfsg/src/gfa/alignGFA.C:141:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(Pfile, "plot-%s-%s.sh", Aname, Bname); data/canu-2.0+dfsg/src/gfa/alignGFA.C:160:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(Pfile, "sh plot-%s-%s.sh", Aname, Bname); data/canu-2.0+dfsg/src/gfa/alignGFA.C:162:3: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(Pfile); data/canu-2.0+dfsg/src/gfa/bed.C:101:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_Aname, W[0]); data/canu-2.0+dfsg/src/gfa/bed.C:102:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_Bname, W[3]); data/canu-2.0+dfsg/src/gfa/gfa.C:95:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_name, name); data/canu-2.0+dfsg/src/gfa/gfa.C:117:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_name, W[1]); data/canu-2.0+dfsg/src/gfa/gfa.C:118:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_sequence, W[2]); data/canu-2.0+dfsg/src/gfa/gfa.C:119:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_features, W[3]); data/canu-2.0+dfsg/src/gfa/gfa.C:172:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_Aname, Aname); data/canu-2.0+dfsg/src/gfa/gfa.C:173:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_Bname, Bname); data/canu-2.0+dfsg/src/gfa/gfa.C:174:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_cigar, cigar); data/canu-2.0+dfsg/src/gfa/gfa.C:205:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_Aname, W[1]); data/canu-2.0+dfsg/src/gfa/gfa.C:206:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_Bname, W[3]); data/canu-2.0+dfsg/src/gfa/gfa.C:207:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_cigar, W[5]); data/canu-2.0+dfsg/src/gfa/gfa.C:208:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_features, (W[6]) ? W[6] : ""); data/canu-2.0+dfsg/src/gfa/gfa.C:300:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_header, inName); data/canu-2.0+dfsg/src/gfa/gfa.C:337:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_header, L+2); data/canu-2.0+dfsg/src/meryl/meryl-lookup.C:69:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(labels[ll] + 1, klabel[ll]); data/canu-2.0+dfsg/src/meryl/merylOp-histogram.C:47:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, F_U64 "\t" F_U64 "\n", data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads-trimBad.C:136:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(logPtr, " (%s %7u %7u)", w->blist[x].typeName(), w->blist[x].bgn, w->blist[x].end); data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads-trimBad.C:144:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(logPtr, " (%s %7u %7u)", w->blist[x].typeName(), w->blist[x].bgn, w->blist[x].end); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads-bestEdge.C:366:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(S); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:81:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logMsg, (logMsg[0]) ? " - " : "\t"); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:91:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logMsg, (logMsg[0]) ? " - " : "\t"); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:382:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logFile, F_U32"\t" F_U32 "\t" F_U32 "\t" F_U32 "\t" F_U32 "\tNOV%s\n", data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:396:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logFile, F_U32"\t" F_U32 "\t" F_U32 "\t" F_U32 "\t" F_U32 "\tDEL%s\n", data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:409:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logFile, F_U32"\t" F_U32 "\t" F_U32 "\t" F_U32 "\t" F_U32 "\tNOC%s\n", data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:431:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logFile, F_U32"\t" F_U32 "\t" F_U32 "\t" F_U32 "\t" F_U32 "\tMOD%s\n", data/canu-2.0+dfsg/src/overlapBasedTrimming/trimStat.H:54:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(F, F_U32"\n", histo[ii]); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimStat.H:74:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(N); data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:57:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fseq, oseq); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Process_Olap.C:187:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(b_part, b_seq); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:117:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(N, "%s/prefixEditDistance-matchLimit-%04d.bin", D, evalue); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:153:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(O, "%s/prefixEditDistance-matchLimit-%04d.bin", D, evalue); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:170:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(O, "%s/prefixEditDistance-matchLimit-%04d.dat", D, evalue); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:192:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(O, "%s/prefixEditDistance-matchLimit-%04d.C", D, evalue); data/canu-2.0+dfsg/src/overlapInCore/overlapPair.C:418:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bRead, rcache->getRead(bID)); data/canu-2.0+dfsg/src/sequence/sequence.C:341:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(srPar.sr, argv[++arg]); // ACGTGGTAA data/canu-2.0+dfsg/src/sequence/sequence.C:345:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(srPar.svmin, argv[++arg]); // 011010011 data/canu-2.0+dfsg/src/sequence/sequence.C:349:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(srPar.svmin, argv[++arg]); // 011010011 data/canu-2.0+dfsg/src/sequence/sequence.C:353:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(srPar.svmax, argv[++arg]); // 011010011 data/canu-2.0+dfsg/src/stores/ovOverlap.C:50:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%10" F_U32P " %10" F_U32P " %c %6" F_S32P " %6" F_U32P " %6" F_S32P " %7.6f%s%s", data/canu-2.0+dfsg/src/stores/ovOverlap.C:60:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%10" F_U32P " %10" F_U32P " %c %6" F_U32P " %6" F_U32P " %6" F_U32P " %6" F_U32P " %6" F_U32P " %7.6f%s", data/canu-2.0+dfsg/src/stores/ovOverlap.C:71:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%10" F_U32P " %10" F_U32P " %c %6" F_U32P " %6" F_OVP " %6" F_OVP " %6" F_OVP " %6" F_OVP " %7.6f %s %s %s%s", data/canu-2.0+dfsg/src/stores/ovOverlap.C:87:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%" F_U32P "\t%6" F_U32P "\t%6" F_U32P "\t%6" F_U32P "\t%c\t%" F_U32P "\t%6" F_U32P "\t%6" F_U32P "\t%6" F_U32P "\t%6" F_U32P "\t%6" F_U32P "\t%6" F_U32P " \tdv:f:%6.4f%s", data/canu-2.0+dfsg/src/stores/ovStoreConfig.C:453:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, F_U32 "\n", config->numBuckets()); data/canu-2.0+dfsg/src/stores/ovStoreConfig.C:457:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, F_U32 "\n", config->numSlices()); data/canu-2.0+dfsg/src/stores/ovStoreConfig.C:461:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, F_U32 "\n", memGB); data/canu-2.0+dfsg/src/stores/sqStore.H:126:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(blobName, FILENAME_MAX, "%s/blobs.%04" F_U32P , storePath, blobNumber); data/canu-2.0+dfsg/src/stores/sqStoreConstructor.C:204:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(No, FILENAME_MAX, "%s/version.%03" F_U32P, _storePath, V); data/canu-2.0+dfsg/src/stores/sqStoreConstructor.C:207:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(No, FILENAME_MAX, "%s/version.%03" F_U32P, _storePath, V); data/canu-2.0+dfsg/src/stores/sqStoreCreate.C:302:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(nameMap, F_U32"\t%s\n", seqStore->sqStore_lastReadID(), sq.name()); data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:101:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_p, outPrefix); data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:454:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(readName, 1024, "%s id=" F_U32, read->sqRead_name(), rid); data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:456:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(readName, 1024, "read" F_U32, rid); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:109:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(len, 12, " %10" F_U32P, seqs->sqStore_getReadLength(rid, w)); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:116:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bgn, 12, " %10" F_U32P, seqs->sqStore_getClearBgn(rid, w | sqRead_trimmed)); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:117:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(end, 12, " %10" F_U32P, seqs->sqStore_getClearEnd(rid, w | sqRead_trimmed)); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:199:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s1len); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:200:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s1bgn); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:201:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s1end); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:206:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s2len); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:207:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s2bgn); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:208:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s2end); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:213:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s3len); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:214:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s3bgn); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:215:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s3end); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:220:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s4len); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:221:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s4bgn); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:222:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(l1, s4end); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:239:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, F_U32"\t" F_U32 "\t%.2f\t%s\t%s\t%s\t%s\t" F_U32 "\n", data/canu-2.0+dfsg/src/stores/tgStoreDump.C:259:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, F_U32"\t" F_U32 "\t" F_U32 "\t" F_U32 "\n", data/canu-2.0+dfsg/src/stores/tgStoreDump.C:485:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(F, F_U32"\n", ii); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:508:7: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. F = popen("gnuplot > /dev/null 2>&1", "w"); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:534:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(F, F_U32"\t" F_U64 "\n", ii, cov[ii]); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:743:23: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE *gnuPlot = popen("gnuplot > /dev/null 2>&1", "w"); data/canu-2.0+dfsg/src/utility/files-buffered.C:67:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_filename, filename); data/canu-2.0+dfsg/src/utility/files-compressed.C:78:15: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. _file = popen(cmd, "r"); data/canu-2.0+dfsg/src/utility/files-compressed.C:84:15: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. _file = popen(cmd, "r"); data/canu-2.0+dfsg/src/utility/files-compressed.C:90:15: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. _file = popen(cmd, "r"); data/canu-2.0+dfsg/src/utility/files-compressed.C:152:15: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE *F = popen(cmd, "r"); data/canu-2.0+dfsg/src/utility/files-compressed.C:176:15: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. _file = popen(cmd, "w"); data/canu-2.0+dfsg/src/utility/files-compressed.C:182:15: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. _file = popen(cmd, "w"); data/canu-2.0+dfsg/src/utility/files-compressed.C:188:15: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. _file = popen(cmd, "w"); data/canu-2.0+dfsg/src/utility/files.C:52:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(basename, filename); data/canu-2.0+dfsg/src/utility/files.C:655:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fp, relpath); // and file we're searching data/canu-2.0+dfsg/src/utility/files.C:657:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fp, filename); data/canu-2.0+dfsg/src/utility/files.C:841:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, h, ap); data/canu-2.0+dfsg/src/utility/files.C:862:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, h, ap); data/canu-2.0+dfsg/src/utility/files.C:892:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, h, ap); data/canu-2.0+dfsg/src/utility/logging.C:469:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/canu-2.0+dfsg/src/utility/speedCounter.H:69:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, _fmt, v, v / (getTime() - _startTime)); data/canu-2.0+dfsg/src/utility/speedCounter.H:86:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, _fmt, v, v / (getTime() - _startTime)); data/canu-2.0+dfsg/src/utility/speedCounter.H:98:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, _fmt, v, v / (getTime() - _startTime)); data/canu-2.0+dfsg/src/utility/stddev.H:488:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(F, F_U64"\t" F_U64 "\n", ii, _histogram[ii]); data/canu-2.0+dfsg/src/AS_global.C:129:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *p = getenv("CANU_DIRECTORY"); data/canu-2.0+dfsg/src/utility/bitsTest.C:145:5: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random[ii] = mt.mtRandom32() % testSize; data/canu-2.0+dfsg/src/utility/bitsTest.C:146:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. total += random[ii] + 1; data/canu-2.0+dfsg/src/utility/bitsTest.C:158:20: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. bits->setUnary(random[ii]); data/canu-2.0+dfsg/src/utility/bitsTest.C:159:14: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. total += random[ii] + 1; data/canu-2.0+dfsg/src/utility/bitsTest.C:169:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. assert(random[ii] == bits->getUnary()); data/canu-2.0+dfsg/src/utility/bitsTest.C:177:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. delete [] random; data/canu-2.0+dfsg/src/utility/bitsTest.C:197:5: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random[ii] = mt.mtRandom64() & (((uint64)1 << width[ii]) - 1); data/canu-2.0+dfsg/src/utility/bitsTest.C:210:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. bits->setBinary(width[ii], random[ii]); data/canu-2.0+dfsg/src/utility/bitsTest.C:222:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. assert(random[ii] == b); data/canu-2.0+dfsg/src/utility/bitsTest.C:231:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. delete [] random; data/canu-2.0+dfsg/src/utility/bitsTest.C:281:5: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random[ii] = mt.mtRandom64() & uint64MASK(width[ii]); data/canu-2.0+dfsg/src/utility/bitsTest.C:283:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random[ii] == 0) data/canu-2.0+dfsg/src/utility/bitsTest.C:310:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. bits->setEliasGamma(random[ii]); data/canu-2.0+dfsg/src/utility/bitsTest.C:313:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. bits->setEliasDelta(random[ii]); data/canu-2.0+dfsg/src/utility/bitsTest.C:316:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. bits->setZeckendorf(random[ii]); data/canu-2.0+dfsg/src/utility/bitsTest.C:329:56: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. fprintf(stderr, "value %2u %22lu width %2u\n", ii, random[ii], width[ii]); data/canu-2.0+dfsg/src/utility/bitsTest.C:349:14: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (b != random[ii]) data/canu-2.0+dfsg/src/utility/bitsTest.C:351:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ii, random[ii], b); data/canu-2.0+dfsg/src/utility/bitsTest.C:352:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. assert(random[ii] == b); data/canu-2.0+dfsg/src/utility/bitsTest.C:358:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. delete [] random; data/canu-2.0+dfsg/src/utility/files.C:621:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv("CANU_INSTALL_PATH"); data/canu-2.0+dfsg/src/utility/files.C:631:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv("MERYL_INSTALL_PATH"); data/canu-2.0+dfsg/src/utility/files.C:641:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv("PATH"); data/canu-2.0+dfsg/src/utility/objectStore.C:210:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *da = getenv("CANU_OBJECT_STORE_CLIENT_DA"); data/canu-2.0+dfsg/src/utility/objectStore.C:211:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *ns = getenv("CANU_OBJECT_STORE_NAMESPACE"); data/canu-2.0+dfsg/src/utility/objectStore.C:212:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *pr = getenv("CANU_OBJECT_STORE_PROJECT"); data/canu-2.0+dfsg/src/AS_global.C:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char D[FILENAME_MAX] = {0}; data/canu-2.0+dfsg/src/AS_global.C:134:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX] = {0}; data/canu-2.0+dfsg/src/AS_global.C:135:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char H[1024] = {0}; // HOST_NAME_MAX? Undefined. data/canu-2.0+dfsg/src/AS_global.C:168:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(N, "w"); data/canu-2.0+dfsg/src/bogart/AS_BAT_BestOverlapGraph.C:557:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/bogart/AS_BAT_BestOverlapGraph.C:1003:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_reads, BOG->_reads, sizeof(BestEdgeRead) * (RI->numReads() + 