Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/falcon-1.8.8/DAZZ_DB/quiva2DB.c
Examining data/falcon-1.8.8/DAZZ_DB/DB2quiva.c
Examining data/falcon-1.8.8/DAZZ_DB/DBupgrade.Dec.31.2014.c
Examining data/falcon-1.8.8/DAZZ_DB/DB2fasta.c
Examining data/falcon-1.8.8/DAZZ_DB/DBshow.c
Examining data/falcon-1.8.8/DAZZ_DB/Catrack.c
Examining data/falcon-1.8.8/DAZZ_DB/DAM2fasta.c
Examining data/falcon-1.8.8/DAZZ_DB/simulator.c
Examining data/falcon-1.8.8/DAZZ_DB/DBsplit.c
Examining data/falcon-1.8.8/DAZZ_DB/DUSTupgrade.Jan.1.2015.c
Examining data/falcon-1.8.8/DAZZ_DB/QV.c
Examining data/falcon-1.8.8/DAZZ_DB/QV.h
Examining data/falcon-1.8.8/DAZZ_DB/DBdump.c
Examining data/falcon-1.8.8/DAZZ_DB/rangen.c
Examining data/falcon-1.8.8/DAZZ_DB/DB.c
Examining data/falcon-1.8.8/DAZZ_DB/DBupgrade.Sep.25.2014.c
Examining data/falcon-1.8.8/DAZZ_DB/DBrm.c
Examining data/falcon-1.8.8/DAZZ_DB/DB.h
Examining data/falcon-1.8.8/DAZZ_DB/DBdust.c
Examining data/falcon-1.8.8/DAZZ_DB/fasta2DB.c
Examining data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c
Examining data/falcon-1.8.8/DAZZ_DB/DBstats.c
Examining data/falcon-1.8.8/DALIGNER/LAshow.c
Examining data/falcon-1.8.8/DALIGNER/filter_p.c
Examining data/falcon-1.8.8/DALIGNER/LAsplit.c
Examining data/falcon-1.8.8/DALIGNER/LAcat.c
Examining data/falcon-1.8.8/DALIGNER/LAindex.c
Examining data/falcon-1.8.8/DALIGNER/filter.h
Examining data/falcon-1.8.8/DALIGNER/LA4Falcon.c
Examining data/falcon-1.8.8/DALIGNER/LAmerge.c
Examining data/falcon-1.8.8/DALIGNER/HPC.daligner.c
Examining data/falcon-1.8.8/DALIGNER/DBX.h
Examining data/falcon-1.8.8/DALIGNER/filter.c
Examining data/falcon-1.8.8/DALIGNER/align.h
Examining data/falcon-1.8.8/DALIGNER/daligner_p.c
Examining data/falcon-1.8.8/DALIGNER/DBX.c
Examining data/falcon-1.8.8/DALIGNER/LA4Ice.c
Examining data/falcon-1.8.8/DALIGNER/LAsort.c
Examining data/falcon-1.8.8/DALIGNER/DB2Falcon.c
Examining data/falcon-1.8.8/DALIGNER/LAdump.c
Examining data/falcon-1.8.8/DALIGNER/daligner.c
Examining data/falcon-1.8.8/DALIGNER/align.c
Examining data/falcon-1.8.8/DALIGNER/LAcheck.c
Examining data/falcon-1.8.8/FALCON/src/c/falcon.c
Examining data/falcon-1.8.8/FALCON/src/c/ext_falcon.c
Examining data/falcon-1.8.8/FALCON/src/c/DW_banded.c
Examining data/falcon-1.8.8/FALCON/src/c/kmer_lookup.c
Examining data/falcon-1.8.8/FALCON/src/c/common.h
Examining data/falcon-1.8.8/DEXTRACTOR/dexta.c
Examining data/falcon-1.8.8/DEXTRACTOR/dextract.c
Examining data/falcon-1.8.8/DEXTRACTOR/QV.c
Examining data/falcon-1.8.8/DEXTRACTOR/undexqv.c
Examining data/falcon-1.8.8/DEXTRACTOR/QV.h
Examining data/falcon-1.8.8/DEXTRACTOR/undexta.c
Examining data/falcon-1.8.8/DEXTRACTOR/dexqv.c
Examining data/falcon-1.8.8/DEXTRACTOR/DB.c
Examining data/falcon-1.8.8/DEXTRACTOR/DB.h
Examining data/falcon-1.8.8/DAMASKER/REPmask.c
Examining data/falcon-1.8.8/DAMASKER/tandem.h
Examining data/falcon-1.8.8/DAMASKER/HPC.TANmask.c
Examining data/falcon-1.8.8/DAMASKER/HPC.REPmask.c
Examining data/falcon-1.8.8/DAMASKER/QV.c
Examining data/falcon-1.8.8/DAMASKER/QV.h
Examining data/falcon-1.8.8/DAMASKER/TANmask.c
Examining data/falcon-1.8.8/DAMASKER/align.h
Examining data/falcon-1.8.8/DAMASKER/datander.c
Examining data/falcon-1.8.8/DAMASKER/tandem.c
Examining data/falcon-1.8.8/DAMASKER/DB.c
Examining data/falcon-1.8.8/DAMASKER/DB.h
Examining data/falcon-1.8.8/DAMASKER/align.c
FINAL RESULTS:
data/falcon-1.8.8/DALIGNER/DB2Falcon.c:82:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
fscanf(dbfile,DB_NFILE,&nfiles);
data/falcon-1.8.8/DALIGNER/DB2Falcon.c:102:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
fscanf(dbfile,DB_FDATA,&last,fname,prolog);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:177:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.00.MKDIR",ONAME);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:189:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.01.OVL",ONAME);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:211:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_ALIGN,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:298:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.02.SORT",ONAME);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:311:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_SORT,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:387:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.03.CHECK.OPT",ONAME);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:404:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_CHECK,0,0,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:449:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.04.RM",ONAME);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:513:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.%02d.MERGE",ONAME,stage++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:534:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_MERGE,i,i,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:557:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(out,LSF_MERGE,i,i,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:605:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_MERGE,i,i,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:640:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.%02d.CHECK.OPT",ONAME,stage++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:661:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_CHECK,i,i,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:695:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_CHECK,i,i,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:727:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.%02d.RM.OPT",ONAME,stage++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:729:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.%02d.RM",ONAME,stage++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:985:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.00.MKDIR",ONAME);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:997:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.01.CMP",ONAME);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1017:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_MALIGN,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1084:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.02.SORT",ONAME);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1097:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_MSORT,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1160:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.03.CHECK.OPT",ONAME);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1178:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_CHECK,0,0,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1217:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.04.RM",ONAME);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1273:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.%02d.MERGE",ONAME,stage++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1290:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_MMERGE,i,i,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1329:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.%02d.CHECK.OPT",ONAME,stage++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1345:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_CHECK,0,0,jobid++);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1384:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.%02d.RM",ONAME,stage++);
data/falcon-1.8.8/DALIGNER/LAsplit.c:83:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DALIGNER/LAsplit.c:89:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NBLOCK,&parts) != 1)
data/falcon-1.8.8/DALIGNER/LAsplit.c:93:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_PARAMS,&size,&cutoff,&all) != 3)
data/falcon-1.8.8/DALIGNER/LAsplit.c:95:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&olast,&blast) != 2)
data/falcon-1.8.8/DALIGNER/LAsplit.c:160:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(dbvis,DB_BDATA,&olast,&blast) != 2)
data/falcon-1.8.8/DAMASKER/DB.c:158:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cat,"%s%s%s%s",path,sep,root,suffix);
data/falcon-1.8.8/DAMASKER/DB.c:178:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suffix,"%s%d%s",left,num,right);
data/falcon-1.8.8/DAMASKER/DB.c:417:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAMASKER/DB.c:422:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_FDATA,&tlast,fname,prolog) != 3)
data/falcon-1.8.8/DAMASKER/DB.c:426:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NBLOCK,&nblocks) != 1)
data/falcon-1.8.8/DAMASKER/DB.c:437:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(dbvis,DB_PARAMS,&size,&cutoff,&all) != 3)
data/falcon-1.8.8/DAMASKER/DB.c:449:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ufirst,&tfirst) != 2)
data/falcon-1.8.8/DAMASKER/DB.c:453:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ulast,&tlast) != 2)
data/falcon-1.8.8/DAMASKER/DB.c:881:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAMASKER/DB.c:899:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAMASKER/DB.c:910:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAMASKER/DB.c:931:16: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
(void) fscanf(istub,DB_NFILE,&nfiles);
