Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/chip-seq-1.5.5/chipcenter.c
Examining data/chip-seq-1.5.5/chippart.c
Examining data/chip-seq-1.5.5/tools/sga2wig.c
Examining data/chip-seq-1.5.5/tools/bed2bed_display.c
Examining data/chip-seq-1.5.5/tools/bed2sga.c
Examining data/chip-seq-1.5.5/tools/compactsga.c
Examining data/chip-seq-1.5.5/tools/featreplace.c
Examining data/chip-seq-1.5.5/tools/sga2bed.c
Examining data/chip-seq-1.5.5/tools/filter_counts.c
Examining data/chip-seq-1.5.5/tools/countsga.c
Examining data/chip-seq-1.5.5/chipcor.c
Examining data/chip-seq-1.5.5/debug.h
Examining data/chip-seq-1.5.5/chipextract.c
Examining data/chip-seq-1.5.5/hashtable.c
Examining data/chip-seq-1.5.5/version.h
Examining data/chip-seq-1.5.5/chipscore.c
Examining data/chip-seq-1.5.5/hashtable.h
Examining data/chip-seq-1.5.5/chippeak.c
FINAL RESULTS:
data/chip-seq-1.5.5/chipcenter.c:118:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chrSizeFile, options.dbPath);
data/chip-seq-1.5.5/chipcenter.c:518:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chipcenter.c:564:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(end_line.seq_id, seq_id);
data/chip-seq-1.5.5/chipcenter.c:578:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_plus.seq_id, seq_id);
data/chip-seq-1.5.5/chipcenter.c:580:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_plus.feature[j], ft);
data/chip-seq-1.5.5/chipcenter.c:583:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_plus.ext[j], ext);
data/chip-seq-1.5.5/chipcenter.c:599:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_minus.seq_id, seq_id);
data/chip-seq-1.5.5/chipcenter.c:601:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_minus.feature[k], ft);
data/chip-seq-1.5.5/chipcenter.c:604:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_minus.ext[k], ext);
data/chip-seq-1.5.5/chipcenter.c:621:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_plus.seq_id, seq_id);
data/chip-seq-1.5.5/chipcenter.c:624:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_plus.ext[j], ext);
data/chip-seq-1.5.5/chipcenter.c:640:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_minus.seq_id, seq_id);
data/chip-seq-1.5.5/chipcenter.c:643:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_minus.ext[k], ext);
data/chip-seq-1.5.5/chipcor.c:307:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chipcor.c:316:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chipcor.c:331:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chipcor.c:497:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chipextract.c:459:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chipextract.c:468:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chipextract.c:483:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chipextract.c:625:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chipextract.c:672:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chipextract.c:681:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chipextract.c:696:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chipextract.c:838:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chipextract.c:885:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chipextract.c:894:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chipextract.c:909:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chipextract.c:1051:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chipextract.c:1098:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chipextract.c:1107:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chipextract.c:1122:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chipextract.c:1263:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chipextract.c:1312:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chipextract.c:1321:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chipextract.c:1336:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chipextract.c:1506:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chipextract.c:1573:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chipextract.c:1582:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chipextract.c:1597:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chipextract.c:1768:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chipextract.c:1833:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chipextract.c:1842:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chipextract.c:1857:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chipextract.c:2007:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chipextract.c:2058:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chipextract.c:2067:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chipextract.c:2082:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chipextract.c:2232:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chippart.c:312:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chippart.c:321:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chippart.c:336:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chippart.c:493:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chippart.c:494:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.seq_id, seq_id);
data/chip-seq-1.5.5/chippart.c:499:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.name[k], ft);
data/chip-seq-1.5.5/chippart.c:511:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.name[k], ft);
data/chip-seq-1.5.5/chippart.c:524:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.name[k], ft);
data/chip-seq-1.5.5/chippart.c:536:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.name[k], ft);
data/chip-seq-1.5.5/chippart.c:547:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.name[k + 1], ft);
data/chip-seq-1.5.5/chippart.c:702:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&ref_ft.ft_str, ref_ft.ft);
data/chip-seq-1.5.5/chippeak.c:119:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chrSizeFile, options.dbPath);
data/chip-seq-1.5.5/chippeak.c:215:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_name, ref_ft.ft);
data/chip-seq-1.5.5/chippeak.c:383:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_name, ref_ft.ft);
data/chip-seq-1.5.5/chippeak.c:515:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lmax->name[n], feat->name[i]);
data/chip-seq-1.5.5/chippeak.c:556:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lmax->name[n], feat->name[i]);
data/chip-seq-1.5.5/chippeak.c:572:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft_name, ftname);
data/chip-seq-1.5.5/chippeak.c:635:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chippeak.c:644:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chippeak.c:658:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chippeak.c:973:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chippeak.c:978:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.seq_id, seq_id);
data/chip-seq-1.5.5/chippeak.c:980:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.name[k], ft);