1)); data/canu-2.0+dfsg/src/bogart/AS_BAT_BestOverlapGraph.C:1262:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_BestOverlapGraph.C:1625:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ovlName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/bogart/AS_BAT_Instrumentation.C:259:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_Instrumentation.C:401:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_Instrumentation.C:692:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.C:85:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(void) { data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.C:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.C:94:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(path, "w"); data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.C:113:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.C:114:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.C:143:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *logFileFlagNames[64] = { "overlapScoring", data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.C:241:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lf->open(); data/canu-2.0+dfsg/src/bogart/AS_BAT_Logging.H:72:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char const *logFileFlagNames[64]; data/canu-2.0+dfsg/src/bogart/AS_BAT_Outputs.C:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX] = {0}; data/canu-2.0+dfsg/src/bogart/AS_BAT_OverlapCache.C:489:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_ovsTmp, _ovsSco, sizeof(uint64) * no); data/canu-2.0+dfsg/src/bogart/AS_BAT_OverlapCache.C:1008:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_OverlapCache.C:1068:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_TigGraph.C:435:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char BEGn[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_TigGraph.C:436:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char BEDn[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_TigVector.C:178:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig.C:155:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open : 1; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig.C:527:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogart/bogart.C:146:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((numThreads = atoi(argv[++arg])) > 0) data/canu-2.0+dfsg/src/bogart/bogart.C:163:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fewReadsNumber = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogart/bogart.C:168:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tooShortLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogart/bogart.C:183:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lowcovDepth = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogart/bogart.C:194:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minReadLen = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogart/bogart.C:196:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minOverlapLen = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogart/bogart.C:199:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minIntersectLen = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogart/bogart.C:201:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxPlacements = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogart/bogart.C:210:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). confusedAbsolute = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogart/bogart.C:229:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). spurDepth = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogus/bogus.C:452:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *nucmerNames[1024]; data/canu-2.0+dfsg/src/bogus/bogus.C:453:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *snapperNames[1024]; data/canu-2.0+dfsg/src/bogus/bogus.C:502:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). alignWobble = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogus/bogus.C:505:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fragTrim = atoi(argv[++arg]) / 2; data/canu-2.0+dfsg/src/bogus/bogus.C:511:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogus/bogus.C:514:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minFrags = atoi(argv[++arg]); data/canu-2.0+dfsg/src/bogus/bogus.C:536:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputName[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogus/bogus.C:541:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). intervalOutput = fopen(outputName, "w"); data/canu-2.0+dfsg/src/bogus/bogus.C:548:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gffOutput = fopen(outputName, "w"); data/canu-2.0+dfsg/src/bogus/bogusUtil.C:115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inLine[1024]; data/canu-2.0+dfsg/src/bogus/bogusUtil.C:118:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile = fopen(nucmerName, "r"); data/canu-2.0+dfsg/src/bogus/bogusUtil.C:218:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inLine[1024]; data/canu-2.0+dfsg/src/bogus/bogusUtil.C:221:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile = fopen(snapperName, "r"); data/canu-2.0+dfsg/src/bogus/bogusUtil.C:292:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(refName, "r"); data/canu-2.0+dfsg/src/bogus/bogusUtil.H:102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rsrefName[256]; data/canu-2.0+dfsg/src/bogus/bogusness.C:58:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *types[4] = { "REPT", "UNIQ", "SEPR", "WEAK" }; data/canu-2.0+dfsg/src/bogus/bogusness.C:65:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *statuses[4] = { "BEGINSin", "ENDSin", "CONTAINS", "CONTAINED" }; data/canu-2.0+dfsg/src/bogus/bogusness.C:131:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utgID[32]; data/canu-2.0+dfsg/src/bogus/bogusness.C:204:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(idealName, "r"); data/canu-2.0+dfsg/src/bogus/bogusness.C:208:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char L[1024]; data/canu-2.0+dfsg/src/bogus/bogusness.C:338:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *nucmerNames[1024]; data/canu-2.0+dfsg/src/bogus/bogusness.C:339:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *snapperNames[1024]; data/canu-2.0+dfsg/src/bogus/bogusness.C:384:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputName[FILENAME_MAX]; data/canu-2.0+dfsg/src/bogus/bogusness.C:389:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). resultsOutput = fopen(outputName, "w"); data/canu-2.0+dfsg/src/bogus/bogusness.C:396:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gffOutput = fopen(outputName, "w"); data/canu-2.0+dfsg/src/bogus/bogusness.C:491:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **spanHdr = new char * [refList.size()]; data/canu-2.0+dfsg/src/correction/errorEstimate.C:58:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). deviations = atoi(argv[++arg]); data/canu-2.0+dfsg/src/correction/errorEstimate.C:85:95: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *scoreFile = (scoreFileName == NULL) ? NULL : (scoreFileName[0] == '-' ? stdin : fopen(scoreFileName, "r")); data/canu-2.0+dfsg/src/correction/errorEstimate.C:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ovStr[1024]; data/canu-2.0+dfsg/src/correction/falconConsensus-msa.H:82:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. p_q_base = new char [size]; data/canu-2.0+dfsg/src/correction/falconConsensus.H:122:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(read, read_, readLen_); data/canu-2.0+dfsg/src/correction/falconConsensus.H:161:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. seq = new char [len_]; data/canu-2.0+dfsg/src/correction/falconsense.C:55:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char L[1024]; data/canu-2.0+dfsg/src/correction/filterCorrectionOverlaps.C:55:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(fileName, "w"); data/canu-2.0+dfsg/src/correction/filterCorrectionOverlaps.C:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logFileName[FILENAME_MAX]; data/canu-2.0+dfsg/src/correction/filterCorrectionOverlaps.C:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char statsFileName[FILENAME_MAX]; data/canu-2.0+dfsg/src/correction/filterCorrectionOverlaps.C:118:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). expectedCoverage = atoi(argv[++arg]); data/canu-2.0+dfsg/src/correction/filterCorrectionOverlaps.C:122:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minOvlLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/correction/generateCorrectionLayouts.C:111:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ovlString[1024]; data/canu-2.0+dfsg/src/correction/generateCorrectionLayouts.C:238:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iidMin = atoi(argv[++arg]); data/canu-2.0+dfsg/src/correction/generateCorrectionLayouts.C:241:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iidMax = atoi(argv[++arg]); data/canu-2.0+dfsg/src/correction/generateCorrectionLayouts.C:244:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minEvidenceLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/gfa/alignGFA.C:62:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seq, tig->bases(), len); data/canu-2.0+dfsg/src/gfa/alignGFA.C:131:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Aname[FILENAME_MAX+1], Afile[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/gfa/alignGFA.C:132:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Bname[FILENAME_MAX+1], Bfile[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/gfa/alignGFA.C:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Pname[FILENAME_MAX+1], Pfile[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/gfa/alignGFA.C:136:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Aname, "tig%08u%c", Aid, (Afwd) ? '+' : '-'); data/canu-2.0+dfsg/src/gfa/alignGFA.C:137:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Afile, "tig%08u%c.fasta", Aid, (Afwd) ? '+' : '-'); data/canu-2.0+dfsg/src/gfa/alignGFA.C:138:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Bname, "tig%08u%c", Bid, (Bfwd) ? '+' : '-'); data/canu-2.0+dfsg/src/gfa/alignGFA.C:139:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Bfile, "tig%08u%c.fasta", Bid, (Bfwd) ? '+' : '-'); data/canu-2.0+dfsg/src/gfa/alignGFA.C:374:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/gfa/alignGFA.C:380:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(N, "compare%04d-%04d-ctg%04d.fasta", record->_Aid, record->_Bid, record->_Aid); data/canu-2.0+dfsg/src/gfa/alignGFA.C:385:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(N, "compare%04d-%04d-utg%04d.fasta", record->_Aid, record->_Bid, record->_Bid); data/canu-2.0+dfsg/src/gfa/alignGFA.C:819:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cigar[81]; data/canu-2.0+dfsg/src/gfa/alignGFA.C:821:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cigar, "%dM", olapLen); data/canu-2.0+dfsg/src/gfa/alignGFA.C:847:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seqName[80]; data/canu-2.0+dfsg/src/gfa/alignGFA.C:851:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(seqName, "utg%08u", ii); data/canu-2.0+dfsg/src/gfa/alignGFA.C:892:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tigVers = atoi(argv[++arg]); data/canu-2.0+dfsg/src/gfa/alignGFA.C:896:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seqVers = atoi(argv[++arg]); data/canu-2.0+dfsg/src/gfa/alignGFA.C:912:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). omp_set_num_threads(atoi(argv[++arg])); data/canu-2.0+dfsg/src/haplotyping/splitHaplotype.C:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char merylName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/haplotyping/splitHaplotype.C:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char histoName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/haplotyping/splitHaplotype.C:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/haplotyping/splitHaplotype.C:214:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_str, ins, sizeof(char) * (insLen + 1)); data/canu-2.0+dfsg/src/meryl/meryl-lookup.C:51:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **labels = new char * [klookup.size()]; data/canu-2.0+dfsg/src/meryl/meryl-lookup.C:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fString[65]; data/canu-2.0+dfsg/src/meryl/meryl-lookup.C:75:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rString[65]; data/canu-2.0+dfsg/src/meryl/meryl.C:167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char T[FILENAME_MAX+1] = { 0 }; data/canu-2.0+dfsg/src/meryl/meryl.C:168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX+1] = { 0 }; data/canu-2.0+dfsg/src/meryl/meryl.C:255:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char optString[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/meryl/meryl.C:256:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inoutName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/meryl/meryl.C:257:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/meryl/meryl.C:258:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqInfName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/meryl/meryl.C:259:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqRdsName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/meryl/meryl.C:800:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX + 1] = { 0 }; data/canu-2.0+dfsg/src/meryl/merylInput.C:204:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kmerString[256]; data/canu-2.0+dfsg/src/meryl/merylInput.C:274:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seq, _read->sqRead_sequence() + _readPos, sizeof(char) * len); data/canu-2.0+dfsg/src/meryl/merylInput.C:285:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seq, _read->sqRead_sequence() + _readPos, sizeof(char) * maxLength); data/canu-2.0+dfsg/src/meryl/merylInput.H:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/meryl/merylOp-count.C:312:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char batchString[64] = { 0 }; data/canu-2.0+dfsg/src/meryl/merylOp-countSimple.C:35:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buffer = new char [bufferMax]; data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C:269:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kmerString[256]; data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C:280:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kmerString[256]; data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C:331:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kmerString[256]; data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C:377:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kmerString[256]; data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C:438:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kmerString[256]; data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C:474:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kmerString[256]; data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C:604:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[33]; data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C:610:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[33]; data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C:636:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kmerString[256]; data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C:651:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags[4] = { 0 }; // Default, no flags (and no space) printed. data/canu-2.0+dfsg/src/meryl/merylOp-nextMer.C:652:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kmerString[256]; data/canu-2.0+dfsg/src/minimap/mmapConvert.C:64:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minOverlapLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/minimap/mmapConvert.C:111:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ov.a_iid = atoi(W[0]+4); data/canu-2.0+dfsg/src/minimap/mmapConvert.C:112:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ov.b_iid = atoi(W[5]+4); data/canu-2.0+dfsg/src/overlapAlign/clearRangeFile.H:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _filename[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/overlapAlign/overlapAlign-computation.H:84:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _alignsA = new char * [_overlapsLen]; data/canu-2.0+dfsg/src/overlapAlign/overlapAlign-computation.H:85:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _alignsB = new char * [_overlapsLen]; data/canu-2.0+dfsg/src/overlapAlign/overlapAlign.C:330:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->numThreads = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapAlign/overlapAlign.C:333:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->memLimit = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapAlign/overlapAlign.C:341:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->minOverlapLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapAlign/overlapAlign.C:344:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->minReadLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapBasedTrimming/clearRangeFile.H:141:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_bgn, source->_bgn, sizeof(uint32) * (_lastID + 1)); data/canu-2.0+dfsg/src/overlapBasedTrimming/clearRangeFile.H:142:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_end, source->_end, sizeof(uint32) * (_lastID + 1)); data/canu-2.0+dfsg/src/overlapBasedTrimming/clearRangeFile.H:149:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _fileName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads-trimBad.C:113:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(logPtr, "iid %6u trim %7u %7u", data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads-trimBad.C:119:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(logPtr, " TOO_SHORT"); data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads-trimBad.C:124:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(logPtr, " (5'spur %7u %7u)", w->blist[spur5].bgn, w->blist[spur5].end); data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads-trimBad.C:129:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(logPtr, " (3'spur %7u %7u)", w->blist[spur3].bgn, w->blist[spur3].end); data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads.C:53:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputName[FILENAME_MAX]; data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads.C:145:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minReadLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads.C:204:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). reportFile = fopen(outputName, "w"); data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads.C:211:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). subreadFile = fopen(outputName, "w"); data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads.H:119:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *N[5] = { "nothing", "5'spur", "3'spur", "chimera", "subread" }; data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads.H:204:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logMsg[1024]; data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads-bestEdge.C:325:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char D[FILENAME_MAX]; data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads-bestEdge.C:326:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char G[FILENAME_MAX]; data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads-bestEdge.C:327:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char S[FILENAME_MAX]; data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads-bestEdge.C:335:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(D, "w"); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads-bestEdge.C:356:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(G, "w"); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads-largestCovered.C:211:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(logMsg, "\tno high quality overlaps"); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads-largestCovered.C:215:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(logMsg, "\tskipped %u overlaps; used %u overlaps", nSkip, nUsed); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:82:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(logMsg, "outside maximum allowed clear range"); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:92:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(logMsg, "adjusted to obey maximum allowed clear range"); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:117:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logName[FILENAME_MAX] = {0}; data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:118:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sumName[FILENAME_MAX] = {0}; data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:166:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minAlignLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:169:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minReadLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:172:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minEvidenceOverlap = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:175:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minEvidenceCoverage = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapBasedTrimming/trimReads.C:251:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logMsg[1024] = {0}; data/canu-2.0+dfsg/src/overlapBasedTrimming/trimStat.H:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:43:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filter[256]; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:218:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. G->bases = new char [G->basesLen]; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Redo_Olaps.C:515:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rseq, fseq, sizeof(char) * (fseqLen + 1)); data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Redo_Olaps.C:632:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fseq = new char [AS_MAX_READLEN + 1 + AS_MAX_READLEN + 1]; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Redo_Olaps.C:635:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *rseq = new char [AS_MAX_READLEN + 1 + AS_MAX_READLEN + 1]; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps.C:68:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). G->bgnID = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps.C:69:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). G->endID = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps.C:78:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). G->minOverlap = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps.C:94:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). G->numThreads = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps.C:165:60: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *correctedReads = G->correctedName == NULL ? NULL : fopen(G->correctedName, "w"); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Dump.C:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *typeName[13] = { "IDENT", data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Read_Frags.C:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filter[256]; data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Read_Frags.C:79:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. G->readBases = new char [basesLength]; data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors.C:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filter[256]; data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors.C:126:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fl->readBases = new char * [fl->readsMax]; data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors.C:355:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). G->bgnID = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors.C:356:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). G->endID = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors.C:365:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). G->minOverlap = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors.C:371:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). G->numThreads = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors.H:333:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rev_seq[AS_MAX_READLEN + 1]; // Used in Process_Olap to hold RC of the B read data/canu-2.0+dfsg/src/overlapInCore/liboverlap/Binomial_Bound.C:197:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen("values-new.dat", "w"); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:75:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char D[FILENAME_MAX]; data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char O[FILENAME_MAX]; data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:79:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minEvalue = atoi(argv[1]); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:83:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minEvalue = atoi(argv[1]); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:84:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxEvalue = atoi(argv[2]); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:87:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minEvalue = atoi(argv[1]); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:88:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxEvalue = atoi(argv[2]); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:89:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). step = atoi(argv[3]); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:100:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(D, "prefixEditDistance-matchLimitData-BITS=%01d", AS_MAX_READLEN_BITS); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; // Local to this thread! data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:124:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(N, "r"); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:156:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(O, "w"); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:173:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(O, "w"); data/canu-2.0+dfsg/src/overlapInCore/liboverlap/prefixEditDistance-matchLimitGenerate.C:195:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(O, "w"); data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Build_Hash_Index.C:236:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Build_Hash_Index.C:543:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. basesData = new char [Data_Len]; data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Build_Hash_Index.C:649:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newSpace, Extra_Ref_Space, sizeof(String_Ref_t) * Max_Extra_Ref_Space); data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Find_Overlaps.C:118:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newSpace, WA->Match_Node_Space, sizeof(Match_Node_t) * WA->Match_Node_Size); data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Find_Overlaps.C:174:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newSpace, WA->String_Olap_Space, sizeof(String_Olap_t) * WA->String_Olap_Size); data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Output.C:202:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char deltas[2 * AS_READ_MAX_NORMAL_LEN]; data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Process_String_Overlaps.C:255:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(olap[i].delta, WA->editDist->Left_Delta, WA->editDist->Left_Delta_Len * sizeof(int32)); data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Process_String_Overlaps.C:281:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(olap[ct].delta, WA->editDist->Left_Delta, WA->editDist->Left_Delta_Len * sizeof(int32)); data/canu-2.0+dfsg/src/overlapInCore/overlapInCore.C:567:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stats = fopen(G.Outstat_Name, "w"); data/canu-2.0+dfsg/src/overlapInCore/overlapInCore.H:363:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Check [ENTRIES_PER_BUCKET]; data/canu-2.0+dfsg/src/overlapInCore/overlapInCore.H:364:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Hits [ENTRIES_PER_BUCKET]; data/canu-2.0+dfsg/src/overlapInCore/overlapInCorePartition.C:284:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char A[FILENAME_MAX]; data/canu-2.0+dfsg/src/overlapInCore/overlapInCorePartition.C:290:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(A, "w"); data/canu-2.0+dfsg/src/overlapInCore/overlapInCorePartition.C:302:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char A[FILENAME_MAX]; data/canu-2.0+dfsg/src/overlapInCore/overlapInCorePartition.C:303:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char B[FILENAME_MAX]; data/canu-2.0+dfsg/src/overlapInCore/overlapInCorePartition.C:319:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputName[FILENAME_MAX]; data/canu-2.0+dfsg/src/overlapInCore/overlapPair.C:700:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bgnID = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapInCore/overlapPair.C:703:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). endID = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapInCore/overlapPair.C:706:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numThreads = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapInCore/overlapPair.C:718:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). memLimit = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapInCore/overlapPair.C:721:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minOverlapLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/overlapInCore/overlapReadCache.C:49:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. readSeqFwd = new char * [nReads + 1]; data/canu-2.0+dfsg/src/overlapInCore/overlapReadCache.C:78:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(readSeqFwd[id], read.sqRead_sequence(), sizeof(char) * readLen[id]); data/canu-2.0+dfsg/src/sequence/sequence-extract.C:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char C[256] = {0}; data/canu-2.0+dfsg/src/sequence/sequence-extract.C:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char U[256] = {0}; data/canu-2.0+dfsg/src/sequence/sequence-extract.C:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char L[256] = {0}; data/canu-2.0+dfsg/src/sequence/sequence-extract.C:161:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outputString + outputStringLen, seq + bbgn, bend - bbgn); data/canu-2.0+dfsg/src/sequence/sequence-generate.C:46:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *seq = new char [seqMax + 1]; data/canu-2.0+dfsg/src/sequence/sequence-sample.C:340:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX+1] = {0}; data/canu-2.0+dfsg/src/sequence/sequence-sample.C:341:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char digs[8]; data/canu-2.0+dfsg/src/sequence/sequence-shiftregister-search-slow.C:32:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srprint[65]; data/canu-2.0+dfsg/src/sequence/sequence-shiftregister-search-slow.C:33:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char svprint[65]; data/canu-2.0+dfsg/src/sequence/sequence-simulate.C:168:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, seqs[ss]->bases() + position, sizeof(char) * readLength); data/canu-2.0+dfsg/src/sequence/sequence-simulate.C:179:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, seqs[ss]->bases() + position, sizeof(char) * l1); data/canu-2.0+dfsg/src/sequence/sequence-simulate.C:180:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r + l1, seqs[ss]->bases(), sizeof(char) * l2); data/canu-2.0+dfsg/src/sequence/sequence-summarize.C:71:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seq + seqLen, buffer, sizeof(char) * bufferLen); data/canu-2.0+dfsg/src/sequence/sequence-summarize.C:212:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **histPlot = new char * [nRows + 1]; data/canu-2.0+dfsg/src/sequence/sequence-summarize.C:223:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(histPlot[rr], "%9" F_U64P " %7" F_U32P "|", data/canu-2.0+dfsg/src/sequence/sequence-summarize.C:226:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(histPlot[rr], "%9" F_U64P "-%-9" F_U64P " %7" F_U32P "|", data/canu-2.0+dfsg/src/sequence/sequence.H:312:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char genomeName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/sequence/sequence.H:313:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char distribName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/sequence/sequence.H:314:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/sequence/sequence.H:362:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output1[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/sequence/sequence.H:363:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output2[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/sequence/sequence.H:412:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sr[65]; data/canu-2.0+dfsg/src/sequence/sequence.H:413:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char svmin[65]; data/canu-2.0+dfsg/src/sequence/sequence.H:414:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char svmax[65]; data/canu-2.0+dfsg/src/stores/dumpBlob.C:75:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chunk[5] = {0}; data/canu-2.0+dfsg/src/stores/libsnappy/snappy-sinksource.cc:77:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest_, data, n); data/canu-2.0+dfsg/src/stores/libsnappy/snappy-sinksource.cc:91:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest_, data, n); data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-internal.cc:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[Varint::kMax32]; data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-internal.h:196:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&t, p, sizeof t); data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-internal.h:201:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &v, sizeof v); data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-internal.h:211:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&t, p, sizeof t); data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-internal.h:217:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&t, p, sizeof t); data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-internal.h:223:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&t, p, sizeof t); data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-internal.h:228:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &v, sizeof v); data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-internal.h:232:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &v, sizeof v); data/canu-2.0+dfsg/src/stores/libsnappy/snappy-stubs-internal.h:236:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &v, sizeof v); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:100:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[8]; data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:101:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, src, 8); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:102:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, tmp, 8); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:112:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[16]; data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:113:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, src, 16); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:114:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, tmp, 16); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, literal, len); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:648:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scratch_[kMaximumTagLength]; // See RefillTag(). data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:839:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratch_ + nbuf, src, to_add); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:896:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ulength[Varint::kMax32]; data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:926:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratch, fragment, bytes_read); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:932:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratch + bytes_read, fragment, n); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:1043:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GetIOVecPointer(curr_iov_index_, curr_iov_written_), data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:1188:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, ip, len); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:1376:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op_ptr_, ip, len); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:1421:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op_ptr_, ip, avail); data/canu-2.0+dfsg/src/stores/libsnappy/snappy.cc:1442:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op_ptr_, ip, len); data/canu-2.0+dfsg/src/stores/loadErates.C:81:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char evalueName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/loadErates.C:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char evalueTemp[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/loadTrimmedReads.C:43:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *bcomp = new char [ nlen + 1 ]; data/canu-2.0+dfsg/src/stores/ovStore.C:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/ovStore.H:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/ovStore.H:99:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/ovStore.H:200:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _storePath[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStore.H:238:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _storePath[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStore.H:299:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _storePath[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreBucketizer.C:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/ovStoreBucketizer.C:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ovlstr[256]; data/canu-2.0+dfsg/src/stores/ovStoreBucketizer.C:96:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char createName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreBucketizer.C:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sliceSName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreBucketizer.C:98:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bucketName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreBucketizer.C:115:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bucketNum = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/ovStoreBuild.C:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/ovStoreConfig.H:61:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _inputNames = new char * [_numInputs]; data/canu-2.0+dfsg/src/stores/ovStoreConfig.H:105:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _inputNames = new char * [_numInputs]; data/canu-2.0+dfsg/src/stores/ovStoreDump.C:404:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[256] = {0}; data/canu-2.0+dfsg/src/stores/ovStoreDump.C:490:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/canu-2.0+dfsg/src/stores/ovStoreDump.C:543:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/canu-2.0+dfsg/src/stores/ovStoreDump.C:575:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char annoStr[16]; data/canu-2.0+dfsg/src/stores/ovStoreDump.C:579:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. annoLen = sprintf(annoStr, "tig=%u", status[Bid].tigId); data/canu-2.0+dfsg/src/stores/ovStoreDump.C:581:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. annoLen = sprintf(annoStr, "tig=---"); data/canu-2.0+dfsg/src/stores/ovStoreDump.C:592:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char annoStr[16]; data/canu-2.0+dfsg/src/stores/ovStoreDump.C:593:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. uint32 annoLen = sprintf(annoStr, "score=%u", overlaps[o].overlapScore()); data/canu-2.0+dfsg/src/stores/ovStoreDump.C:632:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ovlString[1024]; data/canu-2.0+dfsg/src/stores/ovStoreDump.C:1098:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binaryName[FILENAME_MAX + 1]; data/canu-2.0+dfsg/src/stores/ovStoreFile.C:94:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreFile.H:138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreFile.H:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreFile.H:263:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[FILENAME_MAX + 1]; data/canu-2.0+dfsg/src/stores/ovStoreFile.H:295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _prefix[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreFile.H:296:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreFilter.C:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ovlstr[256]; data/canu-2.0+dfsg/src/stores/ovStoreHistogram.C:106:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreHistogram.C:144:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(name, ".statistics"); data/canu-2.0+dfsg/src/stores/ovStoreHistogram.C:154:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreHistogram.C:224:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_scores + other->_scoresBaseID, data/canu-2.0+dfsg/src/stores/ovStoreSorter.C:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreSorter.C:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreSorter.C:143:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sliceNum = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/ovStoreStats.C:98:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bgnID = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/ovStoreStats.C:101:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). endID = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/ovStoreStats.C:252:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char LOGname[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:220:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:255:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:343:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:363:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:447:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dataname[FILENAME_MAX+1] = {0}; data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:483:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:495:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nameF[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:496:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nameI[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:528:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:529:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nomo[FILENAME_MAX+1]; // Esperanto, in case you were wondering. data/canu-2.0+dfsg/src/stores/sqCache.C:211:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_reads[id]._data, bptr, blen); data/canu-2.0+dfsg/src/stores/sqCache.C:266:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cName = (char *) (_reads[id]._data + 0); data/canu-2.0+dfsg/src/stores/sqLibrary.H:107:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _libraryName[LIBRARY_NAME_SIZE]; data/canu-2.0+dfsg/src/stores/sqRead.H:535:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _blobName[4]; data/canu-2.0+dfsg/src/stores/sqRead.H:606:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_rawBases, S, sizeof(char) * Slen); data/canu-2.0+dfsg/src/stores/sqRead.H:615:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_corBases, S, sizeof(char) * Slen); data/canu-2.0+dfsg/src/stores/sqReadData.C:65:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_name, chunk, chunkLen); data/canu-2.0+dfsg/src/stores/sqStore.H:202:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _storePath[FILENAME_MAX+1]; // Path to the seqStore. data/canu-2.0+dfsg/src/stores/sqStore.H:203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _blobName[FILENAME_MAX+1]; // A temporary to make life easier. data/canu-2.0+dfsg/src/stores/sqStore.H:222:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _storePath[FILENAME_MAX+1]; // Path to the seqStore. data/canu-2.0+dfsg/src/stores/sqStore.H:223:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _blobName[FILENAME_MAX+1]; // A temporary to make life easier. data/canu-2.0+dfsg/src/stores/sqStore.H:340:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _storePath[FILENAME_MAX+1]; // Needed to create files data/canu-2.0+dfsg/src/stores/sqStoreConstructor.C:48:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/sqStoreConstructor.C:114:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nameL[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/sqStoreConstructor.C:115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nameR[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/sqStoreConstructor.C:116:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nameB[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/sqStoreConstructor.C:197:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char No[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/sqStoreConstructor.C:198:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Nn[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/sqStoreConstructor.C:287:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/sqStoreCreate.C:333:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inLine[1024] = { 0 }; data/canu-2.0+dfsg/src/stores/sqStoreCreate.C:565:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minReadLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/sqStoreCreate.C:569:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). genomeSize = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:183:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _p[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:184:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _s[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:185:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _n[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:262:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). libToDump = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char h1[1024] = {0}; data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char h2[1024] = {0}; data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char h3[1024] = {0}; data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:67:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h1, " --------NORMAL RAW READS--------"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:68:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h2, " seqLen clearBgn clearEnd"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:69:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h3, " ---------- ---------- ----------"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:73:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h1, " ------COMPRESSED RAW READS------"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:74:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h2, " seqLen clearBgn clearEnd"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:75:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h3, " ---------- ---------- ----------"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:79:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h1, " -----NORMAL CORRECTED READS-----"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:80:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h2, " seqLen clearBgn clearEnd"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:81:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h3, " ---------- ---------- ----------"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:85:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h1, " ---COMPRESSED CORRECTED READS---"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:86:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h2, " seqLen clearBgn clearEnd"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:87:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(h3, " ---------- ---------- ----------"); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:103:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(len, " -", sizeof(char) * 11); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:106:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(len, " ignored", sizeof(char) * 11); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:119:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bgn, " -", sizeof(char) * 11); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:120:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(end, " -", sizeof(char) * 11); data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char l1[1024] = {0}; data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:178:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1len[16] = {0}, s1bgn[16] = {0}, s1end[16] = {0}; data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:179:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s2len[16] = {0}, s2bgn[16] = {0}, s2end[16] = {0}; data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:180:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s3len[16] = {0}, s3bgn[16] = {0}, s3end[16] = {0}; data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:181:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s4len[16] = {0}, s4bgn[16] = {0}, s4end[16] = {0}; data/canu-2.0+dfsg/src/stores/sqStoreDumpMetaData.C:182:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags[16] = {0}; data/canu-2.0+dfsg/src/stores/sqStoreInfo.C:253:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bName[FILENAME_MAX + 1] = {0}; data/canu-2.0+dfsg/src/stores/tgStore.C:333:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nr, _tigEntry, sizeof(tgStoreEntry) * _tigLen); data/canu-2.0+dfsg/src/stores/tgStore.C:334:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nc, _tigCache, sizeof(tgTig *) * _tigLen); data/canu-2.0+dfsg/src/stores/tgStore.C:704:32: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _dataFile[version].FP = fopen(_name, "a+"); data/canu-2.0+dfsg/src/stores/tgStore.C:707:32: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _dataFile[version].FP = fopen(_name, "r"); data/canu-2.0+dfsg/src/stores/tgStore.H:153:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _path[FILENAME_MAX+1]; // Path to the store. data/canu-2.0+dfsg/src/stores/tgStore.H:154:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _name[FILENAME_MAX+1]; // Name of the currently opened file, and other uses. data/canu-2.0+dfsg/src/stores/tgStoreCompress.C:151:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tigVers = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:543:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/tgStoreDump.C:730:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outName[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/tgStoreDump.C:964:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX]; data/canu-2.0+dfsg/src/stores/tgStoreDump.C:1028:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tigVers = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:1064:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). filter.minNreads = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:1066:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). filter.maxNreads = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:1071:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). filter.minLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:1073:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). filter.maxLength = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:1130:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maDisplayWidth = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:1135:41: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maDisplaySpacing = genomeSize = atol(argv[++arg]); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:1148:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minOverlap = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/tgStoreFilter.C:115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outLOGname[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/tgStoreFilter.C:116:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outSTAname[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/stores/tgStoreFilter.C:151:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tigVers = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/tgStoreFilter.C:164:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lowCovDepth = atoi(argv[++arg]); // Coverage below this is too low