data/falcon-1.8.8/DAMASKER/DB.c:935:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/falcon-1.8.8/DAMASKER/DB.c:940:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/falcon-1.8.8/DAMASKER/DB.c:999:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAMASKER/DB.h:39:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define EPRINTF sprintf
data/falcon-1.8.8/DAMASKER/DB.h:45:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define EPRINTF fprintf
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:316:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.00.MKDIR",ONAME);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:328:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.01.OVL",ONAME);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:359:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_ALIGN,SPAN,SPAN,jobid++);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:440:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.02.SORT",ONAME);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:458:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_SORT,SPAN,SPAN,jobid++);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:519:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.03.CHECK.OPT",ONAME);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:541:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_CHECK,0,0,jobid++);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:576:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.04.RM",ONAME);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:648:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.%02d.MERGE",ONAME,stage++);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:670:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_MERGE,i,SPAN,i,SPAN,jobid++);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:703:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.%02d.CHECK.OPT",ONAME,stage++);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:719:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_CHECK,i,i,jobid++);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:750:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.%02d.RM",ONAME,stage++);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:784:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.%02d.MASK",ONAME,stage++);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:802:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_MASK,SPAN,SPAN,jobid++);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:835:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.%02d.RM",ONAME,stage++);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:247:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.00.MKDIR",ONAME);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:259:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(name,"%s.01.OVL",ONAME);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:273:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_TAND,jobid++);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:326:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.02.SORT",ONAME);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:338:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_SORT,jobid++);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:380:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.03.CHECK.OPT",ONAME);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:395:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_CHECK,0,0,jobid++);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:423:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.04.RM",ONAME);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:447:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.05.MASK",ONAME);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:459:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,LSF_MASK,jobid++);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:492:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%s.06.RM",ONAME);
data/falcon-1.8.8/DAMASKER/REPmask.c:539:21: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAMASKER/REPmask.c:544:21: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1)
data/falcon-1.8.8/DAMASKER/REPmask.c:546:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_PARAMS,&size,&cutoff,&all) != 3)
data/falcon-1.8.8/DAMASKER/REPmask.c:549:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,&oindx,&DB_FIRST) != 2)
data/falcon-1.8.8/DAMASKER/REPmask.c:551:21: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,&oindx,&DB_LAST) != 2)
data/falcon-1.8.8/DAMASKER/REPmask.c:566:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ans,Catenate(".",MASK_NAME,".","anno"));
data/falcon-1.8.8/DAMASKER/REPmask.c:567:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dts,Catenate(".",MASK_NAME,".","data"));
data/falcon-1.8.8/DAMASKER/TANmask.c:370:21: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAMASKER/TANmask.c:375:21: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NBLOCK,&nblocks) != 1)
data/falcon-1.8.8/DAMASKER/TANmask.c:377:21: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_PARAMS,&size,&cutoff,&all) != 3)
data/falcon-1.8.8/DAMASKER/TANmask.c:380:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,&oindx,&DB_FIRST) != 2)
data/falcon-1.8.8/DAMASKER/TANmask.c:382:21: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_BDATA,&oindx,&DB_LAST) != 2)
data/falcon-1.8.8/DAMASKER/TANmask.c:397:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ans,Catenate(".",MASK_NAME,".","anno"));
data/falcon-1.8.8/DAMASKER/TANmask.c:398:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dts,Catenate(".",MASK_NAME,".","data"));
data/falcon-1.8.8/DAZZ_DB/DAM2fasta.c:95:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAZZ_DB/DAM2fasta.c:123:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/DB.c:91:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newmode,mode);
data/falcon-1.8.8/DAZZ_DB/DB.c:164:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cat,"%s%s%s%s",path,sep,root,suffix);
data/falcon-1.8.8/DAZZ_DB/DB.c:184:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suffix,"%s%d%s",left,num,right);
data/falcon-1.8.8/DAZZ_DB/DB.c:423:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAZZ_DB/DB.c:428:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_FDATA,&tlast,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/DB.c:432:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NBLOCK,&nblocks) != 1)
data/falcon-1.8.8/DAZZ_DB/DB.c:443:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(dbvis,DB_PARAMS,&size,&cutoff,&all) != 3)
data/falcon-1.8.8/DAZZ_DB/DB.c:455:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ufirst,&tfirst) != 2)
data/falcon-1.8.8/DAZZ_DB/DB.c:459:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ulast,&tlast) != 2)
data/falcon-1.8.8/DAZZ_DB/DB.c:887:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAZZ_DB/DB.c:905:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/DB.c:916:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/DB.c:937:16: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
(void) fscanf(istub,DB_NFILE,&nfiles);
data/falcon-1.8.8/DAZZ_DB/DB.c:941:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/falcon-1.8.8/DAZZ_DB/DB.c:946:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/falcon-1.8.8/DAZZ_DB/DB.c:1005:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/DB.h:39:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define EPRINTF sprintf
data/falcon-1.8.8/DAZZ_DB/DB.h:45:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define EPRINTF fprintf
data/falcon-1.8.8/DAZZ_DB/DB2fasta.c:91:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAZZ_DB/DB2fasta.c:103:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/DB2fasta.c:135:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lname,fname);
data/falcon-1.8.8/DAZZ_DB/DB2quiva.c:90:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAZZ_DB/DB2quiva.c:104:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/DB2quiva.c:136:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lname,fname);
data/falcon-1.8.8/DAZZ_DB/DBdump.c:266:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dstub,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAZZ_DB/DBdump.c:280:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dstub,DB_FDATA,findx+i,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/DBshow.c:235:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dstub,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAZZ_DB/DBshow.c:249:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dstub,DB_FDATA,findx+i,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/DBsplit.c:120:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbfile,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAZZ_DB/DBsplit.c:146:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(dbfile,DB_NBLOCK,0);
data/falcon-1.8.8/DAZZ_DB/DBsplit.c:147:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(dbfile,DB_PARAMS,SIZE,CUTOFF,ALL);
data/falcon-1.8.8/DAZZ_DB/DBsplit.c:161:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(dbfile,DB_BDATA,0,0);
data/falcon-1.8.8/DAZZ_DB/DBsplit.c:170:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(dbfile,DB_BDATA,i+1,treads);