data/chip-seq-1.5.5/chippeak.c:990:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.seq_id, seq_id);
data/chip-seq-1.5.5/chippeak.c:1001:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.seq_id, seq_id);
data/chip-seq-1.5.5/chippeak.c:1002:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.ft, ft);
data/chip-seq-1.5.5/chippeak.c:1012:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.seq_id, seq_id);
data/chip-seq-1.5.5/chippeak.c:1025:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft_plus.seq_id, seq_id);
data/chip-seq-1.5.5/chippeak.c:1027:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft_plus.name[k], ft);
data/chip-seq-1.5.5/chippeak.c:1036:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft_minus.seq_id, seq_id);
data/chip-seq-1.5.5/chippeak.c:1038:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft_minus.name[j], ft);
data/chip-seq-1.5.5/chippeak.c:1049:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft_plus.seq_id, seq_id);
data/chip-seq-1.5.5/chippeak.c:1057:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft_minus.seq_id, seq_id);
data/chip-seq-1.5.5/chippeak.c:1278:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&ref_ft.ft_str, ref_ft.ft);
data/chip-seq-1.5.5/chipscore.c:162:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(B_score," %s=%llu", tar_ft.ft, sum);
data/chip-seq-1.5.5/chipscore.c:175:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(B_score," %s=%llu", tar_ft.ft, sum);
data/chip-seq-1.5.5/chipscore.c:208:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcat(sort_cmd, iFile) == NULL) {
data/chip-seq-1.5.5/chipscore.c:217:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int sys_code = system(sort_cmd);
data/chip-seq-1.5.5/chipscore.c:232:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("/bin/rm /tmp/sortcheck.out");
data/chip-seq-1.5.5/chipscore.c:412:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/chipscore.c:424:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.seq_id, seq_id);
data/chip-seq-1.5.5/chipscore.c:436:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.ext[j], ext);
data/chip-seq-1.5.5/chipscore.c:443:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.seq_id, seq_id);
data/chip-seq-1.5.5/chipscore.c:455:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ref_ft.ext[j], ext);
data/chip-seq-1.5.5/tools/bed2bed_display.c:341:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.feature, bed_fld[3]);
data/chip-seq-1.5.5/tools/bed2bed_display.c:505:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.trackName, options.feature);
data/chip-seq-1.5.5/tools/bed2sga.c:113:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chrFile, options.dbPath);
data/chip-seq-1.5.5/tools/bed2sga.c:199:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(chrom, chr_nb);
data/chip-seq-1.5.5/tools/bed2sga.c:443:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Feature, bed_fld[3]);
data/chip-seq-1.5.5/tools/bed2sga.c:494:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ext_buf, bed_fld[extIdx[0]-1]);
data/chip-seq-1.5.5/tools/bed2sga.c:498:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ext_buf, bed_fld[extIdx[i]-1]);
data/chip-seq-1.5.5/tools/bed2sga.c:511:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ac, bed_fld[0]);
data/chip-seq-1.5.5/tools/compactsga.c:204:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chr, seq_id);
data/chip-seq-1.5.5/tools/compactsga.c:205:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ft, feature);
data/chip-seq-1.5.5/tools/compactsga.c:206:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(desc, ext);
data/chip-seq-1.5.5/tools/countsga.c:188:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/tools/filter_counts.c:176:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(annotation, ext);
data/chip-seq-1.5.5/tools/sga2bed.c:112:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chrFile, options.dbPath);
data/chip-seq-1.5.5/tools/sga2bed.c:190:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(chrom, chr_nb);
data/chip-seq-1.5.5/tools/sga2bed.c:374:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.trackName, ft);
data/chip-seq-1.5.5/tools/sga2bed.c:405:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, ft);
data/chip-seq-1.5.5/tools/sga2bed.c:414:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sga_ext_f[i], *(tokens + i));
data/chip-seq-1.5.5/tools/sga2bed.c:443:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, sga_ext_f[*sga_f - 6]);
data/chip-seq-1.5.5/tools/sga2bed.c:447:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, sga_ext_f[*sga_f - 6]);
data/chip-seq-1.5.5/tools/sga2bed.c:479:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ext_str, "%s\t%d", ext_str, value);
data/chip-seq-1.5.5/tools/sga2wig.c:161:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chrFile, options.dbPath);
data/chip-seq-1.5.5/tools/sga2wig.c:225:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(chrom, chr_nb);
data/chip-seq-1.5.5/tools/sga2wig.c:258:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chrSizeFile, options.dbPath);
data/chip-seq-1.5.5/tools/sga2wig.c:605:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq_id_prev, seq_id);
data/chip-seq-1.5.5/tools/sga2wig.c:616:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.trackName, ft);
data/chip-seq-1.5.5/tools/sga2wig.c:796:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(options.chrName, options.chrNb);
data/chip-seq-1.5.5/chipcenter.c:705:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "f:dhi:zs:c:r:");
data/chip-seq-1.5.5/chipcor.c:586:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "c:n:dhoA:B:b:e:w:");
data/chip-seq-1.5.5/chipextract.c:2281:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "c:dhA:B:b:e:w:");
data/chip-seq-1.5.5/chippart.c:588:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "f:dhs:p:c:");
data/chip-seq-1.5.5/chippeak.c:1149:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "f:di:horw:v:t:c:");
data/chip-seq-1.5.5/chipscore.c:533:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "c:qdhorA:B:b:e:t:");
data/chip-seq-1.5.5/tools/bed2bed_display.c:396:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "dhf:a:b:o:", long_options, &option_index);
data/chip-seq-1.5.5/tools/bed2sga.c:610:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "dhf:i:s:cure:", long_options, &option_index);
data/chip-seq-1.5.5/tools/compactsga.c:232:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "dh");
data/chip-seq-1.5.5/tools/countsga.c:237:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "f:dhc:");
data/chip-seq-1.5.5/tools/featreplace.c:198:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "f:dh");
data/chip-seq-1.5.5/tools/filter_counts.c:215:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt(argc, argv, "f:dhr");
data/chip-seq-1.5.5/tools/sga2bed.c:564:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "dhi:l:c:e:n:rx", long_options, &option_index);
data/chip-seq-1.5.5/tools/sga2wig.c:771:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "dhi:o:n:b:e:c:f:s:", long_options, &option_index);