data/canu-2.0+dfsg/src/stores/tgStoreFilter.C:169:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minReads = atoi(argv[arg]); // If unitig has fewer than this number of reads it is demoted data/canu-2.0+dfsg/src/stores/tgStoreFilter.C:176:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tooLong = atoi(argv[++arg]); // Unitigs longer than this cannot be demoted data/canu-2.0+dfsg/src/stores/tgStoreFilter.C:179:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tooShort = atoi(argv[++arg]); // Unitigs shorter than this are demoted data/canu-2.0+dfsg/src/stores/tgStoreLoad.C:166:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tigVers = atoi(argv[++arg]); data/canu-2.0+dfsg/src/stores/tgTig.C:303:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[4] = {'T', 'I', 'G', 'R', }; // That's tigRecord, not TIGR data/canu-2.0+dfsg/src/stores/tgTig.C:326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[4]; data/canu-2.0+dfsg/src/stores/tgTig.C:388:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[4] = {'T', 'I', 'G', 'R', }; // That's tigRecord, not TIGR data/canu-2.0+dfsg/src/stores/tgTig.C:411:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[4]; data/canu-2.0+dfsg/src/stores/tgTig.C:475:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deltaString[128] = {0}; data/canu-2.0+dfsg/src/stores/tgTig.C:476:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trimString[128] = {0}; data/canu-2.0+dfsg/src/stores/tgTig.C:597:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_bases, W[1], sizeof(char) * (_basesLen + 1)); // W[1] is null terminated, and we just copy it in data/canu-2.0+dfsg/src/stores/tgTig.C:599:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_quals, W[1], sizeof(char) * (_basesLen + 1)); data/canu-2.0+dfsg/src/stores/tgTigDisplay.C:70:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(tigFileName, "r"); data/canu-2.0+dfsg/src/stores/tgTigMultiAlignDisplay.C:91:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. bases = new char [sequenceLength + 1]; data/canu-2.0+dfsg/src/stores/tgTigMultiAlignDisplay.C:92:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. quals = new char [sequenceLength + 1]; data/canu-2.0+dfsg/src/stores/tgTigMultiAlignDisplay.C:259:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **displayBases = new char * [rowsLen]; // Bases to print in the current window. data/canu-2.0+dfsg/src/stores/tgTigMultiAlignDisplay.C:260:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **displayQuals = new char * [rowsLen]; // Quals to print in the current window. data/canu-2.0+dfsg/src/stores/tgTigMultiAlignDisplay.C:262:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **displayFwd = new char * [rowsLen]; // data/canu-2.0+dfsg/src/stores/tgTigMultiAlignDisplay.C:265:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. displayBases[ii] = new char [length() + gapPositions.size() + displayWidth + 1]; data/canu-2.0+dfsg/src/stores/tgTigMultiAlignDisplay.C:266:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. displayQuals[ii] = new char [length() + gapPositions.size() + displayWidth + 1]; data/canu-2.0+dfsg/src/stores/tgTigMultiAlignDisplay.C:268:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. displayFwd[ii] = new char [length() + gapPositions.size() + 1]; data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalgorithm.H:248:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tolower[256]; data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalign.C:182:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_bRev, bStr, sizeof(char) * (_bLen + 1)); data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalign.C:633:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origScore[1024]; data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalign.C:654:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(origScore, "NDalign::processHits()-- OLD length %u erate %f score %u (%d-%d %d-%d)\n", data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalign.C:744:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origScore[1024]; data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalign.C:768:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(origScore, "NDalign::realignForward()-- OLD length %u erate %f score %u (%d-%d %d-%d)\n", data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalign.C:808:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origScore[1024]; data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalign.C:832:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(origScore, "NDalign::realignBackward()-- OLD length %u erate %f score %u (%d-%d %d-%d)\n", data/canu-2.0+dfsg/src/utgcns/libNDalign/NDalign.H:107:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_delta, d, sizeof(int32) * _deltaLen); data/canu-2.0+dfsg/src/utgcns/libNNalign/NNalign.C:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char h_alignA[AS_MAX_READLEN + AS_MAX_READLEN + 2]; data/canu-2.0+dfsg/src/utgcns/libNNalign/NNalign.C:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char h_alignB[AS_MAX_READLEN + AS_MAX_READLEN + 2]; data/canu-2.0+dfsg/src/utgcns/unitigConsensus.C:96:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _bases = new char [_length + 1]; data/canu-2.0+dfsg/src/utgcns/unitigConsensus.C:100:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inv[256] = {0}; data/canu-2.0+dfsg/src/utgcns/unitigConsensus.C:219:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_utgpos, _tig->getChild(0), sizeof(tgPosition) * _numReads); data/canu-2.0+dfsg/src/utgcns/unitigConsensus.C:220:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_cnspos, _tig->getChild(0), sizeof(tgPosition) * _numReads); data/canu-2.0+dfsg/src/utgcns/utgcns.C:330:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char partName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utgcns/utgcns.C:752:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). params.tigVers = atoi(argv[++arg]); data/canu-2.0+dfsg/src/utgcns/utgcns.C:762:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). params.tigPart = atoi(argv[++arg]); data/canu-2.0+dfsg/src/utgcns/utgcns.C:815:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). params.numThreads = atoi(argv[++arg]); data/canu-2.0+dfsg/src/utgcns/utgcns.C:835:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). params.minOverlap = atoi(argv[++arg]); data/canu-2.0+dfsg/src/utility/arrays.H:69:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, fr, sizeof(TT) * (ln+1)); data/canu-2.0+dfsg/src/utility/arrays.H:93:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, fr, sizeof(TT) * frLen); data/canu-2.0+dfsg/src/utility/arrays.H:109:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, array, sizeof(TT) * arrayLen); data/canu-2.0+dfsg/src/utility/bits.C:156:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_dataBlockBgn, that._dataBlockBgn, sizeof(uint64) * _dataBlocksMax); data/canu-2.0+dfsg/src/utility/bits.C:157:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_dataBlockLen, that._dataBlockLen, sizeof(uint64) * _dataBlocksMax); data/canu-2.0+dfsg/src/utility/bits.C:163:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_dataBlocks[ii], that._dataBlocks[ii], sizeof(uint64) * _dataBlockLenMax / 64); data/canu-2.0+dfsg/src/utility/bits.C:176:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_fibData, that._fibData, 93 * sizeof(uint64)); data/canu-2.0+dfsg/src/utility/bits.H:60:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char b[65]; data/canu-2.0+dfsg/src/utility/bits.H:563:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bits[65]; data/canu-2.0+dfsg/src/utility/bitsTest.C:29:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[65]; data/canu-2.0+dfsg/src/utility/bitsTest.C:30:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b2[65]; data/canu-2.0+dfsg/src/utility/bitsTest.C:31:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b3[65]; data/canu-2.0+dfsg/src/utility/bitsTest.C:288:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen("length.histo", "w"); data/canu-2.0+dfsg/src/utility/bitsTest.C:295:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen("length.dat", "w"); data/canu-2.0+dfsg/src/utility/edlib.C:384:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cigar_, &(*cigar)[0], cigar->size() * sizeof(char)); data/canu-2.0+dfsg/src/utility/edlib.C:1557:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*alignment, ulAlignment, ulAlignmentLength); data/canu-2.0+dfsg/src/utility/edlib.C:1558:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*alignment + ulAlignmentLength, lrAlignment, lrAlignmentLength); data/canu-2.0+dfsg/src/utility/edlib.C:1596:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char letterIdx[256]; //!< letterIdx[c] is index of letter c in alphabet data/canu-2.0+dfsg/src/utility/files-buffered.C:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/files-buffered.C:62:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_filename, "(stdin)"); data/canu-2.0+dfsg/src/utility/files-buffered.C:89:38: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = (_stdin) ? fileno(stdin) : open(_filename, O_RDONLY | O_LARGEFILE); data/canu-2.0+dfsg/src/utility/files-buffered.C:109:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_filename, "(hidden file)"); data/canu-2.0+dfsg/src/utility/files-buffered.C:252:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufchar, _buffer + _bufferPos, len); data/canu-2.0+dfsg/src/utility/files-buffered.C:270:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufchar, _buffer + _bufferPos, bCopied); data/canu-2.0+dfsg/src/utility/files-buffered.C:329:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. readBuffer::peekIFFchunk(char name[4], uint32 &dataLen) { data/canu-2.0+dfsg/src/utility/files-buffered.C:339:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( name, _buffer + _bufferPos, sizeof(char) * 4); data/canu-2.0+dfsg/src/utility/files-buffered.C:340:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dataLen, _buffer + _bufferPos + 4, sizeof(uint32)); data/canu-2.0+dfsg/src/utility/files-buffered.C:366:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dtag[4] = {0}; data/canu-2.0+dfsg/src/utility/files-buffered.C:414:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/files-buffered.C:442:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); // so we can set the file position. data/canu-2.0+dfsg/src/utility/files-buffered.C:489:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_buffer + _bufferLen, data, length); // our buffer. data/canu-2.0+dfsg/src/utility/files-buffered.C:528:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header + 0, name, sizeof(uint8) * 4); data/canu-2.0+dfsg/src/utility/files-buffered.C:529:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header + 4, &dataLength, sizeof(uint32)); data/canu-2.0+dfsg/src/utility/files-buffered.C:587:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_chunkBuffer + _chunkBufferLen, data, dataLength); data/canu-2.0+dfsg/src/utility/files-buffered.C:652:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). writeBuffer::open(void) { data/canu-2.0+dfsg/src/utility/files-buffered.C:657:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = fopen(_filename, _filemode); data/canu-2.0+dfsg/src/utility/files-buffered.C:674:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/canu-2.0+dfsg/src/utility/files-buffered.H:104:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _filename[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/files-buffered.H:182:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(void); data/canu-2.0+dfsg/src/utility/files-buffered.H:185:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _filename[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/files-buffered.H:186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _filemode[17]; data/canu-2.0+dfsg/src/utility/files-compressed.C:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[FILENAME_MAX]; data/canu-2.0+dfsg/src/utility/files-compressed.C:105:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = fopen(_filename, "r"); data/canu-2.0+dfsg/src/utility/files-compressed.C:135:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[FILENAME_MAX]; data/canu-2.0+dfsg/src/utility/files-compressed.C:198:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _file = fopen(_filename, "w"); data/canu-2.0+dfsg/src/utility/files-memoryMapped.C:41:48: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _fd = (_type == memoryMappedFile_readOnly) ? open(_name, O_RDONLY | O_LARGEFILE) data/canu-2.0+dfsg/src/utility/files-memoryMapped.C:42:48: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). : open(_name, O_RDWR | O_LARGEFILE); data/canu-2.0+dfsg/src/utility/files-memoryMapped.H:81:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _name[FILENAME_MAX]; data/canu-2.0+dfsg/src/utility/files.C:322:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX]; data/canu-2.0+dfsg/src/utility/files.C:360:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[FILENAME_MAX]; data/canu-2.0+dfsg/src/utility/files.C:390:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[FILENAME_MAX]; data/canu-2.0+dfsg/src/utility/files.C:424:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[FILENAME_MAX]; data/canu-2.0+dfsg/src/utility/files.C:446:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[FILENAME_MAX]; data/canu-2.0+dfsg/src/utility/files.C:476:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[FILENAME_MAX]; data/canu-2.0+dfsg/src/utility/files.C:611:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fp[FILENAME_MAX + 1] = {0}; data/canu-2.0+dfsg/src/utility/files.C:654:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fp, "/../"); // Append the relative path. data/canu-2.0+dfsg/src/utility/files.C:699:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX]; data/canu-2.0+dfsg/src/utility/files.C:718:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(filename, "r"); data/canu-2.0+dfsg/src/utility/files.C:732:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX]; data/canu-2.0+dfsg/src/utility/files.C:763:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *F = fopen(filename, "w"); data/canu-2.0+dfsg/src/utility/kmers-reader.C:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/kmers-reader.C:200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m[17] = { 0 }; data/canu-2.0+dfsg/src/utility/kmers-writer-block.H:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _outName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/kmers-writer-stream.H:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _outName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/kmers-writer.C:144:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char N[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/kmers.C:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bits[67] = { 0 }; data/canu-2.0+dfsg/src/utility/kmers.H:701:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _inName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/kmers.H:786:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _outName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:461:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[200]; data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:1805:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, dir, dir_len); data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:1810:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s + dir_len + 1, filename, filename_len + 1); data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:1928:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, dir, dir_len); data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:1934:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p + dir_len + 1, f, f_len + 1); data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:2895:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, dir, dir_len); data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:2898:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s + dir_len + 1, filename, filename_len + 1); data/canu-2.0+dfsg/src/utility/libbacktrace/elf.c:140:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char e_ident[EI_NIDENT]; /* ELF "magic number" */ data/canu-2.0+dfsg/src/utility/libbacktrace/elf.c:243:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const debug_section_names[DEBUG_MAX] = data/canu-2.0+dfsg/src/utility/libbacktrace/elf.c:566:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&ehdr, ehdr_view.data, sizeof ehdr); data/canu-2.0+dfsg/src/utility/libbacktrace/mmap.c:249:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (base, vec->base, vec->size); data/canu-2.0+dfsg/src/utility/libbacktrace/posix.c:67:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). descriptor = open (filename, (int) (O_RDONLY | O_BINARY | O_CLOEXEC)); data/canu-2.0+dfsg/src/utility/logging.C:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _lName[logFileLevelNameLen]; // Name of this logging class data/canu-2.0+dfsg/src/utility/logging.C:170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rotmes[256] = {0}; data/canu-2.0+dfsg/src/utility/logging.C:211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _prefix[FILENAME_MAX + 1]; data/canu-2.0+dfsg/src/utility/logging.C:212:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _name [FILENAME_MAX + 1]; data/canu-2.0+dfsg/src/utility/logging.C:214:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _filePrefix[FILENAME_MAX + 1]; // e.g., 'prefix.###.name' data/canu-2.0+dfsg/src/utility/logging.C:215:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _fileName [FILENAME_MAX + 1]; // e.g., 'prefix.