data/falcon-1.8.8/DAZZ_DB/DBsplit.c:185:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(dbfile,DB_BDATA,i+1,treads);
data/falcon-1.8.8/DAZZ_DB/DBsplit.c:194:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(dbfile,DB_BDATA,nreads,treads);
data/falcon-1.8.8/DAZZ_DB/DBsplit.c:202:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(dbfile,DB_NBLOCK,nblock);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:266:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_NFILE,&ofiles) != 1)
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:298:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NFILE,ofiles+ifiles);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:304:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:311:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_FDATA,last,fname,prolog);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:513:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_FDATA,ureads,core,core);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:560:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NBLOCK,&nblock) != 1)
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:565:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NBLOCK,0);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:566:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_PARAMS,&size,&cutoff,&allflag) != 3)
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:570:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_PARAMS,size,cutoff,allflag);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:578:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_BDATA,&ufirst,&tfirst) != 2)
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:582:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_BDATA,ufirst,tfirst);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:612:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(ostub,DB_BDATA,ureads,tfirst);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:620:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NBLOCK,nblock); // Rewind and record the new number of blocks
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:626:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NFILE,ofiles);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:259:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_NFILE,&ocells) != 1)
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:287:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NFILE,ocells+ifiles); // Will write again with correct value at end
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:293:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:300:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_FDATA,last,fname,prolog);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:435:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prolog,read+1);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:463:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(ostub,DB_FDATA,ureads,core,prolog);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:465:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prolog,read+(rlen+1));
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:568:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_FDATA,ureads,core,prolog);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:616:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NBLOCK,&nblock) != 1)
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:621:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NBLOCK,0);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:622:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_PARAMS,&size,&cutoff,&allflag) != 3)
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:626:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_PARAMS,size,cutoff,allflag);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:634:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_BDATA,&ufirst,&tfirst) != 2)
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:638:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_BDATA,ufirst,tfirst);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:668:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(ostub,DB_BDATA,ureads,tfirst);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:675:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NBLOCK,nblock); // Rewind and record the new number of blocks
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:684:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostub,DB_NFILE,ocells);
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:167:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:242:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:289:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:326:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lname,fname);
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:327:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DEXTRACTOR/DB.c:158:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cat,"%s%s%s%s",path,sep,root,suffix);
data/falcon-1.8.8/DEXTRACTOR/DB.c:178:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suffix,"%s%d%s",left,num,right);
data/falcon-1.8.8/DEXTRACTOR/DB.c:417:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DEXTRACTOR/DB.c:422:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_FDATA,&tlast,fname,prolog) != 3)
data/falcon-1.8.8/DEXTRACTOR/DB.c:426:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_NBLOCK,&nblocks) != 1)
data/falcon-1.8.8/DEXTRACTOR/DB.c:437:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(dbvis,DB_PARAMS,&size,&cutoff,&all) != 3)
data/falcon-1.8.8/DEXTRACTOR/DB.c:449:15: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ufirst,&tfirst) != 2)
data/falcon-1.8.8/DEXTRACTOR/DB.c:453:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(dbvis,DB_BDATA,&ulast,&tlast) != 2)
data/falcon-1.8.8/DEXTRACTOR/DB.c:881:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_NFILE,&nfiles) != 1)
data/falcon-1.8.8/DEXTRACTOR/DB.c:899:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DEXTRACTOR/DB.c:910:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DEXTRACTOR/DB.c:931:16: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
(void) fscanf(istub,DB_NFILE,&nfiles);
data/falcon-1.8.8/DEXTRACTOR/DB.c:935:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/falcon-1.8.8/DEXTRACTOR/DB.c:940:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ (void) fscanf(istub,DB_FDATA,&last,fname,prolog);
data/falcon-1.8.8/DEXTRACTOR/DB.c:999:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
{ if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3)
data/falcon-1.8.8/DEXTRACTOR/DB.h:39:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define EPRINTF sprintf
data/falcon-1.8.8/DEXTRACTOR/DB.h:45:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define EPRINTF fprintf
data/falcon-1.8.8/DEXTRACTOR/dexqv.c:98:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(coding->prefix,read);
data/falcon-1.8.8/DEXTRACTOR/dextract.c:321:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(output,header,b->shortName,h,ibeg,iend,qv);
data/falcon-1.8.8/DAZZ_DB/rangen.c:52:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ x = drand48();
data/falcon-1.8.8/DAZZ_DB/rangen.c:66:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ x = drand48();
data/falcon-1.8.8/DAZZ_DB/simulator.c:245:19: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ x = drand48();
data/falcon-1.8.8/DAZZ_DB/simulator.c:350:40: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
scf = bin_search(nscaffs,weights,drand48()) - 1; // Pick a scaffold with probabilitye
data/falcon-1.8.8/DAZZ_DB/simulator.c:353:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uni = drand48();
data/falcon-1.8.8/DAZZ_DB/simulator.c:361:21: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rbeg = (int) (drand48()*slen); // Pick a spot for read start
data/falcon-1.8.8/DAZZ_DB/simulator.c:365:15: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ if (drand48() < .5) // Pick direction and trim if necessary
data/falcon-1.8.8/DAZZ_DB/simulator.c:392:22: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ double x = drand48();
data/falcon-1.8.8/DAZZ_DB/simulator.c:414:24: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
while ((len+1) * drand48() < ins)
data/falcon-1.8.8/DAZZ_DB/simulator.c:415:29: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ *t++ = (char) (4.*drand48());
data/falcon-1.8.8/DAZZ_DB/simulator.c:419:21: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ if (len * drand48() >= sdl)
data/falcon-1.8.8/DAZZ_DB/simulator.c:421:26: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else if (sdl * drand48() >= del)
data/falcon-1.8.8/DAZZ_DB/simulator.c:422:29: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ double x = 3.*drand48();
data/falcon-1.8.8/DAZZ_DB/simulator.c:435:24: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
while (len * drand48() < ins)
data/falcon-1.8.8/DAZZ_DB/simulator.c:436:33: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{ *t++ = (char) (4.*drand48());
data/falcon-1.8.8/DAZZ_DB/simulator.c:442:11: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (drand48() >= FLIP_RATE) // Complement the string with probability FLIP_RATE.
