Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cd-hit-4.8.1/cd-hit-auxtools/bioSequence.cxx
Examining data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx
Examining data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx
Examining data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minMap.cxx
Examining data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx
Examining data/cd-hit-4.8.1/cd-hit-auxtools/read-linker.cxx
Examining data/cd-hit-4.8.1/cdhit-2d.c++
Examining data/cd-hit-4.8.1/cdhit-454.c++
Examining data/cd-hit-4.8.1/cdhit-common.c++
Examining data/cd-hit-4.8.1/cdhit-common.h
Examining data/cd-hit-4.8.1/cdhit-div.c++
Examining data/cd-hit-4.8.1/cdhit-est-2d.c++
Examining data/cd-hit-4.8.1/cdhit-est.c++
Examining data/cd-hit-4.8.1/cdhit-utility.c++
Examining data/cd-hit-4.8.1/cdhit-utility.h
Examining data/cd-hit-4.8.1/cdhit.c++
FINAL RESULTS:
data/cd-hit-4.8.1/cdhit-common.c++:118:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buf, dir );
data/cd-hit-4.8.1/cdhit-common.c++:322:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( date, __DATE__ );
data/cd-hit-4.8.1/cdhit-common.c++:413:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( message, NAA, i );
data/cd-hit-4.8.1/cdhit-common.c++:418:45: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if ( cluster_thd > 0.9 && NAA < 8 ) printf( message, NAA, 8 );
data/cd-hit-4.8.1/cdhit-common.c++:419:45: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if ( cluster_thd > 0.87 && NAA < 5 ) printf( message, NAA, 5 );
data/cd-hit-4.8.1/cdhit-common.c++:420:45: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if ( cluster_thd > 0.80 && NAA < 4 ) printf( message, NAA, 4 );
data/cd-hit-4.8.1/cdhit-common.c++:421:45: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if ( cluster_thd > 0.75 && NAA < 3 ) printf( message, NAA, 3 );
data/cd-hit-4.8.1/cdhit-common.c++:423:45: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if ( cluster_thd > 0.85 && NAA < 5 ) printf( message, NAA, 5 );
data/cd-hit-4.8.1/cdhit-common.c++:424:45: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if ( cluster_thd > 0.80 && NAA < 4 ) printf( message, NAA, 4 );
data/cd-hit-4.8.1/cdhit-common.c++:425:45: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if ( cluster_thd > 0.75 && NAA < 3 ) printf( message, NAA, 3 );
data/cd-hit-4.8.1/cdhit-common.c++:1569:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( data, s );
data/cd-hit-4.8.1/cdhit-common.c++:2314:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( outfile, "%s-%i", newdb, 0 );
data/cd-hit-4.8.1/cdhit-common.c++:2324:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( outfile, "%s-%i", newdb, seg );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:362:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( seed );
data/cd-hit-4.8.1/cd-hit-auxtools/bioSequence.cxx:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ BUFSIZE+1 ];
data/cd-hit-4.8.1/cd-hit-auxtools/bioSequence.cxx:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ BUFSIZE+1 ];
data/cd-hit-4.8.1/cd-hit-auxtools/bioSequence.cxx:131:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen( file.Data(), "r" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:83:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout1 = fopen( name.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:84:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout2 = fopen( cfile.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:85:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout3 = fopen( cfile2.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdes[200];
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:101:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cdes, " chimeric_parent1=%i,chimeric_parent2=%i", head, tail );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:117:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout2 = fopen( cfile.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:118:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout3 = fopen( cfile2.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdes[200];
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:134:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cdes, " chimeric_parent1=%i,chimeric_parent2=%i", head, tail );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-dup.cxx:145:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout1 = fopen( name.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:16:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_mapping[128] = {0};
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:17:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rev_comp_mapping[128] = {0};
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdes[200];
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:333:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout_rep = fopen( output.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:334:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout_clstr = fopen( cfile.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:338:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout_log = fopen( cfile.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:339:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout_clstr = fopen( cfile2.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:343:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout_log = fopen( cfile.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/cdhit-lap.cxx:344:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout_rep = fopen( output.Data(), "w" );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:78:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( s ) memcpy( data, s, n*sizeof(char) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:84:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data + size, s, n*sizeof(char) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data + size, s, n*sizeof(char) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:186:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data + size, s.data, s.size*sizeof(char) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enc[256];
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:312:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( m ) memcpy( padding.data, this->data + chunks*64, m*sizeof(char) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[30];
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:349:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( s, "%i", i );
