Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/elph-1.0.1/sources/elph.cc
Examining data/elph-1.0.1/sources/GString.h
Examining data/elph-1.0.1/sources/GBase.h
Examining data/elph-1.0.1/sources/GArgs.cpp
Examining data/elph-1.0.1/sources/motif.cc
Examining data/elph-1.0.1/sources/GFastaFile.h
Examining data/elph-1.0.1/sources/GArgs.h
Examining data/elph-1.0.1/sources/GBase.cpp
Examining data/elph-1.0.1/sources/motif.h
Examining data/elph-1.0.1/sources/GString.cpp
FINAL RESULTS:
data/elph-1.0.1/sources/GArgs.cpp:104:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(args[count].value, argv[p]);
data/elph-1.0.1/sources/GArgs.cpp:113:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(args[count].value, (argv[p]+2));
data/elph-1.0.1/sources/GArgs.cpp:142:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(args[count].value, e+1);
data/elph-1.0.1/sources/GBase.cpp:13:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"%s(%d): GASSERT(%s) failed.\n",filename,lineno,expression);
data/elph-1.0.1/sources/GBase.cpp:21:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(msg,format,arguments);
data/elph-1.0.1/sources/GBase.cpp:30:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,format,arguments);
data/elph-1.0.1/sources/GBase.cpp:40:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(msg,format,arguments);
data/elph-1.0.1/sources/GBase.cpp:87:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy,str);
data/elph-1.0.1/sources/GString.cpp:37:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->chars, str);
data/elph-1.0.1/sources/GString.cpp:342:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
int len=vsprintf(buf,fmt,arguments);
data/elph-1.0.1/sources/GString.cpp:359:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf,fmt,arguments);
data/elph-1.0.1/sources/GString.cpp:652:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, s);
data/elph-1.0.1/sources/GString.cpp:699:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, s);
data/elph-1.0.1/sources/GString.cpp:710:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, s);
data/elph-1.0.1/sources/GString.cpp:748:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
::strcpy(&data->chars[index], &chars()[index+len]);
data/elph-1.0.1/sources/GString.cpp:777:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
::strcpy(&data->chars[index+s.length()], &chars()[index+len]);
data/elph-1.0.1/sources/GString.cpp:810:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
::strcpy(&data->chars[index+s_length], &chars()[index+len]);
data/elph-1.0.1/sources/GString.cpp:834:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
::strcpy(&data->chars[index+s.length()], &chars()[index]);
data/elph-1.0.1/sources/GString.cpp:859:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
::strcpy(&data->chars[index+s_length], &chars()[index]);
data/elph-1.0.1/sources/GString.cpp:879:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
::strcpy(&my_data->chars[my_data->length], s);
data/elph-1.0.1/sources/GString.cpp:1024:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fTokenDelimiter, delimiter);
data/elph-1.0.1/sources/motif.cc:383:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fkseq[i],fseq1.seq);
data/elph-1.0.1/sources/motif.cc:384:27: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(testlen>fseq1.len) strcat(fkseq[i],fseq2.seq);
data/elph-1.0.1/sources/motif.cc:418:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fkseq[i],fseq.seq);
data/elph-1.0.1/sources/motif.cc:496:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(consensus,pattern);
data/elph-1.0.1/sources/motif.cc:1078:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(consensus,pattern);
data/elph-1.0.1/sources/motif.cc:1086:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fkseq[i],fkseq[-1+B->noseq]);
data/elph-1.0.1/sources/motif.cc:1803:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(align,motif);
data/elph-1.0.1/sources/motif.cc:1840:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(align,motif);
data/elph-1.0.1/sources/motif.cc:1885:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(align,motif);
data/elph-1.0.1/sources/motif.cc:2079:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy,pattern);
data/elph-1.0.1/sources/motif.cc:2132:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy,pattern);
data/elph-1.0.1/sources/motif.cc:2815:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t,snew);
data/elph-1.0.1/sources/motif.cc:2829:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t,snew);
data/elph-1.0.1/sources/elph.cc:195:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/elph-1.0.1/sources/GArgs.cpp:134:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part[30];
data/elph-1.0.1/sources/GBase.cpp:9:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[4069];
data/elph-1.0.1/sources/GBase.cpp:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subs, str, newlen-1);