data/falcon-1.8.8/DALIGNER/DB2Falcon.c:98:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/falcon-1.8.8/DALIGNER/DBX.c:14:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bases = fopen(Catenate(db->path,"","",".bps"),"r");
data/falcon-1.8.8/DALIGNER/DBX.c:57:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (clen > 0) { memcpy(read, data + off, clen); } //fread(read,clen,1,bases)
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:75:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbvis = fopen(Catenate(pwd,"/",root,".dam"),"r");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:85:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[30001];
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:134:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(pwd,"/",root,Numbered_Suffix(".",fblock-1,".las")),"r");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:148:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(Catenate(pwd,"/",root,Numbered_Suffix(".",fblock,".las")),"r");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:150:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(Catenate(pwd,"/",root,".las"),"r");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:178:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:190:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:299:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:388:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:450:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:514:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:641:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:730:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:820:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:835:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbvis = fopen(Catenate(pwd1,"/",root1,".dam"),"r");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:845:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[30001];
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:877:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbvis = fopen(Catenate(pwd2,"/",root2,".dam"),"r");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:887:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[30001];
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:945:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(src2,".",root1,Numbered_Suffix(".",fblock-1,".las")),"r");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:955:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(src2,".",root1,Numbered_Suffix(".",fblock,".las")),"r");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:963:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(src2,".",root1,".las"),"r");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:979:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orient[2] = { 'C', 'N' };
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:986:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:998:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1085:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1161:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1218:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1274:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1330:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1385:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DALIGNER/LA4Falcon.c:289:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(Catenate(pwd,"/",root,".las"),"r")) != NULL)
data/falcon-1.8.8/DALIGNER/LA4Falcon.c:490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[131072];
data/falcon-1.8.8/DALIGNER/LA4Ice.c:159:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(Catenate(pwd,"/",root,".las"),"r")) != NULL)
data/falcon-1.8.8/DALIGNER/LAcat.c:90:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(name,"r")) == NULL) break;
data/falcon-1.8.8/DALIGNER/LAcat.c:127:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(name,"r")) == NULL) break;
data/falcon-1.8.8/DALIGNER/LAcat.c:144:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iblock,iptr,remains);
data/falcon-1.8.8/DALIGNER/LAcat.c:158:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optr,iptr,ovlsize);
data/falcon-1.8.8/DALIGNER/LAcat.c:165:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iblock,iptr,remains);
data/falcon-1.8.8/DALIGNER/LAcat.c:171:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optr,iptr,tsize);
data/falcon-1.8.8/DALIGNER/LAcheck.c:78:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(Catenate(pwd,"/",root,".las"),"r")) == NULL)
data/falcon-1.8.8/DALIGNER/LAcheck.c:182:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iblock,iptr,remains);
data/falcon-1.8.8/DALIGNER/LAcheck.c:200:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iblock,iptr,remains);
data/falcon-1.8.8/DALIGNER/LAdump.c:101:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(Catenate(pwd,"/",root,".las"),"r")) != NULL)
data/falcon-1.8.8/DALIGNER/LAindex.c:129:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iblock,iptr,remains);
data/falcon-1.8.8/DALIGNER/LAindex.c:164:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iblock,iptr,remains);
data/falcon-1.8.8/DALIGNER/LAmerge.c:358:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optr,((char *) ov) + psize,osize);
data/falcon-1.8.8/DALIGNER/LAmerge.c:360:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optr,src->ptr,tsize);
data/falcon-1.8.8/DALIGNER/LAshow.c:123:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen(Catenate(pwd,"/",root,".las"),"r")) != NULL)
data/falcon-1.8.8/DALIGNER/LAsort.c:264:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fptr,((char *) w)+ptrsize,ovlsize);
data/falcon-1.8.8/DALIGNER/LAsort.c:266:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fptr,(char *) (w+1),tsize);
data/falcon-1.8.8/DALIGNER/LAsplit.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2*MAX_NAME+100];
data/falcon-1.8.8/DALIGNER/LAsplit.c:71:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbvis = fopen(Catenate(pwd,"/",root,".dam"),"r");
data/falcon-1.8.8/DALIGNER/LAsplit.c:73:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ dbvis = fopen(Catenate(pwd,"/",root,".db"),"r");
data/falcon-1.8.8/DALIGNER/LAsplit.c:181:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iblock,iptr,remains);
data/falcon-1.8.8/DALIGNER/LAsplit.c:204:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optr,iptr,ovlsize);
data/falcon-1.8.8/DALIGNER/LAsplit.c:211:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iblock,iptr,remains);
data/falcon-1.8.8/DALIGNER/LAsplit.c:216:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optr,iptr,tsize);
data/falcon-1.8.8/DALIGNER/align.c:3234:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToL[8] = { 'a', 'c', 'g', 't', '.', '[', ']', '-' };
data/falcon-1.8.8/DALIGNER/align.c:3235:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToU[8] = { 'A', 'C', 'G', 'T', '.', '[', ']', '-' };
data/falcon-1.8.8/DALIGNER/daligner.c:443:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq,block->bases,block->reads[nreads].boff);
data/falcon-1.8.8/DALIGNER/filter.c:1790:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tbuf->trace+tbuf->top,apath->trace,sizeof(short)*apath->tlen);
data/falcon-1.8.8/DALIGNER/filter.c:1811:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tbuf->trace+tbuf->top,bpath->trace,sizeof(short)*bpath->tlen);
data/falcon-1.8.8/DAMASKER/DB.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ebuffer[1000];
data/falcon-1.8.8/DAMASKER/DB.c:87:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(name,mode)) == NULL)
data/falcon-1.8.8/DAMASKER/DB.c:268:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*s++ = (char ) ((s0[i] << 6) | (s1[i] << 4) | (s2[i] << 2) | s3[i]);
data/falcon-1.8.8/DAMASKER/DB.c:302:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'a', 'c', 'g', 't' };
data/falcon-1.8.8/DAMASKER/DB.c:310:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'A', 'C', 'G', 'T' };
data/falcon-1.8.8/DAMASKER/DB.c:320:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char number[128] =
data/falcon-1.8.8/DAMASKER/DB.c:394:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/falcon-1.8.8/DAMASKER/DB.c:398:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/falcon-1.8.8/DAMASKER/DB.c:414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_NAME], prolog[MAX_NAME];
data/falcon-1.8.8/DAMASKER/DB.c:878:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/falcon-1.8.8/DAMASKER/DB.c:1102:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,Numbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/falcon-1.8.8/DAMASKER/DB.c:1106:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,".",track,".anno"),"r");
data/falcon-1.8.8/DAMASKER/DB.c:1175:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,Numbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/falcon-1.8.8/DAMASKER/DB.c:1179:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,".",track,".anno"),"r");
data/falcon-1.8.8/DAMASKER/DB.c:1198:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfile = fopen(name,"r");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:203:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbvis = fopen(Catenate(pwd,"/",root,".dam"),"r");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:213:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[30001];
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:276:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(pwd,"/.",root,Numbered_Suffix(".",fblock-1,sfx)),"r");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:290:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(Catenate(pwd,"/.",root,Numbered_Suffix(".",fblock,sfx)),"r");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:292:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(Catenate(pwd,"/.",root,sfx),"r");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:317:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:329:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:441:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:520:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:577:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:649:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:704:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:751:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:785:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:836:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:142:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbvis = fopen(Catenate(pwd,"/",root,".dam"),"r");
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:152:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buffer[30001];
