Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/damapper-0.0+git20200322.b2c9d7f/DB.c
Examining data/damapper-0.0+git20200322.b2c9d7f/DB.h
Examining data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c
Examining data/damapper-0.0+git20200322.b2c9d7f/QV.c
Examining data/damapper-0.0+git20200322.b2c9d7f/QV.h
Examining data/damapper-0.0+git20200322.b2c9d7f/align.c
Examining data/damapper-0.0+git20200322.b2c9d7f/align.h
Examining data/damapper-0.0+git20200322.b2c9d7f/damapper.c
Examining data/damapper-0.0+git20200322.b2c9d7f/map.c
Examining data/damapper-0.0+git20200322.b2c9d7f/map.h
FINAL RESULTS:
data/damapper-0.0+git20200322.b2c9d7f/DB.c:179:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cat,"%s%s%s%s",path,sep,root,suffix);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:200:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sfx,"%s%d%s",left,num,right);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:223:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cat,"%s%s%s%s",path,sep,root,suffix);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:244:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sfx,"%s%d%s",left,num,right);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:506:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:538:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(dbfile,DB_FDATA,&nread,buf1,buf2) != 3)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:554:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:557:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_PARAMS,&size,&cutoff,&all) != 3)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:567:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,stub->ublocks+i,stub->tblocks+i) != 2)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:604:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:609:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:617:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_PARAMS,&size,&cutoff,&all) != 3)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:620:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,&ufirst,&tfirst) != 2)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:622:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,&ulast,&tlast) != 2)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:761:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NFILE,&nfiles) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:766:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_FDATA,&tlast,fname,prolog) != 3)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:770:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NBLOCK,&nblocks) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:781:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(dbvis,DB_PARAMS,&size,&cutoff,&all) != 3)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:793:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ufirst,&tfirst) != 2)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:797:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ulast,&tlast) != 2)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2363:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NFILE,&nfiles) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2381:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2392:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2413:16: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
(void) fscanf(istub,DB_NFILE,&nfiles);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2417:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2422:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2481:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2779:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parse->slice,"%s/%s",parse->pwd,parse->root);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2781:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parse->slice,"%s/%s%c%d-%d%s",parse->pwd,parse->root,BLOCK_SYMBOL,parse->next+1,
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2883:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2888:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.h:39:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define EPRINTF sprintf
data/damapper-0.0+git20200322.b2c9d7f/DB.h:45:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define EPRINTF fprintf
data/damapper-0.0+git20200322.b2c9d7f/DB.h:159:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ if (fprintf(file,__VA_ARGS__) < 0) \
data/damapper-0.0+git20200322.b2c9d7f/DB.h:164:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ if (printf(__VA_ARGS__) < 0) \
data/damapper-0.0+git20200322.b2c9d7f/DB.h:194:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(file,__VA_ARGS__) != Count_Args(#__VA_ARGS__)-1) \
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:365:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.01.OVL",ONAME);
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:384:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_ALIGN,jobid++);
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:389:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_ALIGN,NTHREADS,(MINT*1024)/NTHREADS,jobid++);
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:391:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,HPC_ALIGN,NTHREADS,(16*1024)/NTHREADS,jobid++);
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:449:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.02.CHECK.OPT",ONAME);
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:547:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"rm -r %s",SORT_PATH);
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:548:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) != 0)
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:771:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NFILE,&nfiles) != 1)
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:776:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_FDATA,&tlast,fname,prolog) != 3)
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:780:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NBLOCK,&nblocks) != 1)
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:811:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newpath,"%s/damapper.%d",SORT_PATH,getpid());
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:885:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) != 0) \
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:894:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(command,"LAsort %s %s %s/%s.%s.M%c.las",VERBOSE?"-v":"",
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:898:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"LAcat %s %s/%s.%s.M%c.S >%s.%s.las",VERBOSE?"-v":"",
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:904:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(command,"LAsort %s %s %s/%s.%s.R%c.las",VERBOSE?"-v":"",
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:908:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"LAmerge %s %s %s.%s %s/%s.%s.R%c.S.las",VERBOSE?"-v":"",
data/damapper-0.0+git20200322.b2c9d7f/map.c:3251:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(fname,"%s/%s.%s.M%d.las",SORT_PATH,aname,bname,i+1);
data/damapper-0.0+git20200322.b2c9d7f/map.c:3257:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(fname,"%s/%s.%s.R%d.las",SORT_PATH,bname,aname,i+1);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ebuffer[1000];
data/damapper-0.0+git20200322.b2c9d7f/DB.c:107:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(name,mode)) == NULL)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:334:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*s++ = (char ) ((s0[i] << 6) | (s1[i] << 4) | (s2[i] << 2) | s3[i]);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:368:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'a', 'c', 'g', 't' };
data/damapper-0.0+git20200322.b2c9d7f/DB.c:376:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'A', 'C', 'G', 'T' };
data/damapper-0.0+git20200322.b2c9d7f/DB.c:384:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { '1', '2', '3', '4' };
data/damapper-0.0+git20200322.b2c9d7f/DB.c:394:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char number[128] =
data/damapper-0.0+git20200322.b2c9d7f/DB.c:419:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char arrow[128] =
data/damapper-0.0+git20200322.b2c9d7f/DB.c:444:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char change[128] =
data/damapper-0.0+git20200322.b2c9d7f/DB.c:482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[MAX_NAME+100];
data/damapper-0.0+git20200322.b2c9d7f/DB.c:483:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[MAX_NAME+100];
data/damapper-0.0+git20200322.b2c9d7f/DB.c:592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2*MAX_NAME+100];