data/elph-1.0.1/sources/GFastaFile.h:88:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fh = fopen(filename, mode)) == NULL)
data/elph-1.0.1/sources/GString.cpp:77:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, chars(), length());
data/elph-1.0.1/sources/GString.cpp:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/elph-1.0.1/sources/GString.cpp:131:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",i);
data/elph-1.0.1/sources/GString.cpp:134:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(chrs(), buf, length);
data/elph-1.0.1/sources/GString.cpp:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/elph-1.0.1/sources/GString.cpp:142:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f",f);
data/elph-1.0.1/sources/GString.cpp:145:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(chrs(), buf, length);
data/elph-1.0.1/sources/GString.cpp:190:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(chrs(), s, length);
data/elph-1.0.1/sources/GString.cpp:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/elph-1.0.1/sources/GString.cpp:197:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f",f);
data/elph-1.0.1/sources/GString.cpp:200:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(chrs(), buf, length);
data/elph-1.0.1/sources/GString.cpp:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/elph-1.0.1/sources/GString.cpp:207:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",i);
data/elph-1.0.1/sources/GString.cpp:210:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(chrs(), buf, length);
data/elph-1.0.1/sources/GString.cpp:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/elph-1.0.1/sources/GString.cpp:286:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%c",c);
data/elph-1.0.1/sources/GString.cpp:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/elph-1.0.1/sources/GString.cpp:292:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",i);
data/elph-1.0.1/sources/GString.cpp:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/elph-1.0.1/sources/GString.cpp:299:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f",f);
data/elph-1.0.1/sources/GString.cpp:346:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(chrs(), buf, len);
data/elph-1.0.1/sources/GString.cpp:381:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, &chars()[istart], newlen);
data/elph-1.0.1/sources/GString.cpp:400:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, &chars()[istart], newlen);
data/elph-1.0.1/sources/GString.cpp:420:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, chars(), newlen);
data/elph-1.0.1/sources/GString.cpp:437:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, chars(), newlen);
data/elph-1.0.1/sources/GString.cpp:454:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, &chars()[istart], newlen);
data/elph-1.0.1/sources/GString.cpp:472:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, &chars()[istart], newlen);
data/elph-1.0.1/sources/GString.cpp:483:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&data->chars[len-length()], chars(), length());
data/elph-1.0.1/sources/GString.cpp:492:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, chars(), length());
data/elph-1.0.1/sources/GString.cpp:505:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&data->chars[istart], chars(), length());
data/elph-1.0.1/sources/GString.cpp:521:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(newstring.chrs(), s1, s1_length);
data/elph-1.0.1/sources/GString.cpp:522:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&(newstring.chrs())[s1_length], s2.chars(), s2.length());
data/elph-1.0.1/sources/GString.cpp:537:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(newstring.chrs(), chars(), length());
data/elph-1.0.1/sources/GString.cpp:538:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&(newstring.chrs())[length()], s.chars(), s.length());
data/elph-1.0.1/sources/GString.cpp:554:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(newstring.chrs(), chars(), length());
data/elph-1.0.1/sources/GString.cpp:555:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&(newstring.chrs())[length()], s, s_length);
data/elph-1.0.1/sources/GString.cpp:561:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/elph-1.0.1/sources/GString.cpp:562:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/elph-1.0.1/sources/GString.cpp:566:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(newstring.chrs(), chars(), length());
data/elph-1.0.1/sources/GString.cpp:567:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&(newstring.chrs())[length()], buf, s_length);
data/elph-1.0.1/sources/GString.cpp:572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/elph-1.0.1/sources/GString.cpp:573:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%c", c);
data/elph-1.0.1/sources/GString.cpp:577:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(newstring.chrs(), chars(), length());