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:201:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ file = fopen(Catenate(pwd,"/.",root,Numbered_Suffix(".",fblock-1,".tan.anno")),"r");
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:215:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(Catenate(pwd,"/.",root,Numbered_Suffix(".",fblock,".tan.anno")),"r");
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:217:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(Catenate(pwd,"/.",root,".tan.anno"),"r");
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:248:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:260:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:327:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:381:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:424:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:448:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:493:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name,"w");
data/falcon-1.8.8/DAMASKER/REPmask.c:382:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(paths,paths+pcur,sizeof(uint16)*ovls[0].path.tlen);
data/falcon-1.8.8/DAMASKER/REPmask.c:527:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2*MAX_NAME+100];
data/falcon-1.8.8/DAMASKER/REPmask.c:563:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ans[strlen(MASK_NAME)+7];
data/falcon-1.8.8/DAMASKER/REPmask.c:564:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dts[strlen(MASK_NAME)+7];
data/falcon-1.8.8/DAMASKER/TANmask.c:222:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(paths,paths+pcur,sizeof(uint16)*ovls[0].path.tlen);
data/falcon-1.8.8/DAMASKER/TANmask.c:358:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2*MAX_NAME+100];
data/falcon-1.8.8/DAMASKER/TANmask.c:394:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ans[strlen(MASK_NAME)+7];
data/falcon-1.8.8/DAMASKER/TANmask.c:395:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dts[strlen(MASK_NAME)+7];
data/falcon-1.8.8/DAMASKER/align.c:3234:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToL[8] = { 'a', 'c', 'g', 't', '.', '[', ']', '-' };
data/falcon-1.8.8/DAMASKER/align.c:3235:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ToU[8] = { 'A', 'C', 'G', 'T', '.', '[', ']', '-' };
data/falcon-1.8.8/DAMASKER/tandem.c:1021:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tbuf->trace+tbuf->top,apath->trace,sizeof(short)*apath->tlen);
data/falcon-1.8.8/DAZZ_DB/Catrack.c:67:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aout = fopen(Catenate(prefix,argv[2],".","anno"),"r");
data/falcon-1.8.8/DAZZ_DB/Catrack.c:74:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dout = fopen(Catenate(prefix,argv[2],".","data"),"r");
data/falcon-1.8.8/DAZZ_DB/Catrack.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/falcon-1.8.8/DAZZ_DB/Catrack.c:104:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
afile = fopen(Numbered_Suffix(prefix,nfiles+1,Catenate(".",argv[2],".","anno")),"r");
data/falcon-1.8.8/DAZZ_DB/Catrack.c:107:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfile = fopen(Numbered_Suffix(prefix,nfiles+1,Catenate(".",argv[2],".","data")),"r");
data/falcon-1.8.8/DAZZ_DB/DAM2fasta.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nstring[WIDTH+1];
data/falcon-1.8.8/DAZZ_DB/DAM2fasta.c:119:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME], header[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DB.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ebuffer[1000];
data/falcon-1.8.8/DAZZ_DB/DB.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newmode[3];
data/falcon-1.8.8/DAZZ_DB/DB.c:89:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newmode,"rm");
data/falcon-1.8.8/DAZZ_DB/DB.c:93:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(name,newmode)) == NULL)
data/falcon-1.8.8/DAZZ_DB/DB.c:274:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*s++ = (char ) ((s0[i] << 6) | (s1[i] << 4) | (s2[i] << 2) | s3[i]);
data/falcon-1.8.8/DAZZ_DB/DB.c:308:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'a', 'c', 'g', 't' };
data/falcon-1.8.8/DAZZ_DB/DB.c:316:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'A', 'C', 'G', 'T' };
data/falcon-1.8.8/DAZZ_DB/DB.c:326:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char number[128] =
data/falcon-1.8.8/DAZZ_DB/DB.c:400:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/falcon-1.8.8/DAZZ_DB/DB.c:404:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/falcon-1.8.8/DAZZ_DB/DB.c:420:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_NAME], prolog[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DB.c:884:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DB.c:1108:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,Numbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/falcon-1.8.8/DAZZ_DB/DB.c:1112:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,".",track,".anno"),"r");
data/falcon-1.8.8/DAZZ_DB/DB.c:1181:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,Numbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/falcon-1.8.8/DAZZ_DB/DB.c:1185:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,".",track,".anno"),"r");
data/falcon-1.8.8/DAZZ_DB/DB.c:1204:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfile = fopen(name,"r");
data/falcon-1.8.8/DAZZ_DB/DB2fasta.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DB2fasta.c:99:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DB2quiva.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DB2quiva.c:98:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DBdump.c:50:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char nbuffer[MAX_BUFFER];
data/falcon-1.8.8/DAZZ_DB/DBdump.c:278:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char prolog[MAX_NAME], fname[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DBdump.c:523:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char header[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DBdump.c:622:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qvname[5] = { 'd', 'c', 'i', 'm', 's' };
data/falcon-1.8.8/DAZZ_DB/DBdump.c:673:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char header[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:124:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((afile = fopen(fname,"r+")) == NULL || db->part > 0)
data/falcon-1.8.8/DAZZ_DB/DBshow.c:55:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char nbuffer[MAX_BUFFER];
data/falcon-1.8.8/DAZZ_DB/DBshow.c:247:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char prolog[MAX_NAME], fname[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DBshow.c:458:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char header[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/DBsplit.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2*MAX_NAME+100];
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char number[128] =
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:86:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char nbuffer[MAX_NAME+8];
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:154:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
IFILE = fopen(argv[i]+2,"r");
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:165:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp = fopen(PIPE,"w");
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:246:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
istub = fopen(dbname,"r");
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:302:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char number[128] =
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:86:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char nbuffer[MAX_NAME+8];
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:154:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
IFILE = fopen(argv[i]+2,"r");
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:165:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp = fopen(PIPE,"w");
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:242:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
istub = fopen(dbname,"r");
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:291:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:341:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:63:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char nbuffer[MAX_NAME+8];
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:130:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
INFILE = fopen(argv[i]+2,"r");
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[MAX_NAME];
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:232:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char prolog[MAX_NAME], fname[MAX_NAME];
data/falcon-1.8.8/DEXTRACTOR/DB.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Ebuffer[1000];
data/falcon-1.8.8/DEXTRACTOR/DB.c:87:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(name,mode)) == NULL)
data/falcon-1.8.8/DEXTRACTOR/DB.c:268:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*s++ = (char ) ((s0[i] << 6) | (s1[i] << 4) | (s2[i] << 2) | s3[i]);
data/falcon-1.8.8/DEXTRACTOR/DB.c:302:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'a', 'c', 'g', 't' };
data/falcon-1.8.8/DEXTRACTOR/DB.c:310:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char letter[4] = { 'A', 'C', 'G', 'T' };
data/falcon-1.8.8/DEXTRACTOR/DB.c:320:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char number[128] =
data/falcon-1.8.8/DEXTRACTOR/DB.c:394:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/falcon-1.8.8/DEXTRACTOR/DB.c:398:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbvis = fopen(cat,"r")) == NULL)
data/falcon-1.8.8/DEXTRACTOR/DB.c:414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_NAME], prolog[MAX_NAME];
data/falcon-1.8.8/DEXTRACTOR/DB.c:878:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prolog[MAX_NAME], fname[MAX_NAME];
data/falcon-1.8.8/DEXTRACTOR/DB.c:1102:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,Numbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/falcon-1.8.8/DEXTRACTOR/DB.c:1106:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,".",track,".anno"),"r");
data/falcon-1.8.8/DEXTRACTOR/DB.c:1175:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,Numbered_Suffix(".",db->part,"."),track,".anno"),"r");
data/falcon-1.8.8/DEXTRACTOR/DB.c:1179:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ afile = fopen(Catenate(db->path,".",track,".anno"),"r");
data/falcon-1.8.8/DEXTRACTOR/DB.c:1198:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfile = fopen(name,"r");
data/falcon-1.8.8/DEXTRACTOR/dextract.c:548:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen(full,"r")) == NULL)