data/chip-seq-1.5.5/chipcenter.c:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID];
data/chip-seq-1.5.5/chipcenter.c:80:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID];
data/chip-seq-1.5.5/chipcenter.c:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[5];
data/chip-seq-1.5.5/chipcenter.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_SIZE];
data/chip-seq-1.5.5/chipcenter.c:125:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chrSizeFile, "/local/db/genome");
data/chip-seq-1.5.5/chipcenter.c:127:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(chrSizeFile, "/chr_size");
data/chip-seq-1.5.5/chipcenter.c:129:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(chrSizeFile, "r");
data/chip-seq-1.5.5/chipcenter.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chr_size[CHR_SIZE] = "";
data/chip-seq-1.5.5/chipcenter.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ncbi_ac[AC_MAX] = "";
data/chip-seq-1.5.5/chipcenter.c:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chipcenter.c:355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chipcenter.c:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft[FT_MAX] = "";
data/chip-seq-1.5.5/chipcenter.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chipcenter.c:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chipcenter.c:360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chipcenter.c:409:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chipcenter.c:426:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chipcenter.c:513:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chr_size = (int) atoi(csize);
data/chip-seq-1.5.5/chipcenter.c:565:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(end_line.feature, "END");
data/chip-seq-1.5.5/chipcenter.c:710:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Coff = atoi(optarg);
data/chip-seq-1.5.5/chipcenter.c:729:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Shift = atoi(optarg);
data/chip-seq-1.5.5/chipcenter.c:763:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/chipcor.c:66:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft[FT_MAX];
data/chip-seq-1.5.5/chipcor.c:102:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *norm_opt[3] = {"Raw Counts", "Count density", "Global Normalization"};
data/chip-seq-1.5.5/chipcor.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chipcor.c:305:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chipcor.c:311:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chipcor.c:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chipcor.c:375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/chipcor.c:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chipcor.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chipcor.c:379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chipcor.c:428:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chipcor.c:445:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chipcor.c:591:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.cutOff = atoi(optarg);
data/chip-seq-1.5.5/chipcor.c:594:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.normFact = atoi(optarg);
data/chip-seq-1.5.5/chipcor.c:612:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
From = atoi(optarg);
data/chip-seq-1.5.5/chipcor.c:615:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
To = atoi(optarg);
data/chip-seq-1.5.5/chipcor.c:618:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Win = atoi(optarg);
data/chip-seq-1.5.5/chipcor.c:665:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/chipextract.c:68:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft[FT_MAX];
data/chip-seq-1.5.5/chipextract.c:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blanks[10];
data/chip-seq-1.5.5/chipextract.c:449:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:457:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chipextract.c:463:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chipextract.c:514:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:515:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:516:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:517:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chipextract.c:568:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chipextract.c:585:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chipextract.c:662:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:670:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chipextract.c:676:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chipextract.c:727:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:728:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:729:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:730:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:732:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chipextract.c:781:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chipextract.c:798:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chipextract.c:875:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:883:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chipextract.c:889:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chipextract.c:940:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:941:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:942:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:943:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:945:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chipextract.c:994:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chipextract.c:1011:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chipextract.c:1088:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:1096:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chipextract.c:1102:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chipextract.c:1152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:1153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chipextract.c:1206:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chipextract.c:1223:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chipextract.c:1301:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:1310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chipextract.c:1316:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chipextract.c:1379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:1380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1384:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chipextract.c:1433:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chipextract.c:1450:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chipextract.c:1562:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:1571:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chipextract.c:1577:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chipextract.c:1641:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:1642:