data/cd-hit-4.8.1/cd-hit-auxtools/read-linker.cxx:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[50];
data/cd-hit-4.8.1/cd-hit-auxtools/read-linker.cxx:90:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tag, ".contig.%i length=%i overlap=%i mismatch_no=%i", (i+1), n1+n2-O, O, error );
data/cd-hit-4.8.1/cd-hit-auxtools/read-linker.cxx:209:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen( output.Data(), "w" );
data/cd-hit-4.8.1/cdhit-common.c++:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cd-hit-4.8.1/cdhit-common.c++:124:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( buf, "cdhit.temp." );
data/cd-hit-4.8.1/cdhit-common.c++:126:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf + len, "%p", this );
data/cd-hit-4.8.1/cdhit-common.c++:127:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( buf, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:213:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int intval = atoi( value );
data/cd-hit-4.8.1/cdhit-common.c++:277:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if( strcmp(flag, "-D") == 0 ){ max_indel = atoi(value); return true; }
data/cd-hit-4.8.1/cdhit-common.c++:280:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strcmp(flag, "-t" ) == 0) tolerance = atoi(value);
data/cd-hit-4.8.1/cdhit-common.c++:281:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (strcmp(flag, "-F" ) == 0) frag_size = atoi(value);
data/cd-hit-4.8.1/cdhit-common.c++:293:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (strcmp(flag, "-S2") == 0) diff_cutoff_aa2 = atoi(value);
data/cd-hit-4.8.1/cdhit-common.c++:301:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strcmp(flag, "-r" ) == 0) option_r = atoi(value);
data/cd-hit-4.8.1/cdhit-common.c++:302:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (strcmp(flag, "-gap") == 0) mat.gap = MAX_SEQ * atoi(value);
data/cd-hit-4.8.1/cdhit-common.c++:303:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (strcmp(flag, "-gap-ext") == 0) mat.ext_gap = MAX_SEQ * atoi(value);
data/cd-hit-4.8.1/cdhit-common.c++:304:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (strcmp(flag, "-match") == 0) mat.set_match( atoi(value) );
data/cd-hit-4.8.1/cdhit-common.c++:305:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (strcmp(flag, "-mismatch") == 0) mat.set_mismatch( atoi(value) );
data/cd-hit-4.8.1/cdhit-common.c++:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[100];
data/cd-hit-4.8.1/cdhit-common.c++:962:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AA[ MAX_SEQ ], BB[ MAX_SEQ ];
data/cd-hit-4.8.1/cdhit-common.c++:1151:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen( "alignments.txt", "a" );
data/cd-hit-4.8.1/cdhit-common.c++:1489:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( this, & other, sizeof( Sequence ) );
data/cd-hit-4.8.1/cdhit-common.c++:1497:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, other.data, size );
data/cd-hit-4.8.1/cdhit-common.c++:1503:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( identifier, other.identifier, len );
data/cd-hit-4.8.1/cdhit-common.c++:1520:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( this, & other, sizeof( Sequence ) );
data/cd-hit-4.8.1/cdhit-common.c++:1530:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, other2.data, size_R2); // copy R2 first
data/cd-hit-4.8.1/cdhit-common.c++:1532:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data+size_R2, other.data, size-size_R2 ); // copy R1 to end of R2
data/cd-hit-4.8.1/cdhit-common.c++:1544:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( identifier, other.identifier, len );
data/cd-hit-4.8.1/cdhit-common.c++:1575:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data+m, s, n );
data/cd-hit-4.8.1/cdhit-common.c++:1587:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, old, m );
data/cd-hit-4.8.1/cdhit-common.c++:1603:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, old, m );
data/cd-hit-4.8.1/cdhit-common.c++:1623:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( & tmp, this, sizeof( Sequence ) );
data/cd-hit-4.8.1/cdhit-common.c++:1624:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( this, & other, sizeof( Sequence ) );
data/cd-hit-4.8.1/cdhit-common.c++:1625:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( & other, & tmp, sizeof( Sequence ) );
data/cd-hit-4.8.1/cdhit-common.c++:1794:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen( file, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2048:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen( file, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2049:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin2= fopen( file2,"rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2309:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen( db, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[512];
data/cd-hit-4.8.1/cdhit-common.c++:2315:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen( outfile, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2326:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen( outfile, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2352:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen( newdb, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2393:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen( db, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2394:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen( newdb, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2431:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen( newdb, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2432:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout_pe = fopen( newdb_pe, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2517:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin = fopen( db, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2518:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen( newdb, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2519:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fin_pe = fopen( db_pe, "rb" );
data/cd-hit-4.8.1/cdhit-common.c++:2520:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout_pe = fopen( newdb_pe, "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2605:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen( db_clstr_bak.c_str(), "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2622:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen( db_clstr.c_str(), "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2665:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen( db_clstr_bak.c_str(), "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2684:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen( db_clstr.c_str(), "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:2986:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[200];