data/falcon-1.8.8/DEXTRACTOR/undexqv.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *entry[5] = { NULL, NULL, NULL, NULL, NULL };
data/falcon-1.8.8/DEXTRACTOR/undexqv.c:186:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
entry[0] = (char *) Realloc(entry[0],5*emax,"Reallocating QV entry buffer");
data/falcon-1.8.8/DALIGNER/DB2Falcon.c:87:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/falcon-1.8.8/DALIGNER/DB2Falcon.c:117:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,UPPER);
data/falcon-1.8.8/DALIGNER/DBX.c:47:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Load_Read_From_RAM(HITS_DB *db, char *data, int i, char *read, int ascii) {
data/falcon-1.8.8/DALIGNER/DBX.c:57:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (clen > 0) { memcpy(read, data + off, clen); } //fread(read,clen,1,bases)
data/falcon-1.8.8/DALIGNER/DBX.c:58:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(len, read);
data/falcon-1.8.8/DALIGNER/DBX.c:60:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/falcon-1.8.8/DALIGNER/DBX.c:61:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DALIGNER/DBX.c:64:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/falcon-1.8.8/DALIGNER/DBX.c:65:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DALIGNER/DBX.c:68:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/falcon-1.8.8/DALIGNER/DBX.c:73:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_ReadX(HITS_DBX *dbx, int i, char *read, int ascii) {
data/falcon-1.8.8/DALIGNER/DBX.c:75:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return Load_Read_From_RAM(&dbx->db, dbx->data, i, read, ascii);
data/falcon-1.8.8/DALIGNER/DBX.c:77:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return Load_Read(&dbx->db, i, read, ascii);
data/falcon-1.8.8/DALIGNER/DBX.h:21:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_ReadX(HITS_DBX *dbx, int i, char *read, int ascii);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:67:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[1]+(strlen(argv[1])-4),".dam") == 0)
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:827:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[1]+(strlen(argv[1])-4),".dam") == 0)
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:863:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[2]+(strlen(argv[2])-4),".dam") == 0)
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1533:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1534:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1535:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[3]);
data/falcon-1.8.8/DALIGNER/HPC.daligner.c:1536:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[4]);
data/falcon-1.8.8/DALIGNER/LA4Falcon.c:154:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( buffer, bbuffer + grp->beg.path.bbpos, rlen );
data/falcon-1.8.8/DALIGNER/LA4Falcon.c:266:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/falcon-1.8.8/DALIGNER/LA4Ice.c:136:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/falcon-1.8.8/DALIGNER/LAcheck.c:175:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int equal;
data/falcon-1.8.8/DALIGNER/LAcheck.c:313:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/falcon-1.8.8/DALIGNER/LAshow.c:98:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/falcon-1.8.8/DALIGNER/LAsplit.c:67:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[2]+(strlen(argv[2])-4),".dam") == 0)
data/falcon-1.8.8/DALIGNER/daligner.c:642:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/falcon-1.8.8/DALIGNER/daligner.c:643:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]);
data/falcon-1.8.8/DALIGNER/filter.c:79:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/falcon-1.8.8/DALIGNER/filter.c:93:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/falcon-1.8.8/DALIGNER/filter.c:843:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf(" %5d / %5d / %10lld\n",c->read,c->rpos,c->code);
data/falcon-1.8.8/DALIGNER/filter.c:967:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ ar = asort[a].read;
data/falcon-1.8.8/DALIGNER/filter.c:969:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ while (b < ib && bsort[b].read <= ar)
data/falcon-1.8.8/DALIGNER/filter.c:974:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (b < ib && bsort[b].read < ar)
data/falcon-1.8.8/DALIGNER/filter.c:983:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ ar = asort[a].read;
data/falcon-1.8.8/DALIGNER/filter.c:984:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (b < ib && bsort[b].read < ar)
data/falcon-1.8.8/DALIGNER/filter.c:1087:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ ar = asort[a].read;
data/falcon-1.8.8/DALIGNER/filter.c:1089:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ while (b < ib && bsort[b].read <= ar)
data/falcon-1.8.8/DALIGNER/filter.c:1094:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (b < ib && bsort[b].read < ar)
data/falcon-1.8.8/DALIGNER/filter.c:1103:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ ar = asort[a].read;
data/falcon-1.8.8/DALIGNER/filter.c:1104:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (b < ib && bsort[b].read < ar)
data/falcon-1.8.8/DALIGNER/filter.c:1114:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ar = asort[a].read;
data/falcon-1.8.8/DALIGNER/filter.c:1116:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ while (b < ib && bsort[b].read <= ar)
data/falcon-1.8.8/DALIGNER/filter.c:1120:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ while (b < ib && bsort[b].read < ar)
data/falcon-1.8.8/DALIGNER/filter.c:1128:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ hits[nhits].bread = bsort[c].read;
data/falcon-1.8.8/DALIGNER/filter.c:1139:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ar = asort[a].read;
data/falcon-1.8.8/DALIGNER/filter.c:1140:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (b < ib && bsort[b].read < ar)
data/falcon-1.8.8/DALIGNER/filter.c:1145:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ hits[nhits].bread = bsort[c].read;
data/falcon-1.8.8/DALIGNER/filter.c:1187:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ hits[nhits].bread = bsort[b].read;
data/falcon-1.8.8/DALIGNER/filter.c:1188:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hits[nhits].aread = asort[a].read;
data/falcon-1.8.8/DAMASKER/DB.c:127:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ epos = strlen(find);
data/falcon-1.8.8/DAMASKER/DB.c:128:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
epos -= strlen(suffix);
data/falcon-1.8.8/DAMASKER/DB.c:147:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/falcon-1.8.8/DAMASKER/DB.c:148:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(sep);
data/falcon-1.8.8/DAMASKER/DB.c:149:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(root);
data/falcon-1.8.8/DAMASKER/DB.c:150:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(suffix);
data/falcon-1.8.8/DAMASKER/DB.c:169:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(left);
data/falcon-1.8.8/DAMASKER/DB.c:170:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(right) + 40;
data/falcon-1.8.8/DAMASKER/DB.c:372:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/falcon-1.8.8/DAMASKER/DB.c:658:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
HITS_READ read;
data/falcon-1.8.8/DAMASKER/DB.c:695:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DAMASKER/DB.c:700:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAMASKER/DB.c:700:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAMASKER/DB.c:714:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DAMASKER/DB.c:719:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAMASKER/DB.c:719:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAMASKER/DB.c:734:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DAMASKER/DB.c:739:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAMASKER/DB.c:739:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAMASKER/DB.c:789:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(db->path)+1
data/falcon-1.8.8/DAMASKER/DB.c:804:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(t->name)+1
data/falcon-1.8.8/DAMASKER/DB.c:944:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ HITS_READ read;
data/falcon-1.8.8/DAMASKER/DB.c:947:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DAMASKER/DB.c:952:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fseeko(quiva,read.coff,SEEK_SET);
data/falcon-1.8.8/DAMASKER/DB.c:1381:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ char *read;
data/falcon-1.8.8/DAMASKER/DB.c:1395:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(HITS_DB *db, int i, char *read, int ascii)
data/falcon-1.8.8/DAMASKER/DB.c:1419:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/falcon-1.8.8/DAMASKER/DB.c:1424:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(len,read);
data/falcon-1.8.8/DAMASKER/DB.c:1426:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/falcon-1.8.8/DAMASKER/DB.c:1427:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DAMASKER/DB.c:1430:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/falcon-1.8.8/DAMASKER/DB.c:1431:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DAMASKER/DB.c:1434:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/falcon-1.8.8/DAMASKER/DB.c:1438:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(HITS_DB *db, int i, int beg, int end, char *read, int ascii)
data/falcon-1.8.8/DAMASKER/DB.c:1466:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/falcon-1.8.8/DAMASKER/DB.c:1471:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(4*clen,read);
data/falcon-1.8.8/DAMASKER/DB.c:1473:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[len] = 4;
data/falcon-1.8.8/DAMASKER/DB.c:1475:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/falcon-1.8.8/DAMASKER/DB.c:1476:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DAMASKER/DB.c:1479:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/falcon-1.8.8/DAMASKER/DB.c:1480:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DAMASKER/DB.c:1483:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/falcon-1.8.8/DAMASKER/DB.c:1485:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read);
data/falcon-1.8.8/DAMASKER/DB.c:1641:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/falcon-1.8.8/DAMASKER/DB.c:1646:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(root);
data/falcon-1.8.8/DAMASKER/DB.c:1670:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(root,name,rlen);
data/falcon-1.8.8/DAMASKER/DB.c:1674:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(root,name,rlen);
data/falcon-1.8.8/DAMASKER/DB.c:1694:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(name);