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1643:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1644:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1646:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chipextract.c:1695:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chipextract.c:1712:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chipextract.c:1823:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:1831:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chipextract.c:1837:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chipextract.c:1892:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:1893:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1894:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1895:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:1897:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chipextract.c:1946:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chipextract.c:1963:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chipextract.c:2048:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:2056:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chipextract.c:2062:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chipextract.c:2117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chipextract.c:2118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:2119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:2120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chipextract.c:2122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chipextract.c:2171:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chipextract.c:2188:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chipextract.c:2286:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.cutOff = atoi(optarg);
data/chip-seq-1.5.5/chipextract.c:2301:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
From = atoi(optarg);
data/chip-seq-1.5.5/chipextract.c:2304:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
To = atoi(optarg);
data/chip-seq-1.5.5/chipextract.c:2307:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Win = atoi(optarg);
data/chip-seq-1.5.5/chipextract.c:2348:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/chippart.c:67:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID];
data/chip-seq-1.5.5/chippart.c:300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chippart.c:310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chippart.c:316:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chippart.c:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chippart.c:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft[FT_MAX] = "";
data/chip-seq-1.5.5/chippart.c:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chippart.c:370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chippart.c:372:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chippart.c:421:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chippart.c:438:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chippart.c:605:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Tpen = atoi(optarg);
data/chip-seq-1.5.5/chippart.c:608:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Coff = atoi(optarg);
data/chip-seq-1.5.5/chippart.c:653:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/chippeak.c:70:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID];
data/chip-seq-1.5.5/chippeak.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_SIZE];
data/chip-seq-1.5.5/chippeak.c:126:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chrSizeFile, "/local/db/genome");
data/chip-seq-1.5.5/chippeak.c:128:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(chrSizeFile, "/chr_size");
data/chip-seq-1.5.5/chippeak.c:130:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(chrSizeFile, "r");
data/chip-seq-1.5.5/chippeak.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chr_size[CHR_SIZE] = "";
data/chip-seq-1.5.5/chippeak.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ncbi_ac[AC_MAX] = "";
data/chip-seq-1.5.5/chippeak.c:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft_name[FT_MAX + 4];
data/chip-seq-1.5.5/chippeak.c:216:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ft_name, "_p");
data/chip-seq-1.5.5/chippeak.c:223:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chr_size = (int) atoi(csize);
data/chip-seq-1.5.5/chippeak.c:376:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft_name[FT_MAX + 4];
data/chip-seq-1.5.5/chippeak.c:384:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ft_name, "_p");
data/chip-seq-1.5.5/chippeak.c:391:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chr_size = (int) atoi(csize);
data/chip-seq-1.5.5/chippeak.c:568:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft_name[FT_MAX + 4];
data/chip-seq-1.5.5/chippeak.c:573:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ft_name, "_p");
data/chip-seq-1.5.5/chippeak.c:622:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chippeak.c:633:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chippeak.c:639:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chippeak.c:783:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chippeak.c:784:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft[FT_MAX] = "";
data/chip-seq-1.5.5/chippeak.c:785:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chippeak.c:786:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chippeak.c:788:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chippeak.c:837:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chippeak.c:854:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chippeak.c:981:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ref_ft.name[k], "_p");
data/chip-seq-1.5.5/chippeak.c:1028:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ref_ft_plus.name[k], "_p");
data/chip-seq-1.5.5/chippeak.c:1039:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ref_ft_minus.name[j], "_p");
data/chip-seq-1.5.5/chippeak.c:1154:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Coff = atoi(optarg);
data/chip-seq-1.5.5/chippeak.c:1176:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Win1 = atoi(optarg);
data/chip-seq-1.5.5/chippeak.c:1179:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Win2 = atoi(optarg);
data/chip-seq-1.5.5/chippeak.c:1182:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Thres = atoi(optarg);
data/chip-seq-1.5.5/chippeak.c:1226:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/chipscore.c:68:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID];
data/chip-seq-1.5.5/chipscore.c:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft[FT_MAX];
data/chip-seq-1.5.5/chipscore.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char B_score[128];
data/chip-seq-1.5.5/chipscore.c:164:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(B_score," %llu", sum);
data/chip-seq-1.5.5/chipscore.c:177:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(B_score," %llu", sum);