###.name.thr###.part###.log' data/canu-2.0+dfsg/src/utility/md5.C:33:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[64]; // input buffer data/canu-2.0+dfsg/src/utility/md5.C:41:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void MD5Transform(uint32 [4], unsigned char const [64]); data/canu-2.0+dfsg/src/utility/md5.C:63:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char PADDING[64] = { data/canu-2.0+dfsg/src/utility/md5.C:132:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[index], input, partLen); data/canu-2.0+dfsg/src/utility/md5.C:144:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[index], &input[i], inputLen-i); data/canu-2.0+dfsg/src/utility/md5.C:150:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void MD5Final (unsigned char digest[16], MD5_CTX *context) { data/canu-2.0+dfsg/src/utility/md5.C:151:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bits[8]; data/canu-2.0+dfsg/src/utility/md5.C:173:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void MD5Transform(uint32 state[4], unsigned char const block[64]) { data/canu-2.0+dfsg/src/utility/md5.C:321:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dig[16]; data/canu-2.0+dfsg/src/utility/md5.C:406:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dig[16]; data/canu-2.0+dfsg/src/utility/md5.H:19:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[MD5_BUFFER_SIZE]; data/canu-2.0+dfsg/src/utility/mt19937arTest.C:10:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32 number = atoi(argv[1]); data/canu-2.0+dfsg/src/utility/objectStore.C:254:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[8]; data/canu-2.0+dfsg/src/utility/objectStore.C:274:15: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. pid_t pid = vfork(); data/canu-2.0+dfsg/src/utility/sequence.C:37:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/canu-2.0+dfsg/src/utility/sequence.C:75:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/canu-2.0+dfsg/src/utility/sequence.C:538:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/sequence.C:562:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexName[FILENAME_MAX+1]; data/canu-2.0+dfsg/src/utility/speedCounter.H:106:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *_spinr[4]; data/canu-2.0+dfsg/src/utility/speedCounter.H:107:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *_liner[19]; data/canu-2.0+dfsg/src/utility/strings.C:243:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_chars, line, sizeof(char) * (_charsLen + 1)); data/canu-2.0+dfsg/src/utility/system-stackTrace.C:136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/canu-2.0+dfsg/src/wtdbg/wtdbgConvert.C:163:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX] = {0}; data/canu-2.0+dfsg/src/wtdbg/wtdbgConvert.C:195:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tig->_tigID = atoi(W[0]+4); data/canu-2.0+dfsg/src/wtdbg/wtdbgConvert.C:203:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tig->_layoutLen = atoi(W[2]+4); data/canu-2.0+dfsg/src/wtdbg/wtdbgConvert.C:208:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32 rid = atoi(W[1]+4); data/canu-2.0+dfsg/src/wtdbg/wtdbgConvert.C:213:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index = atoi(W[1]+rLen-1); data/canu-2.0+dfsg/src/AS_global.C:152:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *E = argv[0] + strlen(argv[0]) - 1; data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:139:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint32 lo = read.position.min(); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:140:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint32 hi = read.position.max(); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:214:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ident, read.position.bgn, read.position.end, bgnBP, endBP); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:214:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ident, read.position.bgn, read.position.end, bgnBP, endBP); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:214:49: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ident, read.position.bgn, read.position.end, bgnBP, endBP); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:221:90: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). writeLog("splitTig()-- new tig %u (id=%u) at read %u %u-%u\n", tigs.size(), finBP, read.ident, read.position.min(), read.position.max()); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:221:102: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). writeLog("splitTig()-- new tig %u (id=%u) at read %u %u-%u\n", tigs.size(), finBP, read.ident, read.position.min(), read.position.max()); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:221:123: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). writeLog("splitTig()-- new tig %u (id=%u) at read %u %u-%u\n", tigs.size(), finBP, read.ident, read.position.min(), read.position.max()); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:222:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). lowCoord[finBP] = read.position.min(); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:230:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ident, read.position.bgn, read.position.end, finBP, newTigs[finBP]->id()); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:230:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ident, read.position.bgn, read.position.end, finBP, newTigs[finBP]->id()); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:230:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ident, read.position.bgn, read.position.end, finBP, newTigs[finBP]->id()); data/canu-2.0+dfsg/src/bogart/AS_BAT_CreateUnitigs.C:231:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). newTigs[finBP]->addRead(read, -lowCoord[finBP], false); data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.C:300:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.ident == fn) { data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.C:301:75: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). writeLog("dropDead()-- tig %u gets first read %u\n", fnTig->id(), read.ident); data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.C:302:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fnTig->addRead(read, -read.position.min(), false); data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.C:302:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fnTig->addRead(read, -read.position.min(), false); data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.C:304:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). } else if (read.ident == ln) { data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.C:305:74: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). writeLog("dropDead()-- tig %u gets last read %u\n", lnTig->id(), read.ident); data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.C:306:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). lnTig->addRead(read, -read.position.min(), false); data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.C:306:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). lnTig->addRead(read, -read.position.min(), false); data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.C:311:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nnOff = read.position.min(); data/canu-2.0+dfsg/src/bogart/AS_BAT_DropDeadEnds.C:313:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nnTig->addRead(read, -nnOff, false); data/canu-2.0+dfsg/src/bogart/AS_BAT_PopulateUnitig.C:64:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int32 lastID = read.ident; data/canu-2.0+dfsg/src/bogart/AS_BAT_PopulateUnitig.C:65:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool last3p = (read.position.bgn < read.position.end); data/canu-2.0+dfsg/src/bogart/AS_BAT_PopulateUnitig.C:65:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool last3p = (read.position.bgn < read.position.end); data/canu-2.0+dfsg/src/bogart/AS_BAT_PopulateUnitig.C:92:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (unitig->placeRead(read, bestnext->readId(), bestnext->read3p(), &bestprev)) { data/canu-2.0+dfsg/src/bogart/AS_BAT_PopulateUnitig.C:93:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unitig->addRead(read); data/canu-2.0+dfsg/src/bogart/AS_BAT_PopulateUnitig.C:106:75: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fprintf(stderr, "ERROR: Failed to place read %d into BOG path.\n", read.ident); data/canu-2.0+dfsg/src/bogart/AS_BAT_PopulateUnitig.C:113:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). lastID = read.ident; data/canu-2.0+dfsg/src/bogart/AS_BAT_PopulateUnitig.C:114:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). last3p = (read.position.bgn < read.position.end); data/canu-2.0+dfsg/src/bogart/AS_BAT_PopulateUnitig.C:114:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). last3p = (read.position.bgn < read.position.end); data/canu-2.0+dfsg/src/bogart/AS_BAT_PromoteToSingleton.C:60:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ufNode read; data/canu-2.0+dfsg/src/bogart/AS_BAT_PromoteToSingleton.C:62:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ident = fi; data/canu-2.0+dfsg/src/bogart/AS_BAT_PromoteToSingleton.C:63:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.contained = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_PromoteToSingleton.C:64:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.parent = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_PromoteToSingleton.C:65:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ahang = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_PromoteToSingleton.C:66:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.bhang = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_PromoteToSingleton.C:67:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.position.bgn = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_PromoteToSingleton.C:68:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.position.end = RI->readLength(fi); data/canu-2.0+dfsg/src/bogart/AS_BAT_PromoteToSingleton.C:70:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). utg->addRead(read, 0, false); data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig.H:295:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool placeRead(ufNode &read, // resulting placement data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:99:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ufNode read; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:101:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ident = readId; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:102:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.contained = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:103:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.parent = edge->readId(); // == parent->ident data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:104:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ahang = 0; // Not used in bogart, set on output data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:105:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.bhang = 0; // Not used in bogart, set on output data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:106:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.position.bgn = (fFwd) ? fMin : fMax; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:107:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.position.end = (fFwd) ? fMax : fMin; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:114:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fMin, fMax, (fFwd) ? "rev" : "fwd", read.position.bgn, read.position.end, data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:114:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fMin, fMax, (fFwd) ? "rev" : "fwd", read.position.bgn, read.position.end, data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:115:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 100.0 * (read.position.max() - read.position.min()) / RI->readLength(readId)); data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:115:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 100.0 * (read.position.max() - read.position.min()) / RI->readLength(readId)); data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:118:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return(read); data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:227:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ufNode read; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:229:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ident = readId; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:230:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.contained = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:231:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.parent = edge->readId(); // == parent->ident data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:232:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ahang = 0; // Not used in bogart, set on output data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:233:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.bhang = 0; // Not used in bogart, set on output data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:234:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.position.bgn = (fFwd) ? fMin : fMax; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:235:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.position.end = (fFwd) ? fMax : fMin; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:242:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fMin, fMax, (fFwd) ? "rev" : "fwd", read.position.bgn, read.position.end, data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:242:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fMin, fMax, (fFwd) ? "rev" : "fwd", read.position.bgn, read.position.end, data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:243:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 100.0 * (read.position.max() - read.position.min()) / RI->readLength(readId)); data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:243:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 100.0 * (read.position.max() - read.position.min()) / RI->readLength(readId)); data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:246:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return(read); data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:256:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Unitig::placeRead(ufNode &read, // output placement data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:264:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ident = readId; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:265:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.contained = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:266:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.parent = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:267:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.ahang = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:268:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.bhang = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:269:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.position.bgn = 0; data/canu-2.0+dfsg/src/bogart/AS_BAT_Unitig_PlaceReadUsingEdges.C:270:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.position.end = 0; data/canu-2.0+dfsg/src/bogus/bogusUtil.C:315:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32 rl = strlen(refseq); data/canu-2.0+dfsg/src/bogus/bogusUtil.H:95:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(cn) < 256); data/canu-2.0+dfsg/src/correction/falconConsensus-alignTag.C:147:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). evidence[j].read[evidence[j].readLength] = 0; data/canu-2.0+dfsg/src/correction/falconConsensus-alignTag.C:185:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). EdlibAlignResult align = edlibAlign(evidence[j].read, evidence[j].readLength, data/canu-2.0+dfsg/src/correction/falconConsensus-alignTag.C:259:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). evidence[0].read, evidence[j].read, data/canu-2.0+dfsg/src/correction/falconConsensus-alignTag.C:259:59: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). evidence[0].read, evidence[j].read, data/canu-2.0+dfsg/src/correction/falconConsensus.H:122:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memcpy(read, read_, readLen_); data/canu-2.0+dfsg/src/correction/falconConsensus.H:134:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). delete [] read; data/canu-2.0+dfsg/src/correction/falconConsensus.H:137:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char *read; data/canu-2.0+dfsg/src/gfa/bed.C:89:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _Aname = new char [strlen(W[0]) + 1]; data/canu-2.0+dfsg/src/gfa/bed.C:95:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _Bname = new char [strlen(W[3]) + 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:44:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(token); // Skip over the token... data/canu-2.0+dfsg/src/gfa/gfa.C:89:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _name = new char [strlen(name) + 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:110:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _name = new char [strlen(W[1]) + 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:112:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _sequence = new char [strlen(W[2]) + 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:113:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _features = new char [strlen(W[3]) + 