data/falcon-1.8.8/DAMASKER/DB.h:369:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(HITS_DB *db, int i, char *read, int ascii);
data/falcon-1.8.8/DAMASKER/DB.h:378:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(HITS_DB *db, int i, int beg, int end, char *read, int ascii);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:173:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:174:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:175:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[3]);
data/falcon-1.8.8/DAMASKER/HPC.REPmask.c:195:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[1]+(strlen(argv[1])-4),".dam") == 0)
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:121:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:122:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]);
data/falcon-1.8.8/DAMASKER/HPC.TANmask.c:134:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(argv[1]+(strlen(argv[1])-4),".dam") == 0)
data/falcon-1.8.8/DAMASKER/QV.c:386:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode(HScheme *scheme, FILE *out, uint8 *read, int rlen)
data/falcon-1.8.8/DAMASKER/QV.c:428:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/falcon-1.8.8/DAMASKER/QV.c:448:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode_Run(HScheme *neme, HScheme *reme, FILE *out, uint8 *read, int rlen, int rchar)
data/falcon-1.8.8/DAMASKER/QV.c:477:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (k < rlen && read[k] == rchar)
data/falcon-1.8.8/DAMASKER/QV.c:489:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/falcon-1.8.8/DAMASKER/QV.c:510:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode(HScheme *scheme, FILE *in, char *read, int rlen)
data/falcon-1.8.8/DAMASKER/QV.c:583:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DAMASKER/QV.c:595:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DAMASKER/QV.c:604:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode_Run(HScheme *neme, HScheme *reme, FILE *in, char *read,
data/falcon-1.8.8/DAMASKER/QV.c:650:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/falcon-1.8.8/DAMASKER/QV.c:661:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DAMASKER/QV.c:675:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/falcon-1.8.8/DAMASKER/QV.c:686:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DAMASKER/QV.c:770:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(Read);
data/falcon-1.8.8/DAMASKER/QV.c:782:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen += strlen(Read+rlen);
data/falcon-1.8.8/DAMASKER/QV.c:792:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rlen != (int) strlen(other))
data/falcon-1.8.8/DAMASKER/QV.c:1139:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(coding->prefix);
data/falcon-1.8.8/DAMASKER/REPmask.c:563:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char ans[strlen(MASK_NAME)+7];
data/falcon-1.8.8/DAMASKER/REPmask.c:564:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char dts[strlen(MASK_NAME)+7];
data/falcon-1.8.8/DAMASKER/TANmask.c:394:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char ans[strlen(MASK_NAME)+7];
data/falcon-1.8.8/DAMASKER/TANmask.c:395:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char dts[strlen(MASK_NAME)+7];
data/falcon-1.8.8/DAMASKER/datander.c:148:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/falcon-1.8.8/DAMASKER/tandem.c:71:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/falcon-1.8.8/DAMASKER/tandem.c:78:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/falcon-1.8.8/DAMASKER/tandem.c:474:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf(" %5d / %5d / %10lld\n",c->read,c->rpos,c->code);
data/falcon-1.8.8/DAMASKER/tandem.c:533:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ar = asort[ia].read;
data/falcon-1.8.8/DAMASKER/tandem.c:538:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nr = asort[ia].read) == ar)
data/falcon-1.8.8/DAMASKER/tandem.c:917:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("\nNEW THREAD %5d(%5lld)-%5d(%5lld)\n",asort[data->beg].read,data->beg,
data/falcon-1.8.8/DAMASKER/tandem.c:918:68: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
asort[data->end-1].read,data->end);
data/falcon-1.8.8/DAMASKER/tandem.c:923:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
aend = asort[data->end-1].read;
data/falcon-1.8.8/DAMASKER/tandem.c:924:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (ar = asort[data->beg].read; ar < aend; ar++)
data/falcon-1.8.8/DAMASKER/tandem.c:1222:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf(" %5d / %5d / %10lld\n",c->read,c->rpos,c->code);
data/falcon-1.8.8/DAMASKER/tandem.c:1248:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf(" %5d / %5d / %10lld\n",c->read,c->rpos,c->code);
data/falcon-1.8.8/DAMASKER/tandem.c:1270:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ ar = asort[p-1].read;
data/falcon-1.8.8/DAMASKER/tandem.c:1271:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((asort[p].read) == ar)
data/falcon-1.8.8/DAZZ_DB/Catrack.c:57:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(argv[1]);
data/falcon-1.8.8/DAZZ_DB/DAM2fasta.c:101:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/falcon-1.8.8/DAZZ_DB/DAM2fasta.c:184:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,UPPER);
data/falcon-1.8.8/DAZZ_DB/DB.c:133:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ epos = strlen(find);
data/falcon-1.8.8/DAZZ_DB/DB.c:134:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
epos -= strlen(suffix);
data/falcon-1.8.8/DAZZ_DB/DB.c:153:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/falcon-1.8.8/DAZZ_DB/DB.c:154:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(sep);
data/falcon-1.8.8/DAZZ_DB/DB.c:155:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(root);
data/falcon-1.8.8/DAZZ_DB/DB.c:156:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(suffix);
data/falcon-1.8.8/DAZZ_DB/DB.c:175:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(left);
data/falcon-1.8.8/DAZZ_DB/DB.c:176:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(right) + 40;
data/falcon-1.8.8/DAZZ_DB/DB.c:378:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/falcon-1.8.8/DAZZ_DB/DB.c:664:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
HITS_READ read;
data/falcon-1.8.8/DAZZ_DB/DB.c:701:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DAZZ_DB/DB.c:706:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAZZ_DB/DB.c:706:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAZZ_DB/DB.c:720:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DAZZ_DB/DB.c:725:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAZZ_DB/DB.c:725:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAZZ_DB/DB.c:740:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DAZZ_DB/DB.c:745:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAZZ_DB/DB.c:745:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DAZZ_DB/DB.c:795:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(db->path)+1
data/falcon-1.8.8/DAZZ_DB/DB.c:810:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(t->name)+1
data/falcon-1.8.8/DAZZ_DB/DB.c:950:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ HITS_READ read;
data/falcon-1.8.8/DAZZ_DB/DB.c:953:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DAZZ_DB/DB.c:958:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fseeko(quiva,read.coff,SEEK_SET);
data/falcon-1.8.8/DAZZ_DB/DB.c:1387:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ char *read;
data/falcon-1.8.8/DAZZ_DB/DB.c:1401:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(HITS_DB *db, int i, char *read, int ascii)
data/falcon-1.8.8/DAZZ_DB/DB.c:1425:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/falcon-1.8.8/DAZZ_DB/DB.c:1430:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(len,read);
data/falcon-1.8.8/DAZZ_DB/DB.c:1432:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/falcon-1.8.8/DAZZ_DB/DB.c:1433:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DAZZ_DB/DB.c:1436:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/falcon-1.8.8/DAZZ_DB/DB.c:1437:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DAZZ_DB/DB.c:1440:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/falcon-1.8.8/DAZZ_DB/DB.c:1444:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(HITS_DB *db, int i, int beg, int end, char *read, int ascii)
data/falcon-1.8.8/DAZZ_DB/DB.c:1472:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/falcon-1.8.8/DAZZ_DB/DB.c:1477:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(4*clen,read);
data/falcon-1.8.8/DAZZ_DB/DB.c:1479:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[len] = 4;
data/falcon-1.8.8/DAZZ_DB/DB.c:1481:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/falcon-1.8.8/DAZZ_DB/DB.c:1482:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DAZZ_DB/DB.c:1485:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/falcon-1.8.8/DAZZ_DB/DB.c:1486:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DAZZ_DB/DB.c:1489:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/falcon-1.8.8/DAZZ_DB/DB.c:1491:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read);
data/falcon-1.8.8/DAZZ_DB/DB.c:1647:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/falcon-1.8.8/DAZZ_DB/DB.c:1652:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(root);
data/falcon-1.8.8/DAZZ_DB/DB.c:1676:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(root,name,rlen);
data/falcon-1.8.8/DAZZ_DB/DB.c:1680:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(root,name,rlen);
data/falcon-1.8.8/DAZZ_DB/DB.c:1700:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(name);
data/falcon-1.8.8/DAZZ_DB/DB.h:369:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(HITS_DB *db, int i, char *read, int ascii);
data/falcon-1.8.8/DAZZ_DB/DB.h:378:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(HITS_DB *db, int i, int beg, int end, char *read, int ascii);
data/falcon-1.8.8/DAZZ_DB/DB2fasta.c:89:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/falcon-1.8.8/DAZZ_DB/DB2fasta.c:155:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,UPPER);
data/falcon-1.8.8/DAZZ_DB/DBdump.c:34:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/falcon-1.8.8/DAZZ_DB/DBdump.c:66:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x = sscanf(nbuffer," %d %d %d",&(it->read),&(it->beg),&(it->end));
data/falcon-1.8.8/DAZZ_DB/DBdump.c:165:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/falcon-1.8.8/DAZZ_DB/DBdump.c:495:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = iter->read;
data/falcon-1.8.8/DAZZ_DB/DBdump.c:527:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header[strlen(header)-1] = '\0';
data/falcon-1.8.8/DAZZ_DB/DBdump.c:528:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ten = strlen(header);