data/elph-1.0.1/sources/GString.cpp:578:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&(newstring.chrs())[length()], buf, s_length);
data/elph-1.0.1/sources/GString.cpp:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/elph-1.0.1/sources/GString.cpp:584:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%f", f);
data/elph-1.0.1/sources/GString.cpp:588:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(newstring.chrs(), chars(), length());
data/elph-1.0.1/sources/GString.cpp:589:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&(newstring.chrs())[length()], buf, s_length);
data/elph-1.0.1/sources/GString.cpp:624:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(newstring.chrs(), &chars()[index], len);
data/elph-1.0.1/sources/GString.cpp:647:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest,s,p-s);
data/elph-1.0.1/sources/GString.cpp:694:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest,s,p-s);
data/elph-1.0.1/sources/GString.cpp:703:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest,s,p-s); //copy up to the match
data/elph-1.0.1/sources/GString.cpp:705:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest,to,tl); //put the replacement string
data/elph-1.0.1/sources/GString.cpp:718:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,to,l);
data/elph-1.0.1/sources/GString.cpp:747:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, chars(), index);
data/elph-1.0.1/sources/GString.cpp:770:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&chrs()[index], s.chars(), len);
data/elph-1.0.1/sources/GString.cpp:774:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, chars(), index);
data/elph-1.0.1/sources/GString.cpp:776:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&data->chars[index], s.chars(), s.length());
data/elph-1.0.1/sources/GString.cpp:803:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&chrs()[index], s, len);
data/elph-1.0.1/sources/GString.cpp:807:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, chars(), index);
data/elph-1.0.1/sources/GString.cpp:809:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&data->chars[index], s, s_length);
data/elph-1.0.1/sources/GString.cpp:832:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, chars(), index);
data/elph-1.0.1/sources/GString.cpp:833:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&data->chars[index], s.chars(), s.length());
data/elph-1.0.1/sources/GString.cpp:857:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, chars(), index);
data/elph-1.0.1/sources/GString.cpp:858:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&data->chars[index], s, s_length);
data/elph-1.0.1/sources/GString.cpp:874:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(my_data->chars, s, len);
data/elph-1.0.1/sources/GString.cpp:1053:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(token.chrs(), &chars()[fLastTokenStart], tlen);
data/elph-1.0.1/sources/GString.cpp:1088:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(token.chrs(), &chars()[fLastTokenStart], tlen);
data/elph-1.0.1/sources/GString.cpp:1135:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(data->chars, readbuf, numread);
data/elph-1.0.1/sources/GString.cpp:1140:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data->chars[acc_len], readbuf, numread);
data/elph-1.0.1/sources/GString.cpp:1164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/elph-1.0.1/sources/GString.cpp:1188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/elph-1.0.1/sources/GString.h:157:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[1];
data/elph-1.0.1/sources/elph.cc:163:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outf=fopen(outfile, "w");
data/elph-1.0.1/sources/motif.cc:489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char consensus[len+1];
data/elph-1.0.1/sources/motif.cc:896:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
M = fopen(matrixfile,"r");
data/elph-1.0.1/sources/motif.cc:902:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[5000];
data/elph-1.0.1/sources/motif.cc:932:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tok=atoi(myargv[j]);
data/elph-1.0.1/sources/motif.cc:1071:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char consensus[len+1];
data/elph-1.0.1/sources/motif.cc:1272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char consensus[len+1];
data/elph-1.0.1/sources/motif.cc:1771:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char align[len+14];
data/elph-1.0.1/sources/motif.cc:1772:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char motif[len+1];
data/elph-1.0.1/sources/GArgs.cpp:31:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fmtlen=strlen(format);
data/elph-1.0.1/sources/GArgs.cpp:62:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fmt[fmtcount].opt, fstr, l);
data/elph-1.0.1/sources/GArgs.cpp:103:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GMALLOC(args[count].value, strlen(argv[p])+1);