data/cd-hit-4.8.1/cdhit-common.c++:2987:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( msg, "not enough memory, please set -M option greater than %zu\n",
data/cd-hit-4.8.1/cdhit-common.c++:3650:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fout = fopen( output.c_str(), "w+" );
data/cd-hit-4.8.1/cdhit-common.c++:3999:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char short_word[32]; //short_word[12] is enough
data/cd-hit-4.8.1/cdhit-common.h:125:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( items, other.items, other.size * sizeof(TYPE) );
data/cd-hit-4.8.1/cdhit-div.c++:44:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (strcmp(argv[i], "-div" )==0) div = atoi(argv[++i]);
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:100:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, N = strlen( chs );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:159:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SetBytes( s, strlen(s) );
data/cd-hit-4.8.1/cd-hit-auxtools/mintlib/minString.cxx:177:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen( s );
data/cd-hit-4.8.1/cdhit-common.c++:114:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = dir ? strlen( dir ) : 0;
data/cd-hit-4.8.1/cdhit-common.c++:323:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen( date );
data/cd-hit-4.8.1/cdhit-common.c++:330:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen( argv[i] ) + 1;
data/cd-hit-4.8.1/cdhit-common.c++:333:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen( argv[i] ) + 9;
data/cd-hit-4.8.1/cdhit-common.c++:482:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(seq);
data/cd-hit-4.8.1/cdhit-common.c++:1501:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( other.identifier );
data/cd-hit-4.8.1/cdhit-common.c++:1542:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( other.identifier );
data/cd-hit-4.8.1/cdhit-common.c++:1568:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Resize( strlen( s ) );
data/cd-hit-4.8.1/cdhit-common.c++:1573:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, m = size, n = strlen( s );
data/cd-hit-4.8.1/cdhit-common.c++:1707:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1711:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1718:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1722:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1744:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1751:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1766:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
one.tot_length += strlen(buffer); one += buffer;
data/cd-hit-4.8.1/cdhit-common.c++:1786:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int f_len = strlen(file);
data/cd-hit-4.8.1/cdhit-common.c++:1806:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1810:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1817:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1821:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1843:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1850:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1865:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
one.tot_length += strlen(buffer); one += buffer;
data/cd-hit-4.8.1/cdhit-common.c++:1913:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1917:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1924:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1928:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1934:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:1938:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:1945:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:1949:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:1981:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:1988:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2007:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2011:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2019:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
one.tot_length += strlen(buffer); one += buffer;
data/cd-hit-4.8.1/cdhit-common.c++:2020:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
two.tot_length+= strlen(buffer2); two+= buffer2;
data/cd-hit-4.8.1/cdhit-common.c++:2038:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int f_len = strlen(file);
data/cd-hit-4.8.1/cdhit-common.c++:2039:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int f_len2= strlen(file2);
data/cd-hit-4.8.1/cdhit-common.c++:2073:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2077:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2084:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2088:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2094:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2098:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2105:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2109:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2141:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2148:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer );
data/cd-hit-4.8.1/cdhit-common.c++:2167:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2171:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen( buffer2 );
data/cd-hit-4.8.1/cdhit-common.c++:2179:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
one.tot_length += strlen(buffer); one += buffer;
data/cd-hit-4.8.1/cdhit-common.c++:2180:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
two.tot_length+= strlen(buffer2); two+= buffer2;
data/cd-hit-4.8.1/cdhit-common.c++:2243:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( seq->identifier ) total_desc += strlen( seq->identifier );
data/cd-hit-4.8.1/cdhit-common.c++:2387:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int f_len = strlen(db);
data/cd-hit-4.8.1/cdhit-common.c++:2511:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int f_len = strlen(db);
ANALYSIS SUMMARY:
Hits = 163
Lines analyzed = 8936 in approximately 0.30 seconds (29320 lines/second)
Physical Source Lines of Code (SLOC) = 7505
Hits@level = [0] 290 [1] 60 [2] 89 [3] 1 [4] 13 [5] 0
Hits@level+ = [0+] 453 [1+] 163 [2+] 103 [3+] 14 [4+] 13 [5+] 0
Hits/KSLOC@level+ = [0+] 60.3598 [1+] 21.7189 [2+] 13.7242 [3+] 1.86542 [4+] 1.73218 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.