data/chip-seq-1.5.5/chipscore.c:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/chipscore.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort_cmd[1024] = "sort -s -c -k1,1 -k3,3n ";
data/chip-seq-1.5.5/chipscore.c:212:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcat(sort_cmd, " 2>/tmp/sortcheck.out") == NULL) {
data/chip-seq-1.5.5/chipscore.c:281:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/chipscore.c:282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/chipscore.c:283:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/chipscore.c:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/chipscore.c:286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/chipscore.c:335:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/chipscore.c:352:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/chipscore.c:538:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.cutOff = atoi(optarg);
data/chip-seq-1.5.5/chipscore.c:553:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
From = atoi(optarg);
data/chip-seq-1.5.5/chipscore.c:556:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
To = atoi(optarg);
data/chip-seq-1.5.5/chipscore.c:568:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Thres = atoi(optarg);
data/chip-seq-1.5.5/chipscore.c:611:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/chipscore.c:668:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tar_ft.ft, "score");
data/chip-seq-1.5.5/hashtable.c:129:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(element->key, key, key_len);
data/chip-seq-1.5.5/hashtable.c:130:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(element->value, value, value_len);
data/chip-seq-1.5.5/hashtable.c:154:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(element->key, key, key_len);
data/chip-seq-1.5.5/tools/bed2bed_display.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bed_fld[12][FIELD_MAX];
data/chip-seq-1.5.5/tools/bed2bed_display.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[32];
data/chip-seq-1.5.5/tools/bed2bed_display.c:196:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = (unsigned long)atoi(bed_fld[1]);
data/chip-seq-1.5.5/tools/bed2bed_display.c:209:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = (unsigned long)atoi(bed_fld[2]);
data/chip-seq-1.5.5/tools/bed2bed_display.c:235:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
score = atoi(bed_fld[4]);
data/chip-seq-1.5.5/tools/bed2bed_display.c:410:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minScore = atoi(optarg);
data/chip-seq-1.5.5/tools/bed2bed_display.c:413:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxScore = atoi(optarg);
data/chip-seq-1.5.5/tools/bed2bed_display.c:416:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.oformat = atoi(optarg);
data/chip-seq-1.5.5/tools/bed2bed_display.c:476:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/tools/bed2bed_display.c:511:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.trackName, "ChIP-SeqPeaks");
data/chip-seq-1.5.5/tools/bed2bed_display.c:519:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.trackDesc, "ChIP-Seq Custom data");
data/chip-seq-1.5.5/tools/bed2bed_display.c:526:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.trackColor, "0,200,100");
data/chip-seq-1.5.5/tools/bed2bed_display.c:533:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.autoscale, "off");
data/chip-seq-1.5.5/tools/bed2bed_display.c:540:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.always0, "off");
data/chip-seq-1.5.5/tools/bed2bed_display.c:547:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.wfunction, "mean");
data/chip-seq-1.5.5/tools/bed2bed_display.c:554:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.smoothing, "off");
data/chip-seq-1.5.5/tools/bed2bed_display.c:564:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.visibility, "dense");
data/chip-seq-1.5.5/tools/bed2sga.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_SIZE];
data/chip-seq-1.5.5/tools/bed2sga.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chrom[12];
data/chip-seq-1.5.5/tools/bed2sga.c:121:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chrFile, "/home/local/db/genome");
data/chip-seq-1.5.5/tools/bed2sga.c:125:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(chrFile, "/chr_NC_gi");
data/chip-seq-1.5.5/tools/bed2sga.c:127:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(chrFile, "r");
data/chip-seq-1.5.5/tools/bed2sga.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chr_nb[CHR_NB] = "";
data/chip-seq-1.5.5/tools/bed2sga.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ncbi_ac[AC_MAX] = "";
data/chip-seq-1.5.5/tools/bed2sga.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[128];
data/chip-seq-1.5.5/tools/bed2sga.c:198:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chrom, "chr");
data/chip-seq-1.5.5/tools/bed2sga.c:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bed_fld[12][FIELD_MAX];
data/chip-seq-1.5.5/tools/bed2sga.c:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_buf[LINE_SIZE];
data/chip-seq-1.5.5/tools/bed2sga.c:240:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[32];
data/chip-seq-1.5.5/tools/bed2sga.c:297:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = (unsigned long)atoi(bed_fld[1]);
data/chip-seq-1.5.5/tools/bed2sga.c:310:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = (unsigned long)atoi(bed_fld[2]);
data/chip-seq-1.5.5/tools/bed2sga.c:336:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
score = atoi(bed_fld[4]);
data/chip-seq-1.5.5/tools/bed2sga.c:477:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long peak_offset = (long)atoi(bed_fld[9]);
data/chip-seq-1.5.5/tools/bed2sga.c:542:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim[2];
data/chip-seq-1.5.5/tools/bed2sga.c:681:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/tools/bed2sga.c:698:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Feature, "chIP");
data/chip-seq-1.5.5/tools/bed2sga.c:726:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extIdx[i] = atoi(*(tokens + i));
data/chip-seq-1.5.5/tools/compactsga.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chr[SEQ_ID] = "";
data/chip-seq-1.5.5/tools/compactsga.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft[FT_MAX] = "";
data/chip-seq-1.5.5/tools/compactsga.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[EXT_MAX] = "";
data/chip-seq-1.5.5/tools/compactsga.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/tools/compactsga.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/tools/compactsga.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/tools/compactsga.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/tools/compactsga.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX] = "";
data/chip-seq-1.5.5/tools/compactsga.c:159:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = (unsigned long)atol(position);