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:161:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _Aname = new char [strlen(Aname) + 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:165:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _Bname = new char [strlen(Bname) + 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:169:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _cigar = new char [strlen(cigar) + 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:193:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _Aname = new char [strlen(W[1]) + 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:197:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _Bname = new char [strlen(W[3]) + 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:201:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _cigar = new char [strlen(W[5]) + 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:203:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _features = new char [(W[6]) ? strlen(W[6]) + 1 : 1]; data/canu-2.0+dfsg/src/gfa/gfa.C:299:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _header = new char [strlen(inName) + 1]; data/canu-2.0+dfsg/src/haplotyping/splitHaplotype.C:208:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). insLen = strlen(ins); data/canu-2.0+dfsg/src/haplotyping/splitHaplotype.C:269:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(merylName, merylname, FILENAME_MAX); data/canu-2.0+dfsg/src/haplotyping/splitHaplotype.C:270:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(histoName, histoname, FILENAME_MAX); data/canu-2.0+dfsg/src/haplotyping/splitHaplotype.C:271:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(outputName, fastaname, FILENAME_MAX); data/canu-2.0+dfsg/src/meryl/meryl-lookup.C:66:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). labels[ll] = new char [strlen(klabel[ll]) + 2]; data/canu-2.0+dfsg/src/meryl/meryl.C:177:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(T, printerName, FILENAME_MAX); data/canu-2.0+dfsg/src/meryl/meryl.C:299:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). optStringLen = strlen(argv[arg]); data/canu-2.0+dfsg/src/meryl/meryl.C:301:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(optString, argv[arg], FILENAME_MAX); data/canu-2.0+dfsg/src/meryl/meryl.C:330:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(inoutName, optString, FILENAME_MAX); data/canu-2.0+dfsg/src/meryl/meryl.C:481:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (uint32 vv=1; vv<strlen(optString); vv++) // increases verbosity by the data/canu-2.0+dfsg/src/meryl/meryl.C:806:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, op->getOutputName(), FILENAME_MAX); // know which input to open later. data/canu-2.0+dfsg/src/meryl/merylInput.C:53:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_name, toString(_operation->getOperation()), FILENAME_MAX); data/canu-2.0+dfsg/src/meryl/merylInput.C:84:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_name, n, FILENAME_MAX); data/canu-2.0+dfsg/src/meryl/merylInput.C:112:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_name, n, FILENAME_MAX); data/canu-2.0+dfsg/src/meryl/merylInput.C:167:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_name, n, FILENAME_MAX); data/canu-2.0+dfsg/src/meryl/merylOp-count.C:443:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 len = strlen(name); data/canu-2.0+dfsg/src/overlapAlign/clearRangeFile.C:85:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_filename, filename, FILENAME_MAX); data/canu-2.0+dfsg/src/overlapAlign/computeAlignments.C:62:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _seqCache->sqCache_getSequence(id, read, len, max); data/canu-2.0+dfsg/src/overlapAlign/computeAlignments.C:70:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reverseComplementSequence(read, _readData[id].rawLength); data/canu-2.0+dfsg/src/overlapAlign/computeAlignments.C:94:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _seqCache->sqCache_getSequence(id, read, len, max); data/canu-2.0+dfsg/src/overlapAlign/computeAlignments.C:104:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memmove(read, read + _readData[id].clrBgn, _readData[id].trimmedLength); data/canu-2.0+dfsg/src/overlapAlign/computeAlignments.C:106:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[_readData[id].trimmedLength] = 0; // maComputation allocates one extra byte for each read. data/canu-2.0+dfsg/src/overlapAlign/computeAlignments.C:110:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reverseComplementSequence(read, _readData[id].trimmedLength); data/canu-2.0+dfsg/src/overlapBasedTrimming/clearRangeFile.H:57:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_fileName, fileName, FILENAME_MAX); data/canu-2.0+dfsg/src/overlapBasedTrimming/splitReads.C:350:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeToFile(w->logMsg, "logMsg", strlen(w->logMsg), reportFile); data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:234:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.bases = G->bases + G->basesLen; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:235:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.basesLen = 0; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:236:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.adjusts = G->adjusts + G->adjustsLen; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:237:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.adjustsLen = 0; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:257:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.keep_left = C[Cpos].keep_left; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:258:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.keep_right = C[Cpos].keep_right; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:269:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.bases, data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:270:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.basesLen, data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:271:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.adjusts, data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:272:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.adjustsLen, data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:281:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). AS_UTL_writeFastA(correctedReads, read.bases, read.basesLen, 60, ">%d\n", curID); data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Correct_Frags.C:281:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). AS_UTL_writeFastA(correctedReads, read.bases, read.basesLen, 60, ">%d\n", curID); data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Redo_Olaps.C:494:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sqRead read; data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Redo_Olaps.C:495:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). seqStore->sqStore_getRead(curID, &read); data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Redo_Olaps.C:506:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.sqRead_sequence(), data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Redo_Olaps.C:507:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read.sqRead_length(), data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Redo_Olaps.C:719:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32 a_part_len = strlen(a_part); data/canu-2.0+dfsg/src/overlapErrorAdjustment/correctOverlaps-Redo_Olaps.C:720:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32 b_part_len = strlen(b_part); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:71:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FPrint_Votes(FILE *fp, const Frag_Info_t &read, uint32 j, uint32 loc_r) { data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:72:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(j < read.clear_len); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:80:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.vote[s].all_but(read.sequence[s]) == 0) data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:80:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.vote[s].all_but(read.sequence[s]) == 0) data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:88:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (e == read.clear_len) data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:90:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.vote[e].all_but(read.sequence[e]) == 0) data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:90:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.vote[e].all_but(read.sequence[e]) == 0) data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:101:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). e = (j + 12 < read.clear_len) ? j + 12 : read.clear_len; data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:101:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). e = (j + 12 < read.clear_len) ? j + 12 : read.clear_len; data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:108:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FPrint_Vote(fp, read.sequence[i], read.vote[i]); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:108:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). FPrint_Vote(fp, read.sequence[i], read.vote[i]); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:240:59: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Report_Position(const feParameters *G, const Frag_Info_t &read, uint32 pos, data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:243:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Vote_Tally_t vote = read.vote[pos]; data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:244:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char base = read.sequence[pos]; data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:302:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). out.keep_left = (read.left_degree < G->Degree_Threshold); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:303:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). out.keep_right = (read.right_degree < G->Degree_Threshold); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:312:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read.sequence == NULL) { data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:320:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (uint32 pos = 0; pos < read.clear_len; pos++) { data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Output.C:321:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Report_Position(G, read, pos, out, fp); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Process_Olap.C:214:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 a_part_len = strlen(a_part); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Process_Olap.C:215:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 b_part_len = strlen(b_part); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Read_Frags.C:92:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). seqStore->sqStore_getRead(curID, read); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors-Read_Frags.C:119:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). delete read; data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors.C:145:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). seqStore->sqStore_getRead(loID, read); data/canu-2.0+dfsg/src/overlapErrorAdjustment/findErrors.C:170:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). delete read; data/canu-2.0+dfsg/src/overlapInCore/edalign.C:47:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s[1]); data/canu-2.0+dfsg/src/overlapInCore/edalign.C:140:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cigar) > 50) { data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Build_Hash_Index.C:112:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(basesData + String_Start[sub] + G.Kmer_Len * Extra_String_Subcount, s, G.Kmer_Len + 1); data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Build_Hash_Index.C:269:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32 len = strlen(line); data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Build_Hash_Index.C:565:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). seqStore->sqStore_getRead(curID, read); data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Build_Hash_Index.C:625:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). delete read; data/canu-2.0+dfsg/src/overlapInCore/overlapInCore-Process_Overlaps.C:122:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(bases) == readLen); data/canu-2.0+dfsg/src/overlapInCore/overlapReadCache.C:72:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). seqStore->sqStore_getRead(id, &read); data/canu-2.0+dfsg/src/overlapInCore/overlapReadCache.C:74:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readLen[id] = read.sqRead_length(); data/canu-2.0+dfsg/src/overlapInCore/overlapReadCache.C:78:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memcpy(readSeqFwd[id], read.sqRead_sequence(), sizeof(char) * readLen[id]); data/canu-2.0+dfsg/src/overlapInCore/overlapReadCache.H:76:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sqRead read; data/canu-2.0+dfsg/src/sequence/sequence-shiftregister.C:37:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 srLen = strlen(sr); data/canu-2.0+dfsg/src/sequence/sequence-shiftregister.C:38:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 snLen = strlen(svmin); data/canu-2.0+dfsg/src/sequence/sequence-shiftregister.C:39:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 sxLen = strlen(svmax); data/canu-2.0+dfsg/src/sequence/sequence.C:246:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(simPar.genomeName, argv[++arg], FILENAME_MAX); data/canu-2.0+dfsg/src/sequence/sequence.C:250:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(simPar.distribName, argv[++arg], FILENAME_MAX); data/canu-2.0+dfsg/src/sequence/sequence.C:262:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(simPar.outputName, argv[++arg], FILENAME_MAX); data/canu-2.0+dfsg/src/sequence/sequence.C:281:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(samPar.output1, argv[++arg], FILENAME_MAX); // #'s in the name will be replaced data/canu-2.0+dfsg/src/sequence/sequence.C:282:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(samPar.output2, argv[ arg], FILENAME_MAX); // by '1' or '2' later. data/canu-2.0+dfsg/src/stores/loadCorrectedReads.C:146:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). seqStore->sqStore_getRead(rID, read); // Load old data for the read. data/canu-2.0+dfsg/src/stores/loadCorrectedReads.C:148:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rdw->sqReadDataWriter_importData(read); // Import it into the writer. data/canu-2.0+dfsg/src/stores/loadCorrectedReads.C:180:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). delete read; data/canu-2.0+dfsg/src/stores/loadTrimmedReads.C:41:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 nlen = strlen(bases); data/canu-2.0+dfsg/src/stores/ovStore.C:76:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_storePath, path, FILENAME_MAX); data/canu-2.0+dfsg/src/stores/ovStoreConfig.H:136:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 nl = strlen(_inputNames[ii]); data/canu-2.0+dfsg/src/stores/ovStoreDump.C:562:51: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (status[Bid].isContained == true) strncpy(line + annotation, (const char *)"contained ", 12); data/canu-2.0+dfsg/src/stores/ovStoreDump.C:563:51: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). else if (status[Bid].isIgnored == true) strncpy(line + annotation, (const char *)"ignored ", 12); data/canu-2.0+dfsg/src/stores/ovStoreDump.C:564:51: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). else if (status[Bid].isCovGap == true) strncpy(line + annotation, (const char *)"coverage-gap", 12); data/canu-2.0+dfsg/src/stores/ovStoreDump.C:565:51: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). else if (status[Bid].isLopsided == true) strncpy(line + annotation, (const char *)"lopsided ", 12); data/canu-2.0+dfsg/src/stores/ovStoreDump.C:566:51: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). else if (status[Bid].isSpur == true) strncpy(line + annotation, (const char *)"spur ", 12); data/canu-2.0+dfsg/src/stores/ovStoreDump.C:567:51: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). else strncpy(line + annotation, (const char *)"dovetail ", 12); data/canu-2.0+dfsg/src/stores/ovStoreFile.C:168:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_name, name, FILENAME_MAX); // Logic also used in ovFile::deleteDiskFiles. data/canu-2.0+dfsg/src/stores/ovStoreFile.H:267:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(prefix, name, FILENAME_MAX); data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:68:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_storePath, path, FILENAME_MAX); data/canu-2.0+dfsg/src/stores/ovStoreWriter.C:195:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_storePath, path, FILENAME_MAX); data/canu-2.0+dfsg/src/stores/sqLibrary.H:72:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_libraryName, name, LIBRARY_NAME_SIZE-1); data/canu-2.0+dfsg/src/stores/sqLibrary.H:74:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(_libraryName, "UNDEFINED", LIBRARY_NAME_SIZE-1); data/canu-2.0+dfsg/src/stores/sqRead.H:594:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void sqReadDataWriter_importData(sqRead *read); data/canu-2.0+dfsg/src/stores/sqRead.H:597:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). duplicateArray(_name, _nameLen, _nameAlloc, N, (uint32)strlen(N) + 