Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cdbfasta-1.00+git20181005.014498c+dfsg/gcdbz.cpp
Examining data/cdbfasta-1.00+git20181005.014498c+dfsg/gcdbz.h
Examining data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp
Examining data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp
FINAL RESULTS:
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:652:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(record_marker, marker);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:672:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fztmp,zfilename);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:704:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftmp, zfilename);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:706:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idxfile, ftmp);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:710:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftmp, fname);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:712:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idxfile, ftmp);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:718:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftmp, outfile);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:719:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idxfile, outfile);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:477:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idxfile_cidx,idxfile);
data/cdbfasta-1.00+git20181005.014498c+dfsg/gcdbz.cpp:60:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sbuf, DUMMY_ZREC);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftmp[365];
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:88:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fztmp[365];
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:89:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record_marker[127]; //record delimiter
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:119:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastKey[MAX_KEYLEN]; //keep a copy of the last valid written key
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:477:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:553:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxkeys = atoi(s);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:592:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num = atoi(p);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:660:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fstopwords=fopen(stopwords, "r"))==NULL)
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:673:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fztmp,"_ztmp");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:674:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zf=fopen(fztmp,"wb");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:686:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else f_read= fopen(fname, "rb");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:691:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fdread= open(fname, O_RDONLY|O_BINARY);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:697:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_read= fopen(fname, "rb");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:701:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idxfile[365];
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:705:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ftmp, ".cidx");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:707:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ftmp, "_tmp");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:711:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ftmp, ".cidx");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:713:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ftmp, "_tmp");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:720:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ftmp, "_tmp");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:763:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int ftmp= open(fztmp, O_RDONLY|O_BINARY);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:955:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)info.tag, (void*)"CDBX", 4);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:139:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbuf[64]; // data buffer -- should just accomodate fastarec_pos, fastarec_length
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:221:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[61];
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:369:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(p);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:375:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:394:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(p);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:404:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* zf=fopen(p, "rb");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ztag[5];
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:432:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[1024];
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:450:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout=fopen(outfile, "wb"))==NULL)
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:478:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(idxfile_cidx, ".cidx");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:561:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fz=fopen(dbname, "rb");
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:563:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fdb=open(dbname, O_RDONLY|O_BINARY);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:573:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int ftmp = open(dbname, O_RDONLY|O_BINARY);
data/cdbfasta-1.00+git20181005.014498c+dfsg/gcdbz.cpp:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ztag[5];strcpy(ztag, "CDBZ");
data/cdbfasta-1.00+git20181005.014498c+dfsg/gcdbz.cpp:57:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
char ztag[5];strcpy(ztag, "CDBZ");
data/cdbfasta-1.00+git20181005.014498c+dfsg/gcdbz.h:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[GCDBZ_LBUF_LEN]; //larger buffer
data/cdbfasta-1.00+git20181005.014498c+dfsg/gcdbz.h:13:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[GCDBZ_SBUF_LEN]; //smaller buffer
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:155:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int klen=strlen(key);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:165:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lastKey, key, MAX_KEYLEN-1);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:259:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p)>0) {
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:394:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(defline)>0) //add whole non-space token as the "full key"
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:454:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(defline)==0) break;
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:479:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c=getc(f))!=EOF) {
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:579:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pbrk=p+strlen(p);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:635:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(marker)>126)
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:639:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(marker)==4 && (marker[0]=='\\' || (marker[0]=='0' && toupper(marker[1])=='X') )) {
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:653:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
record_marker_len=strlen(record_marker);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbfasta.cpp:975:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nlen=strlen(fname);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:140:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cdb->read(bbuf,len,pos) == -1)
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:177:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (many) r=cdb->findnext(key, strlen(key));
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:188:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (many) r=cdb->findnext(key, strlen(key));
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:199:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r=read(fdb, mbuf, reclen);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:256:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fdb, &c, 1);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:258:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (reclen-- && read(fdb, &c, 1)==1) {
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:266:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (reclen-- && read(fdb, &c, 1)==1 && seqpos<=r_end) {
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:278:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (reclen-- && read(fdb, &c, 1)==1) {
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:288:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r=read(fdb, mbuf, toread);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:302:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (many) r=cdb->findnext(key, strlen(key));
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:315:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r=read(fd, &dbstat, cdbInfoSIZE );
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:346:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r=read(fd, dbname, dbstat.dbnamelen);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:357:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e=fgetc(stdin);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:366:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e=fgetc(stdin);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:476:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GMALLOC(idxfile_cidx, strlen(idxfile)+6);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:540:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(namebuf, idxfile, nlen);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:607:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((e=fgetc(stdin)) != EOF) {
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:629:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((e=fgetc(stdin)) != EOF) {
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:646:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t keylen=strlen(key);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:651:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (keylen==strlen(p)) GError(ERR_RANGEFMT, key);
data/cdbfasta-1.00+git20181005.014498c+dfsg/cdbyank.cpp:687:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
GCDBuffer* readbuf=new GCDBuffer((opfunc)&read,
data/cdbfasta-1.00+git20181005.014498c+dfsg/gcdbz.cpp:61:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zstream.avail_in=strlen(sbuf);
data/cdbfasta-1.00+git20181005.014498c+dfsg/gcdbz.cpp:116:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int delimlen=strlen(delim);
data/cdbfasta-1.00+git20181005.014498c+dfsg/gcdbz.cpp:233:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c =fgetc(zf))!=EOF) {
ANALYSIS SUMMARY:
Hits = 84
Lines analyzed = 2075 in approximately 0.32 seconds (6575 lines/second)
Physical Source Lines of Code (SLOC) = 1636
Hits@level = [0] 33 [1] 35 [2] 39 [3] 0 [4] 10 [5] 0
Hits@level+ = [0+] 117 [1+] 84 [2+] 49 [3+] 10 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 71.5159 [1+] 51.3447 [2+] 29.9511 [3+] 6.11247 [4+] 6.11247 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.