data/damapper-0.0+git20200322.b2c9d7f/DB.c:728:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:740:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:758:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_NAME], prolog[MAX_NAME];
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1650:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,MyNumbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1654:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,".",track,".anno"),"r");
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1818:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,MyNumbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1822:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(MyCatenate(db->path,".",track,".anno"),"r");
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1842:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfile = fopen(name,"r");
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2700:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(MyCatenate(parse->pwd,"/",disp,".las"),"r")) == NULL)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2867:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[2*MAX_NAME+100];
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2873:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbfile = fopen(dbname,"r");
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2876:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbfile = fopen(dbname,"r");
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:226:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbvis = fopen(Catenate(pwd1,"/",root1,".dam"),"r");
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:236:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[30001];
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:262:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbvis = fopen(Catenate(pwd2,"/",root2,".dam"),"r");
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:272:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[30001];
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:330:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(src2,Numbered_Suffix(".",fblock-1,"."),root1,".las"),"r");
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:340:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(src2,Numbered_Suffix(".",fblock,"."),root1,".las"),"r");
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:348:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(src2,".",root1,".las"),"r");
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:366:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:450:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/damapper-0.0+git20200322.b2c9d7f/align.c:3292:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToL[8] = { 'a', 'c', 'g', 't', '.', '[', ']', '-' };
data/damapper-0.0+git20200322.b2c9d7f/align.c:3293:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToU[8] = { 'A', 'C', 'G', 'T', '.', '[', ']', '-' };
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:736:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_NAME], prolog[MAX_NAME];
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:760:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:764:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:147:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ epos = strlen(find);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:148:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
epos -= strlen(suffix);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:167:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:168:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(sep);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:169:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(root);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:170:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(suffix);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:190:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(left);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:191:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(right) + 40;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:211:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:212:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(sep);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:213:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(root);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:214:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(suffix);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:234:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(left);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:235:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(right) + 40;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:697:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1045:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(db->path)+1
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1060:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(t->name)+1
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1093:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1098:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(root);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1136:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(name);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1213:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ char *read;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1227:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(DAZZ_DB *db, int i, char *read, int ascii)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1240:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(read,(char *) bases + r[i].boff,len);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1240:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strncpy(read,(char *) bases + r[i].boff,len);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1242:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1243:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1243:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1245:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1246:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Number_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1247:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1251:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1252:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = 4;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1254:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Lower_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1256:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Upper_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1257:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1260:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1261:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ascii == 1) != islower(*read))
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1262:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Change_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1264:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1276:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1281:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(len,read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1283:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1284:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1287:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1288:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1291:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1303:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(DAZZ_DB *db, int i, int beg, int end, char *read, int ascii)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1317:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(read,(char *) bases + r[i].boff + beg,len);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1317:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strncpy(read,(char *) bases + r[i].boff + beg,len);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1319:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1320:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1320:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = read[len] = 4;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1322:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1323:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Number_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1324:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1328:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (*read < 4)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1329:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = 4;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1331:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Lower_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1333:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Upper_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1334:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1337:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ read[len] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1338:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ascii == 1) != islower(*read))