data/chip-seq-1.5.5/tools/compactsga.c:176:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/tools/countsga.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/tools/countsga.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/tools/countsga.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feature[FT_MAX] = "";
data/chip-seq-1.5.5/tools/countsga.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/tools/countsga.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/tools/countsga.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/tools/countsga.c:151:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = (unsigned long)atol(position);
data/chip-seq-1.5.5/tools/countsga.c:168:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/tools/countsga.c:248:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.cutOff = atoi(optarg);
data/chip-seq-1.5.5/tools/countsga.c:280:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/tools/featreplace.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/tools/featreplace.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft[FT_MAX] = "";
data/chip-seq-1.5.5/tools/featreplace.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/tools/featreplace.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/tools/featreplace.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/tools/featreplace.c:134:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = (unsigned long)atol(position);
data/chip-seq-1.5.5/tools/featreplace.c:151:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/tools/featreplace.c:231:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/tools/featreplace.c:252:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Feature, "FT");
data/chip-seq-1.5.5/tools/filter_counts.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char annotation[EXT_MAX];
data/chip-seq-1.5.5/tools/filter_counts.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/tools/filter_counts.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft[FT_MAX] = "";
data/chip-seq-1.5.5/tools/filter_counts.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/tools/filter_counts.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/tools/filter_counts.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/tools/filter_counts.c:141:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = (unsigned long)atol(position);
data/chip-seq-1.5.5/tools/filter_counts.c:158:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/tools/filter_counts.c:255:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/tools/filter_counts.c:276:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Feature, "RMSK");
data/chip-seq-1.5.5/tools/sga2bed.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_SIZE];
data/chip-seq-1.5.5/tools/sga2bed.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chrom[12];
data/chip-seq-1.5.5/tools/sga2bed.c:119:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chrFile, "/home/local/db/genome");
data/chip-seq-1.5.5/tools/sga2bed.c:121:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(chrFile, "/chr_NC_gi");
data/chip-seq-1.5.5/tools/sga2bed.c:123:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(chrFile, "r");
data/chip-seq-1.5.5/tools/sga2bed.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chr_nb[CHR_NB] = "";
data/chip-seq-1.5.5/tools/sga2bed.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ncbi_ac[AC_MAX] = "";
data/chip-seq-1.5.5/tools/sga2bed.c:189:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chrom, "chr");
data/chip-seq-1.5.5/tools/sga2bed.c:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim[2];
data/chip-seq-1.5.5/tools/sga2bed.c:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/tools/sga2bed.c:273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft[FT_MAX] = "";
data/chip-seq-1.5.5/tools/sga2bed.c:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/tools/sga2bed.c:275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/tools/sga2bed.c:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/tools/sga2bed.c:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sga_ext_f[12][FIELD_MAX];
data/chip-seq-1.5.5/tools/sga2bed.c:333:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/tools/sga2bed.c:350:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/tools/sga2bed.c:471:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ext_str, "%d", value);
data/chip-seq-1.5.5/tools/sga2bed.c:579:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.readLen = atoi(optarg);
data/chip-seq-1.5.5/tools/sga2bed.c:582:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.scoreFact = atoi(optarg);
data/chip-seq-1.5.5/tools/sga2bed.c:589:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.normFact = atoi(optarg);
data/chip-seq-1.5.5/tools/sga2bed.c:648:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/tools/sga2bed.c:665:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.trackDesc, "ChIP-Seq Custom data");
data/chip-seq-1.5.5/tools/sga2bed.c:672:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.trackColor, "100,100,100");
data/chip-seq-1.5.5/tools/sga2bed.c:685:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ht_el[j] = atoi(*(tokens_2 + j));
data/chip-seq-1.5.5/tools/sga2wig.c:132:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID];
data/chip-seq-1.5.5/tools/sga2wig.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_SIZE];
data/chip-seq-1.5.5/tools/sga2wig.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chrom[12];
data/chip-seq-1.5.5/tools/sga2wig.c:168:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chrFile, "/home/local/db/genome");
data/chip-seq-1.5.5/tools/sga2wig.c:170:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(chrFile, "/chr_NC_gi");
data/chip-seq-1.5.5/tools/sga2wig.c:172:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(chrFile, "r");
data/chip-seq-1.5.5/tools/sga2wig.c:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chr_nb[CHR_NB] = "";
data/chip-seq-1.5.5/tools/sga2wig.c:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ncbi_ac[AC_MAX] = "";
data/chip-seq-1.5.5/tools/sga2wig.c:224:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chrom, "chr");
data/chip-seq-1.5.5/tools/sga2wig.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_SIZE];
data/chip-seq-1.5.5/tools/sga2wig.c:265:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chrSizeFile, "/home/local/db/genome");
data/chip-seq-1.5.5/tools/sga2wig.c:267:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(chrSizeFile, "/chr_size");
data/chip-seq-1.5.5/tools/sga2wig.c:269:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(chrSizeFile, "r");
data/chip-seq-1.5.5/tools/sga2wig.c:283:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chr_size[CHR_SIZE] = "";
data/chip-seq-1.5.5/tools/sga2wig.c:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ncbi_ac[AC_MAX] = "";
data/chip-seq-1.5.5/tools/sga2wig.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim[2];
data/chip-seq-1.5.5/tools/sga2wig.c:438:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chr_size = (unsigned long) atoi(csize);
data/chip-seq-1.5.5/tools/sga2wig.c:470:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[SEQ_ID] = "";