data/elph-1.0.1/sources/GArgs.cpp:112:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GMALLOC(args[count].value, strlen(argv[p])-2);
data/elph-1.0.1/sources/GArgs.cpp:135:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(part, argv[p], e-argv[p]);
data/elph-1.0.1/sources/GArgs.cpp:140:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[p])-strlen(part)>0) {
data/elph-1.0.1/sources/GArgs.cpp:140:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[p])-strlen(part)>0) {
data/elph-1.0.1/sources/GArgs.cpp:141:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GMALLOC(args[count].value, strlen(argv[p])-strlen(part));
data/elph-1.0.1/sources/GArgs.cpp:141:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GMALLOC(args[count].value, strlen(argv[p])-strlen(part));
data/elph-1.0.1/sources/GBase.cpp:86:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GMALLOC(copy, strlen(str)+1);
data/elph-1.0.1/sources/GBase.cpp:93:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=strlen(str);
data/elph-1.0.1/sources/GBase.cpp:125:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p=str+strlen(str)-1;
data/elph-1.0.1/sources/GBase.cpp:139:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c=getc(stream);
data/elph-1.0.1/sources/GBase.cpp:143:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c=getc(stream))!='\n')
data/elph-1.0.1/sources/GBase.cpp:170:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int l=strlen(s);
data/elph-1.0.1/sources/GBase.cpp:181:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* p=str+strlen(str)-strlen(substr);
data/elph-1.0.1/sources/GBase.cpp:181:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* p=str+strlen(str)-strlen(substr);
data/elph-1.0.1/sources/GBase.cpp:183:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(substr);
data/elph-1.0.1/sources/GBase.cpp:198:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(substr);
data/elph-1.0.1/sources/GFastaFile.h:157:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fh); read_pos++;
data/elph-1.0.1/sources/GFastaFile.h:170:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fh)) != EOF && c != '\n') read_pos++; /* skip defline */
data/elph-1.0.1/sources/GFastaFile.h:175:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fh)) != EOF && c != '>') {
data/elph-1.0.1/sources/GFastaFile.h:184:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fh)) != EOF && c != '\n') {
data/elph-1.0.1/sources/GFastaFile.h:212:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fh)) != EOF && c != '>') {
data/elph-1.0.1/sources/GFastaFile.h:231:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fh)) != EOF && c != '>') {
data/elph-1.0.1/sources/GFastaFile.h:273:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(s, 1, strlen(s), fh);
data/elph-1.0.1/sources/GFastaFile.h:274:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i=(descr==NULL)? 0 : strlen(descr);
data/elph-1.0.1/sources/GFastaFile.h:281:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=strlen(seq);
data/elph-1.0.1/sources/GString.cpp:33:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length=strlen(str);
data/elph-1.0.1/sources/GString.cpp:132:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:143:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:189:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int length = ::strlen(s); replace_data(length);
data/elph-1.0.1/sources/GString.cpp:198:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:208:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:338:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GMALLOC(buf, strlen(fmt)+1024);
data/elph-1.0.1/sources/GString.cpp:355:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GMALLOC(buf, strlen(fmt)+1024);
data/elph-1.0.1/sources/GString.cpp:514:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int s1_length = ::strlen(s1);
data/elph-1.0.1/sources/GString.cpp:547:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int s_length = ::strlen(s);
data/elph-1.0.1/sources/GString.cpp:563:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int s_length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:574:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int s_length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:585:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int s_length = ::strlen(buf);
data/elph-1.0.1/sources/GString.cpp:633:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (length() == 0 || from==NULL || strlen(from)==0)
data/elph-1.0.1/sources/GString.cpp:635:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int l=strlen(from);
data/elph-1.0.1/sources/GString.cpp:636:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (to!=NULL && strlen(to)!=l)
data/elph-1.0.1/sources/GString.cpp:653:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dest+=strlen(s);
data/elph-1.0.1/sources/GString.cpp:665:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data->length=strlen(data->chars);