1); data/canu-2.0+dfsg/src/stores/sqReadDataWriter.C:33:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sqReadDataWriter::sqReadDataWriter_importData(sqRead *read) { data/canu-2.0+dfsg/src/stores/sqStore.C:82:49: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sqStore::sqStore_getRead(uint32 readID, sqRead *read) { data/canu-2.0+dfsg/src/stores/sqStore.C:99:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return(read); data/canu-2.0+dfsg/src/stores/sqStore.C:107:60: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sqStore::sqStore_loadReadFromBuffer(readBuffer *B, sqRead *read) { data/canu-2.0+dfsg/src/stores/sqStore.C:128:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). B->read(read->_meta, sizeof(sqReadMeta)); data/canu-2.0+dfsg/src/stores/sqStore.C:129:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). B->read(read->_rawU, sizeof(sqReadSeq)); data/canu-2.0+dfsg/src/stores/sqStore.C:130:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). B->read(read->_rawC, sizeof(sqReadSeq)); data/canu-2.0+dfsg/src/stores/sqStore.C:131:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). B->read(read->_corU, sizeof(sqReadSeq)); data/canu-2.0+dfsg/src/stores/sqStore.C:132:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). B->read(read->_corC, sizeof(sqReadSeq)); data/canu-2.0+dfsg/src/stores/sqStore.C:374:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). delete read; data/canu-2.0+dfsg/src/stores/sqStore.H:258:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sqRead *sqStore_getRead(uint32 readID, sqRead *read); data/canu-2.0+dfsg/src/stores/sqStore.H:262:66: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool sqStore_loadReadFromBuffer(readBuffer *B, sqRead *read); data/canu-2.0+dfsg/src/stores/sqStoreBlob.C:41:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_storePath, storePath, FILENAME_MAX); // Copy path to our path. data/canu-2.0+dfsg/src/stores/sqStoreBlob.C:92:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_storePath, storePath, FILENAME_MAX); data/canu-2.0+dfsg/src/stores/sqStoreConstructor.C:143:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (storePath_) strncpy(_storePath, storePath_, FILENAME_MAX); // storePath must always exist though. data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:109:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_n, libName, FILENAME_MAX-1); data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:197:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32 len = strlen(prefix); data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:434:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). seqStore->sqStore_getRead(rid, read); // Load the sequence data. data/canu-2.0+dfsg/src/stores/sqStoreDumpFASTQ.C:464:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). delete read; data/canu-2.0+dfsg/src/stores/tgStore.C:73:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_path, path_, FILENAME_MAX-1); data/canu-2.0+dfsg/src/stores/tgStoreDump.C:258:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dumpRead(FILE *out, tgTig *tig, tgPosition *read) { data/canu-2.0+dfsg/src/stores/tgTig.C:278:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int ch = getc(F); data/canu-2.0+dfsg/src/stores/tgTig.C:334:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (4 != B->read(tag, 4)) { data/canu-2.0+dfsg/src/stores/tgTig.C:349:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (sizeof(tgTigRecord) != B->read(&tr, sizeof(tgTigRecord))) { data/canu-2.0+dfsg/src/stores/tgTig.C:361:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). B->read(_bases, _basesLen); data/canu-2.0+dfsg/src/stores/tgTig.C:362:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). B->read(_quals, _basesLen); data/canu-2.0+dfsg/src/stores/tgTig.C:373:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). B->read(_children, sizeof(tgPosition) * _childrenLen); data/canu-2.0+dfsg/src/stores/tgTig.C:547:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "ERROR: _bases length %ld\n", strlen(_bases)); data/canu-2.0+dfsg/src/stores/tgTig.C:591:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _basesLen = strlen(W[1]); data/canu-2.0+dfsg/src/stores/tgTig.C:762:57: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sqStore::sqStore_loadReadFromBuffer(importDataFile, read); data/canu-2.0+dfsg/src/stores/tgTig.C:765:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). delete read; // got to read the data from disk regardless. data/canu-2.0+dfsg/src/stores/tgTig.C:771:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reads[read->sqRead_readID()] = read; data/canu-2.0+dfsg/src/stores/tgTigMultiAlignDisplay.C:128:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). delete read; data/canu-2.0+dfsg/src/utgcns/libNNalign/NNalgorithm.C:157:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32 lenA = strlen(stringA); data/canu-2.0+dfsg/src/utgcns/libNNalign/NNalgorithm.C:158:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32 lenB = strlen(stringB); data/canu-2.0+dfsg/src/utgcns/libNNalign/NNalign.C:81:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reverseComplementSequence(b, strlen(b)); data/canu-2.0+dfsg/src/utgcns/libNNalign/NNalign.C:107:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reverseComplementSequence(b, strlen(b)); data/canu-2.0+dfsg/src/utgcns/unitigConsensus.C:190:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(read != NULL); data/canu-2.0+dfsg/src/utgcns/unitigConsensus.C:707:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). align = edlibAlign(fragment, strlen(fragment), data/canu-2.0+dfsg/src/utgcns/unitigConsensus.C:824:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 tiglen = strlen(tigseq); data/canu-2.0+dfsg/src/utgcns/unitigConsensus.C:938:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 tiglen = strlen(tigseq); data/canu-2.0+dfsg/src/utgcns/utgcns.C:843:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). params.verbosity += strlen(argv[arg]) - 1; data/canu-2.0+dfsg/src/utility/arrays.H:66:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 ln = strlen(fr); data/canu-2.0+dfsg/src/utility/bits.C:227:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nLoad += B->read(&inLenMax, sizeof(uint64)); // Max length of each block. data/canu-2.0+dfsg/src/utility/bits.C:228:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nLoad += B->read(&inLen, sizeof(uint32)); // Number of blocks stored. data/canu-2.0+dfsg/src/utility/bits.C:229:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nLoad += B->read(&inMax, sizeof(uint32)); // Number of blocks allocated. data/canu-2.0+dfsg/src/utility/bits.C:265:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). B->read(_dataBlockBgn, sizeof(uint64) * _dataBlocksLen); data/canu-2.0+dfsg/src/utility/bits.C:266:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). B->read(_dataBlockLen, sizeof(uint64) * _dataBlocksLen); data/canu-2.0+dfsg/src/utility/bits.C:277:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). B->read(_dataBlocks[ii], sizeof(uint64) * nWordsToRead); data/canu-2.0+dfsg/src/utility/edlib.C:450:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(qry_aln_str) == alignmentLength && strlen(tgt_aln_str) == alignmentLength); data/canu-2.0+dfsg/src/utility/edlib.C:450:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(qry_aln_str) == alignmentLength && strlen(tgt_aln_str) == alignmentLength); data/canu-2.0+dfsg/src/utility/edlib.C:496:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(qryAln) == result.alignmentLength); data/canu-2.0+dfsg/src/utility/edlib.C:497:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tgtAln) == result.alignmentLength); data/canu-2.0+dfsg/src/utility/files-buffered-implementation.H:53:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBuffer::read(void) { data/canu-2.0+dfsg/src/utility/files-buffered.C:168:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _bufferLen = (uint64)::read(_file, _buffer, _bufferMax); data/canu-2.0+dfsg/src/utility/files-buffered.C:245:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBuffer::read(void *buf, uint64 len) { data/canu-2.0+dfsg/src/utility/files-buffered.C:274:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bAct = (uint64)::read(_file, bufchar + bCopied, len - bCopied); data/canu-2.0+dfsg/src/utility/files-buffered.C:300:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBuffer::read(void *buf, uint64 maxlen, char stop) { data/canu-2.0+dfsg/src/utility/files-buffered.C:383:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rl += read( dtag, 4); data/canu-2.0+dfsg/src/utility/files-buffered.C:384:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rl += read(&dlen, sizeof(uint32)); data/canu-2.0+dfsg/src/utility/files-buffered.C:385:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rl += read( data, dataLen); data/canu-2.0+dfsg/src/utility/files-buffered.C:397:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read( name, 4); data/canu-2.0+dfsg/src/utility/files-buffered.C:398:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(&dataLen, sizeof(uint32)); data/canu-2.0+dfsg/src/utility/files-buffered.C:406:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(data, dataLen); data/canu-2.0+dfsg/src/utility/files-buffered.C:435:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_filename, filename, FILENAME_MAX); data/canu-2.0+dfsg/src/utility/files-buffered.C:436:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_filemode, filemode, 16); data/canu-2.0+dfsg/src/utility/files-buffered.H:58:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char read(void); data/canu-2.0+dfsg/src/utility/files-buffered.H:60:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint64 read(void *buf, uint64 len); data/canu-2.0+dfsg/src/utility/files-buffered.H:61:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint64 read(void *buf, uint64 maxlen, char stop); data/canu-2.0+dfsg/src/utility/files-compressed.C:42:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int32 len = strlen(filename); data/canu-2.0+dfsg/src/utility/files-memoryMapped.C:36:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_name, name, FILENAME_MAX-1); data/canu-2.0+dfsg/src/utility/files-memoryMapped.C:76:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(_fd, _data, _length); data/canu-2.0+dfsg/src/utility/files.C:176:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Llen = strlen(L); data/canu-2.0+dfsg/src/utility/files.C:194:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Llen += strlen(L + Llen); // How many more? data/canu-2.0+dfsg/src/utility/files.C:222:20: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int32 ch = getc(F); data/canu-2.0+dfsg/src/utility/files.C:234:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(F); data/canu-2.0+dfsg/src/utility/files.C:327:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, prefix, FILENAME_MAX-1); data/canu-2.0+dfsg/src/utility/files.C:369:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, prefix, FILENAME_MAX-1); data/canu-2.0+dfsg/src/utility/files.C:399:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, prefix, FILENAME_MAX-1); data/canu-2.0+dfsg/src/utility/files.C:404:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mode_t u = umask(0); // Destructively read the umask. data/canu-2.0+dfsg/src/utility/files.C:407:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(u); // Restore umask. data/canu-2.0+dfsg/src/utility/files.C:432:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, prefix, FILENAME_MAX-1); data/canu-2.0+dfsg/src/utility/files.C:454:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, prefix, FILENAME_MAX-1); data/canu-2.0+dfsg/src/utility/files.C:484:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, prefix, FILENAME_MAX-1); data/canu-2.0+dfsg/src/utility/files.C:656:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fp, "/"); // for. data/canu-2.0+dfsg/src/utility/files.C:710:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, prefix, FILENAME_MAX-1); data/canu-2.0+dfsg/src/utility/files.C:743:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, prefix, FILENAME_MAX-1); data/canu-2.0+dfsg/src/utility/kmers-reader.C:222:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_inName, inputName, FILENAME_MAX); data/canu-2.0+dfsg/src/utility/kmers-reader.C:231:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_inName, inputName, FILENAME_MAX); data/canu-2.0+dfsg/src/utility/kmers-writer-block.C:37:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_outName, _writer->_outName, FILENAME_MAX); data/canu-2.0+dfsg/src/utility/kmers-writer-stream.C:38:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_outName, _writer->_outName, FILENAME_MAX); data/canu-2.0+dfsg/src/utility/kmers-writer.C:98:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_outName, outputName, FILENAME_MAX); data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:1798:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir_len = strlen (dir); data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:1799:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename_len = strlen (filename); data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:1920:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir_len = strlen (dir); data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:1921:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f_len = strlen (f); data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:2885:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename_len = strlen (filename); data/canu-2.0+dfsg/src/utility/libbacktrace/dwarf.c:2887:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir_len = strlen (dir); data/canu-2.0+dfsg/src/utility/logging.C:100:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_prefix, prefix, FILENAME_MAX); data/canu-2.0+dfsg/src/utility/logging.C:126:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_prefix, prefix, FILENAME_MAX); data/canu-2.0+dfsg/src/utility/logging.C:140:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_name, name, FILENAME_MAX); data/canu-2.0+dfsg/src/utility/logging.C:176:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _output->write(rotmes, strlen(rotmes)); data/canu-2.0+dfsg/src/utility/objectStore.C:53:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filename) != 10) data/canu-2.0+dfsg/src/utility/objectStore.C:92:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filename) != 9) data/canu-2.0+dfsg/src/utility/sequence.C:129:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(seq); data/canu-2.0+dfsg/src/utility/sequence.C:176:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(seq); data/canu-2.0+dfsg/src/utility/sequence.C:626:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char ch = _buffer->read(); data/canu-2.0+dfsg/src/utility/sequence.C:632:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (ch=_buffer->read(); (ch != '\n') && (ch != 0); ch=_buffer->read()) { data/canu-2.0+dfsg/src/utility/sequence.C:632:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (ch=_buffer->read(); (ch != '\n') && (ch != 0); ch=_buffer->read()) { data/canu-2.0+dfsg/src/utility/sequence.C:674:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char ch = _buffer->read(); data/canu-2.0+dfsg/src/utility/sequence.C:680:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (ch=_buffer->read(); (ch != '\n') && (ch != 0); ch=_buffer->read()) { data/canu-2.0+dfsg/src/utility/sequence.C:680:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (ch=_buffer->read(); (ch != '\n') && (ch != 0); ch=_buffer->read()) { data/canu-2.0+dfsg/src/utility/sequence.C:688:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (ch=_buffer->read(); (ch != '\n') && (ch != 0); ch=_buffer->read()) { data/canu-2.0+dfsg/src/utility/sequence.C:688:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (ch=_buffer->read(); (ch != '\n') && (ch != 0); ch=_buffer->read()) { data/canu-2.0+dfsg/src/utility/sequence.C:698:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (ch=_buffer->read(); (ch != '\n') && (ch != 0); ch=_buffer->read()) { data/canu-2.0+dfsg/src/utility/sequence.C:698:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (ch=_buffer->read(); (ch != '\n') && (ch != 0); ch=_buffer->read()) { data/canu-2.0+dfsg/src/utility/sequence.C:704:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (ch=_buffer->read(); (ch != '\n') && (ch != 0); ch=_buffer->read()) { data/canu-2.0+dfsg/src/utility/sequence.C:704:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (ch=_buffer->read(); (ch != '\n') && (ch != 0); ch=_buffer->read()) { data/canu-2.0+dfsg/src/utility/sequence.C:741:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _buffer->read(); data/canu-2.0+dfsg/src/utility/sequence.C:777:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _buffer->read(); data/canu-2.0+dfsg/src/utility/sequence.C:785:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _buffer->read(); data/canu-2.0+dfsg/src/utility/sequence.C:824:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _buffer->read(); data/canu-2.0+dfsg/src/utility/system-stackTrace.C:46:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define WRITE_STRING(S) write(2, S, strlen(S)) data/canu-2.0+dfsg/src/wtdbg/wtdbgConvert.C:209:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 rLen = strlen(W[1]); ANALYSIS SUMMARY: Hits = 1030 Lines analyzed = 105754 in approximately 2.89 seconds (36605 lines/second) Physical Source Lines of Code (SLOC) = 60202 Hits@level = [0] 3950 [1] 332 [2] 567 [3] 27 [4] 102 [5] 2 Hits@level+ = [0+] 4980 [1+] 1030 [2+] 698 [3+] 131 [4+] 104 [5+] 2 Hits/KSLOC@level+ = [0+] 82.7215 [1+] 17.1091 [2+] 11.5943 [3+] 2.17601 [4+] 1.72752 [5+] 0.0332215 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.