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1339:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Change_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1341:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1343:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1356:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1361:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(4*clen,read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1363:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[len] = 4;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1365:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1366:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1369:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1370:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1373:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1375:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1705:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DAZZ_READ read;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1731:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1736:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1736:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1750:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1755:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1755:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1770:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1775:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:1775:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2034:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(data,(void *) track->data + off,len);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2266:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(extra->name);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2426:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ DAZZ_READ read;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2429:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fread(&read,sizeof(DAZZ_READ),1,indx) != 1)
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2434:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fseeko(quiva,read.coff,SEEK_SET);
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2767:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int size = strlen(parse->pwd) + strlen(Block_Arg_Root(parse)) + 30;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2767:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int size = strlen(parse->pwd) + strlen(Block_Arg_Root(parse)) + 30;
data/damapper-0.0+git20200322.b2c9d7f/DB.c:2799:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int len = strlen(arg);
data/damapper-0.0+git20200322.b2c9d7f/DB.h:537:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(DAZZ_DB *db, int i, char *read, int ascii);
data/damapper-0.0+git20200322.b2c9d7f/DB.h:546:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(DAZZ_DB *db, int i, int beg, int end, char *read, int ascii);
data/damapper-0.0+git20200322.b2c9d7f/DB.h:573:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Arrow(DAZZ_DB *db, int i, char *read, int ascii);
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:160:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:161:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]);
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:218:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[1]+(strlen(argv[1])-4),".dam") == 0)
data/damapper-0.0+git20200322.b2c9d7f/HPC.damapper.c:248:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[2]+(strlen(argv[2])-4),".dam") == 0)
data/damapper-0.0+git20200322.b2c9d7f/QV.c:386:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode(HScheme *scheme, FILE *out, uint8 *read, int rlen)
data/damapper-0.0+git20200322.b2c9d7f/QV.c:428:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/damapper-0.0+git20200322.b2c9d7f/QV.c:448:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode_Run(HScheme *neme, HScheme *reme, FILE *out, uint8 *read, int rlen, int rchar)
data/damapper-0.0+git20200322.b2c9d7f/QV.c:477:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (k < rlen && read[k] == rchar)
data/damapper-0.0+git20200322.b2c9d7f/QV.c:489:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/damapper-0.0+git20200322.b2c9d7f/QV.c:510:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode(HScheme *scheme, FILE *in, char *read, int rlen)
data/damapper-0.0+git20200322.b2c9d7f/QV.c:583:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/damapper-0.0+git20200322.b2c9d7f/QV.c:595:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/damapper-0.0+git20200322.b2c9d7f/QV.c:604:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode_Run(HScheme *neme, HScheme *reme, FILE *in, char *read,
data/damapper-0.0+git20200322.b2c9d7f/QV.c:650:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/damapper-0.0+git20200322.b2c9d7f/QV.c:661:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/damapper-0.0+git20200322.b2c9d7f/QV.c:675:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/damapper-0.0+git20200322.b2c9d7f/QV.c:686:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/damapper-0.0+git20200322.b2c9d7f/QV.c:770:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(Read);
data/damapper-0.0+git20200322.b2c9d7f/QV.c:782:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen += strlen(Read+rlen);
data/damapper-0.0+git20200322.b2c9d7f/QV.c:792:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rlen != (int) strlen(other))
data/damapper-0.0+git20200322.b2c9d7f/QV.c:1195:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(coding->prefix);
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:532:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 2*(strlen(aname) + strlen(bname) + strlen(spath)) + 200;
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:532:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 2*(strlen(aname) + strlen(bname) + strlen(spath)) + 200;
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:532:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 2*(strlen(aname) + strlen(bname) + strlen(spath)) + 200;
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:550:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Prog_Name,(int) strlen(Prog_Name),"",command);
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:684:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:685:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]);
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:740:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(argv[1]);
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:808:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = (char *) Malloc(strlen(SORT_PATH)+30,"Allocating sort path");
data/damapper-0.0+git20200322.b2c9d7f/damapper.c:887:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Prog_Name,(int) strlen(Prog_Name),"",command); \
data/damapper-0.0+git20200322.b2c9d7f/map.c:81:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/damapper-0.0+git20200322.b2c9d7f/map.c:95:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/damapper-0.0+git20200322.b2c9d7f/map.c:786:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf(" %5d / %5d / %10lld\n",c->read,c->rpos,c->code);
data/damapper-0.0+git20200322.b2c9d7f/map.c:988:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ hits[nhits].bread = bsort[b].read;
data/damapper-0.0+git20200322.b2c9d7f/map.c:989:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hits[nhits].aread = asort[a].read;
data/damapper-0.0+git20200322.b2c9d7f/map.c:3216:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(aname) + strlen(bname) + 100;
data/damapper-0.0+git20200322.b2c9d7f/map.c:3216:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(aname) + strlen(bname) + 100;
ANALYSIS SUMMARY:
Hits = 226
Lines analyzed = 15832 in approximately 0.46 seconds (34646 lines/second)
Physical Source Lines of Code (SLOC) = 12458
Hits@level = [0] 547 [1] 132 [2] 40 [3] 0 [4] 54 [5] 0
Hits@level+ = [0+] 773 [1+] 226 [2+] 94 [3+] 54 [4+] 54 [5+] 0
Hits/KSLOC@level+ = [0+] 62.0485 [1+] 18.141 [2+] 7.54535 [3+] 4.33456 [4+] 4.33456 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.