data/elph-1.0.1/sources/GString.cpp:674:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (length() == 0 || from==NULL || strlen(from)==0)
data/elph-1.0.1/sources/GString.cpp:676:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int l=strlen(from);
data/elph-1.0.1/sources/GString.cpp:677:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int tl= (to==NULL)?0:strlen(to);
data/elph-1.0.1/sources/GString.cpp:800:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int s_length = ::strlen(s);
data/elph-1.0.1/sources/GString.cpp:852:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int s_length = ::strlen(s);
data/elph-1.0.1/sources/GString.cpp:869:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=::strlen(s);
data/elph-1.0.1/sources/GString.cpp:913:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>(size_t)length()) return -1;
data/elph-1.0.1/sources/GString.cpp:974:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result=substr(i+strlen(delim));
data/elph-1.0.1/sources/GString.cpp:1002:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result=substr(i+strlen(delim));
data/elph-1.0.1/sources/GString.cpp:1023:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GMALLOC(fTokenDelimiter,strlen(delimiter)+1);
data/elph-1.0.1/sources/GString.cpp:1038:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dlen=strlen(fTokenDelimiter);
data/elph-1.0.1/sources/GString.cpp:1095:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t GString::read(FILE* stream, char* delimiter, size_t bufsize) {
data/elph-1.0.1/sources/GString.cpp:1114:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int seplen=strlen(delimiter);
data/elph-1.0.1/sources/GString.cpp:1179:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, &my_data->chars[i-j], j);
data/elph-1.0.1/sources/GString.cpp:1203:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, &my_data->chars[i+1], j);
data/elph-1.0.1/sources/GString.h:136:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read(FILE* stream, char* delimiter="\n", size_t bufsize=4096);
data/elph-1.0.1/sources/motif.cc:499:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MatchSeqPatt(fkseq[i],consensus,i,strlen(fkseq[i]));
data/elph-1.0.1/sources/motif.cc:889:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
motiflen=strlen(pattern);
data/elph-1.0.1/sources/motif.cc:892:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!len && strlen(matrixfile)) {
data/elph-1.0.1/sources/motif.cc:1085:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!MatchSeqPattExact(fkseq[i],consensus,i,strlen(fkseq[i]),1)) {
data/elph-1.0.1/sources/motif.cc:1091:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else MatchSeqPatt(fkseq[i],consensus,i,strlen(fkseq[i]));
data/elph-1.0.1/sources/motif.cc:1131:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(pattern);
data/elph-1.0.1/sources/motif.cc:1333:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MatchSeqPatt(fkseq[i],pattern,i,strlen(fkseq[i]));
data/elph-1.0.1/sources/motif.cc:1782:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(spaces," ");
data/elph-1.0.1/sources/motif.cc:1790:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(motif,fseq.seq+Align[i],len);
data/elph-1.0.1/sources/motif.cc:1802:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(align," ");
data/elph-1.0.1/sources/motif.cc:1804:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(align," ");
data/elph-1.0.1/sources/motif.cc:1827:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(motif,fseq.seq+motifprob[i].pos,len);
data/elph-1.0.1/sources/motif.cc:1839:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(align," ");
data/elph-1.0.1/sources/motif.cc:1841:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(align," ");
data/elph-1.0.1/sources/motif.cc:1872:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(motif,fseq.seq+pos,len);
data/elph-1.0.1/sources/motif.cc:1884:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(align," ");
data/elph-1.0.1/sources/motif.cc:1886:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(align," ");
data/elph-1.0.1/sources/motif.cc:2457:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fkseqlen=strlen(fkseq[i]);
data/elph-1.0.1/sources/motif.cc:2519:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int motiffreqlen=strlen(fkseq[i]);
data/elph-1.0.1/sources/motif.cc:2593:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fkseqlen=strlen(fkseq[i]);
data/elph-1.0.1/sources/motif.cc:2808:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((t=(char *)calloc(strlen(snew)+1,sizeof(char)))==NULL)
ANALYSIS SUMMARY:
Hits = 204
Lines analyzed = 5814 in approximately 0.94 seconds (6196 lines/second)
Physical Source Lines of Code (SLOC) = 4105
Hits@level = [0] 90 [1] 83 [2] 86 [3] 1 [4] 34 [5] 0
Hits@level+ = [0+] 294 [1+] 204 [2+] 121 [3+] 35 [4+] 34 [5+] 0
Hits/KSLOC@level+ = [0+] 71.62 [1+] 49.6955 [2+] 29.4762 [3+] 8.52619 [4+] 8.28258 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.