data/chip-seq-1.5.5/tools/sga2wig.c:471:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id_prev[SEQ_ID] = "";
data/chip-seq-1.5.5/tools/sga2wig.c:495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft[FT_MAX] = "";
data/chip-seq-1.5.5/tools/sga2wig.c:496:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[POS_MAX] = "";
data/chip-seq-1.5.5/tools/sga2wig.c:497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[CNT_MAX] = "";
data/chip-seq-1.5.5/tools/sga2wig.c:499:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[EXT_MAX];
data/chip-seq-1.5.5/tools/sga2wig.c:551:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(position);
data/chip-seq-1.5.5/tools/sga2wig.c:568:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(count);
data/chip-seq-1.5.5/tools/sga2wig.c:786:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.wigFormat = atoi(optarg);
data/chip-seq-1.5.5/tools/sga2wig.c:795:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.chrName, "chr");
data/chip-seq-1.5.5/tools/sga2wig.c:801:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.chrStart = atoi(optarg);
data/chip-seq-1.5.5/tools/sga2wig.c:804:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.chrEnd = atoi(optarg);
data/chip-seq-1.5.5/tools/sga2wig.c:809:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.cutOff = atoi(optarg);
data/chip-seq-1.5.5/tools/sga2wig.c:812:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.norm = atoi(optarg);
data/chip-seq-1.5.5/tools/sga2wig.c:815:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options.span = atoi(optarg);
data/chip-seq-1.5.5/tools/sga2wig.c:902:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[optind], "r");
data/chip-seq-1.5.5/tools/sga2wig.c:919:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.trackDesc, "ChIP-Seq Custom data");
data/chip-seq-1.5.5/tools/sga2wig.c:926:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.trackColor, "0,200,100");
data/chip-seq-1.5.5/tools/sga2wig.c:933:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.autoscale, "off");
data/chip-seq-1.5.5/tools/sga2wig.c:940:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.always0, "off");
data/chip-seq-1.5.5/tools/sga2wig.c:947:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.wfunction, "mean");
data/chip-seq-1.5.5/tools/sga2wig.c:954:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.smoothing, "off");
data/chip-seq-1.5.5/tools/sga2wig.c:961:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(options.visibility, "full");
data/chip-seq-1.5.5/chipcenter.c:113:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = (int)strlen(options.dbPath) + 10;
data/chip-seq-1.5.5/chipcenter.c:137:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/chip-seq-1.5.5/chipcenter.c:354:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chipcenter.c:371:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chipcenter.c:508:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ac_len = (int)strlen(seq_id) + 1;
data/chip-seq-1.5.5/chipcenter.c:579:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ft_plus.feature[j] = malloc(strlen(ft) + 1);
data/chip-seq-1.5.5/chipcenter.c:582:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ft_plus.ext[j] = malloc(strlen(ext) + 1);
data/chip-seq-1.5.5/chipcenter.c:600:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ft_minus.feature[k] = malloc(strlen(ft) + 1);
data/chip-seq-1.5.5/chipcenter.c:603:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ft_minus.ext[k] = malloc(strlen(ext) + 1);
data/chip-seq-1.5.5/chipcenter.c:623:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ft_plus.ext[j] = malloc(strlen(ext) + 1);
data/chip-seq-1.5.5/chipcenter.c:642:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ft_minus.ext[k] = malloc(strlen(ext) + 1);
data/chip-seq-1.5.5/chipcor.c:373:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chipcor.c:390:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chipcor.c:714:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(ref_ft.ft);
data/chip-seq-1.5.5/chipcor.c:719:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(tar_ft.ft);
data/chip-seq-1.5.5/chipextract.c:513:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:530:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:726:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:743:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:939:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:956:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:1151:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:1168:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:1378:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:1395:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:1640:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:1657:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:1891:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:1908:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:2116:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:2133:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chipextract.c:2394:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(ref_ft.ft);
data/chip-seq-1.5.5/chipextract.c:2399:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(tar_ft.ft);
data/chip-seq-1.5.5/chippart.c:366:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chippart.c:383:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chippart.c:498:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref_ft.name[k] = malloc(strlen(ft) + 1);
data/chip-seq-1.5.5/chippart.c:510:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref_ft.name[k] = malloc(strlen(ft) + 1);
data/chip-seq-1.5.5/chippart.c:523:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref_ft.name[k] = malloc(strlen(ft) + 1);
data/chip-seq-1.5.5/chippart.c:535:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref_ft.name[k] = malloc(strlen(ft) + 1);
data/chip-seq-1.5.5/chippart.c:546:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref_ft.name[k + 1] = malloc(strlen(ft) + 1);
data/chip-seq-1.5.5/chippeak.c:114:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = (int)strlen(options.dbPath) + 10;
data/chip-seq-1.5.5/chippeak.c:138:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/chip-seq-1.5.5/chippeak.c:220:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ac_len = (int)strlen(ref_ft.seq_id) + 1;
data/chip-seq-1.5.5/chippeak.c:388:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ac_len = (int)strlen(feat->seq_id) + 1;
data/chip-seq-1.5.5/chippeak.c:514:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lmax->name[n] = malloc(strlen(feat->name[i]) + 1);
data/chip-seq-1.5.5/chippeak.c:555:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lmax->name[n] = malloc(strlen(feat->name[i]) + 1);
data/chip-seq-1.5.5/chippeak.c:782:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chippeak.c:799:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chippeak.c:979:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref_ft.name[k] = malloc(strlen(ft) + 3);
data/chip-seq-1.5.5/chippeak.c:1026:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref_ft_plus.name[k] = malloc(strlen(ft) + 3);
data/chip-seq-1.5.5/chippeak.c:1037:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref_ft_minus.name[j] = malloc(strlen(ft) + 3);
data/chip-seq-1.5.5/chipscore.c:280:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/chipscore.c:297:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/chipscore.c:435:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref_ft.ext[j] = (char *)malloc(strlen(ext) + 1);
data/chip-seq-1.5.5/chipscore.c:454:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ref_ft.ext[j] = (char *)malloc(strlen(ext) + 1);
data/chip-seq-1.5.5/chipscore.c:660:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(ref_ft.ft);
data/chip-seq-1.5.5/chipscore.c:665:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(tar_ft.ft);
data/chip-seq-1.5.5/tools/bed2bed_display.c:142:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/tools/bed2bed_display.c:155:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/tools/bed2bed_display.c:340:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
options.feature = malloc((strlen(bed_fld[3])+1) * sizeof(char));
data/chip-seq-1.5.5/tools/bed2bed_display.c:501:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((options.trackName = malloc((strlen(options.feature) + 1) * sizeof(char))) == NULL) {
data/chip-seq-1.5.5/tools/bed2bed_display.c:562:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(options.visibility, "1");
data/chip-seq-1.5.5/tools/bed2sga.c:108:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = (int)strlen(options.dbPath) + 12;
data/chip-seq-1.5.5/tools/bed2sga.c:135:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/chip-seq-1.5.5/tools/bed2sga.c:200:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nb_len = (int)strlen(chrom) + 1;
data/chip-seq-1.5.5/tools/bed2sga.c:236:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/tools/bed2sga.c:256:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/tools/bed2sga.c:497:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ext_buf, "\t");
data/chip-seq-1.5.5/tools/bed2sga.c:505:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id_len = (int)strlen(bed_fld[0]) + 1;
data/chip-seq-1.5.5/tools/bed2sga.c:510:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ac = malloc (strlen(bed_fld[0]) + 1);
data/chip-seq-1.5.5/tools/bed2sga.c:554:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += last_comma < (a_str + strlen(a_str) - 1);
data/chip-seq-1.5.5/tools/compactsga.c:107:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/tools/compactsga.c:121:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/tools/countsga.c:99:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/tools/countsga.c:113:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/tools/featreplace.c:79:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/tools/featreplace.c:96:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/tools/filter_counts.c:86:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/tools/filter_counts.c:103:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/tools/sga2bed.c:107:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = (int)strlen(options.dbPath) + 12;
data/chip-seq-1.5.5/tools/sga2bed.c:131:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/chip-seq-1.5.5/tools/sga2bed.c:191:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nb_len = (int)strlen(chrom) + 1;
data/chip-seq-1.5.5/tools/sga2bed.c:226:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += last_comma < (a_str + strlen(a_str) - 1);
data/chip-seq-1.5.5/tools/sga2bed.c:271:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/tools/sga2bed.c:295:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/tools/sga2bed.c:370:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (options.trackName = malloc((strlen(ft) + 1) * sizeof(char))) == NULL) {
data/chip-seq-1.5.5/tools/sga2bed.c:401:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name = malloc((strlen(ft) + 1) * sizeof(char))) == NULL) {
data/chip-seq-1.5.5/tools/sga2bed.c:433:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name = realloc(name, (strlen(sga_ext_f[*sga_f - 6]) + 1) * sizeof(char))) == NULL) {
data/chip-seq-1.5.5/tools/sga2bed.c:446:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(name, " ");
data/chip-seq-1.5.5/tools/sga2bed.c:467:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ext_str = malloc((strlen(sga_ext_f[*sga_f - 6]) + 1) * sizeof(char))) == NULL) {
data/chip-seq-1.5.5/tools/sga2bed.c:475:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ext_str = realloc(ext_str, (strlen(sga_ext_f[*sga_f - 6]) + 1) * sizeof(char))) == NULL) {
data/chip-seq-1.5.5/tools/sga2bed.c:492:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id_len = (int)strlen(seq_id) + 1;
data/chip-seq-1.5.5/tools/sga2wig.c:156:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = (int)strlen(options.dbPath) + 12;
data/chip-seq-1.5.5/tools/sga2wig.c:180:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/chip-seq-1.5.5/tools/sga2wig.c:226:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nb_len = (int)strlen(chrom) + 1;
data/chip-seq-1.5.5/tools/sga2wig.c:253:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = (int)strlen(options.dbPath) + 10;
data/chip-seq-1.5.5/tools/sga2wig.c:277:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(input);
data/chip-seq-1.5.5/tools/sga2wig.c:351:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += last_comma < (a_str + strlen(a_str) - 1);
data/chip-seq-1.5.5/tools/sga2wig.c:385:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ac_len = (int)strlen(ac) + 1;
data/chip-seq-1.5.5/tools/sga2wig.c:434:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ac_len = (int)strlen(ac) + 1;
data/chip-seq-1.5.5/tools/sga2wig.c:494:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cLen = strlen(s);
data/chip-seq-1.5.5/tools/sga2wig.c:513:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cLen = strlen(s);
data/chip-seq-1.5.5/tools/sga2wig.c:612:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((options.trackName = malloc((strlen(ft) + 1) * sizeof(char))) == NULL) {
data/chip-seq-1.5.5/tools/sga2wig.c:635:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id_len = (int)strlen(seq_id) + 1;
data/chip-seq-1.5.5/tools/sga2wig.c:791:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (options.chrName = malloc((strlen(options.chrNb) + 4) * sizeof(char))) == NULL) {
ANALYSIS SUMMARY:
Hits = 578
Lines analyzed = 11941 in approximately 0.49 seconds (24424 lines/second)
Physical Source Lines of Code (SLOC) = 10172
Hits@level = [0] 629 [1] 105 [2] 339 [3] 14 [4] 120 [5] 0
Hits@level+ = [0+] 1207 [1+] 578 [2+] 473 [3+] 134 [4+] 120 [5+] 0
Hits/KSLOC@level+ = [0+] 118.659 [1+] 56.8227 [2+] 46.5002 [3+] 13.1734 [4+] 11.7971 [5+] 0
Symlinks skipped = 2 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.