data/falcon-1.8.8/DAZZ_DB/DBdump.c:535:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ten = strlen(flist[map]);
data/falcon-1.8.8/DAZZ_DB/DBdump.c:618:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, **entry;
data/falcon-1.8.8/DAZZ_DB/DBdump.c:644:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = iter->read;
data/falcon-1.8.8/DAZZ_DB/DBdump.c:677:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header[strlen(header)-1] = '\0';
data/falcon-1.8.8/DAZZ_DB/DBdump.c:678:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("H %ld %s\n",strlen(header),header);
data/falcon-1.8.8/DAZZ_DB/DBdump.c:686:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("H %ld %s\n",strlen(flist[map]),flist[map]);
data/falcon-1.8.8/DAZZ_DB/DBdump.c:696:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,UPPER);
data/falcon-1.8.8/DAZZ_DB/DBdust.c:161:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, *lag2;
data/falcon-1.8.8/DAZZ_DB/DBdust.c:204:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,0);
data/falcon-1.8.8/DAZZ_DB/DBdust.c:206:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = (read[0] << 2) | read[1]; // Convert to triple codes
data/falcon-1.8.8/DAZZ_DB/DBdust.c:206:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = (read[0] << 2) | read[1]; // Convert to triple codes
data/falcon-1.8.8/DAZZ_DB/DBdust.c:208:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c = ((c << 2) & 0x3f) | read[j];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:225:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c = read[j];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:237:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++wb];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:243:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++lb];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:250:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++lb];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:280:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[c];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:307:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[c];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:319:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c = read[j];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:331:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++wb];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:337:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++lb];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:344:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[++lb];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:374:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[c];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:401:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ d = read[c];
data/falcon-1.8.8/DAZZ_DB/DBdust.c:445:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,0);
data/falcon-1.8.8/DAZZ_DB/DBdust.c:452:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("%c",Caps[(int) read[c]]);
data/falcon-1.8.8/DAZZ_DB/DBdust.c:454:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("%c",Lowr[(int) read[c]]);
data/falcon-1.8.8/DAZZ_DB/DBshow.c:39:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/falcon-1.8.8/DAZZ_DB/DBshow.c:71:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x = sscanf(nbuffer," %d %d %d",&(it->read),&(it->beg),&(it->end));
data/falcon-1.8.8/DAZZ_DB/DBshow.c:157:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/falcon-1.8.8/DAZZ_DB/DBshow.c:397:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, **entry;
data/falcon-1.8.8/DAZZ_DB/DBshow.c:431:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = iter->read;
data/falcon-1.8.8/DAZZ_DB/DBshow.c:462:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header[strlen(header)-1] = '\0';
data/falcon-1.8.8/DAZZ_DB/DBshow.c:482:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Load_Read(db,i,read,UPPER);
data/falcon-1.8.8/DAZZ_DB/DBshow.c:501:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (iscase(read[m]))
data/falcon-1.8.8/DAZZ_DB/DBshow.c:502:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/falcon-1.8.8/DAZZ_DB/DBshow.c:502:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[m] = (char) (read[m] + hilight);
data/falcon-1.8.8/DAZZ_DB/QV.c:386:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode(HScheme *scheme, FILE *out, uint8 *read, int rlen)
data/falcon-1.8.8/DAZZ_DB/QV.c:428:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/falcon-1.8.8/DAZZ_DB/QV.c:448:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode_Run(HScheme *neme, HScheme *reme, FILE *out, uint8 *read, int rlen, int rchar)
data/falcon-1.8.8/DAZZ_DB/QV.c:477:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (k < rlen && read[k] == rchar)
data/falcon-1.8.8/DAZZ_DB/QV.c:489:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/falcon-1.8.8/DAZZ_DB/QV.c:510:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode(HScheme *scheme, FILE *in, char *read, int rlen)
data/falcon-1.8.8/DAZZ_DB/QV.c:583:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DAZZ_DB/QV.c:595:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DAZZ_DB/QV.c:604:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode_Run(HScheme *neme, HScheme *reme, FILE *in, char *read,
data/falcon-1.8.8/DAZZ_DB/QV.c:650:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/falcon-1.8.8/DAZZ_DB/QV.c:661:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DAZZ_DB/QV.c:675:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/falcon-1.8.8/DAZZ_DB/QV.c:686:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DAZZ_DB/QV.c:770:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(Read);
data/falcon-1.8.8/DAZZ_DB/QV.c:782:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen += strlen(Read+rlen);
data/falcon-1.8.8/DAZZ_DB/QV.c:792:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rlen != (int) strlen(other))
data/falcon-1.8.8/DAZZ_DB/QV.c:1139:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(coding->prefix);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:319:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:376:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(core) >= MAX_NAME)
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:404:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
eof = (fgets(read,MAX_NAME,input) == NULL);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:405:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (eof || strlen(read) < 1)
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:405:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (eof || strlen(read) < 1)
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:427:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:427:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read[strlen(read)-1] != '\n')
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:427:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:432:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!eof && read[0] != '>')
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:444:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[rlen] = '>';
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:445:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = strlen(read+rlen);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:452:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(read+rlen)-1;
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:453:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[rlen+x] != '\n')
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:458:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (eof || read[rlen] == '>')
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:463:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = (char *) realloc(read,rmax+1);
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:471:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[rlen] = '\0';
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:479:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (number[(int) read[++i]] < 4)
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:491:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = number[(int) read[i]];
data/falcon-1.8.8/DAZZ_DB/fasta2DAM.c:494:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[i++] = (char) x;
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:308:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:372:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(core) >= MAX_NAME)
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:396:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
eof = (fgets(read,MAX_NAME,input) == NULL);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:397:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (eof || strlen(read) < 1)
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:397:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (eof || strlen(read) < 1)
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:419:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:419:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read[strlen(read)-1] != '\n')
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:419:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:424:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!eof && read[0] != '>')
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:481:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(read+rlen)-1;
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:482:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[rlen+x] != '\n')
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:483:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (read[rlen] == '>')
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:492:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (eof || read[rlen] == '>')
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:497:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = (char *) realloc(read,rmax+1);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:505:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[rlen] = '\0';
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:508:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = number[(int) read[i]];
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:510:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[i] = (char) x;
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:524:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Compress_Read(rlen,read);
data/falcon-1.8.8/DAZZ_DB/fasta2DB.c:526:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fwrite(read,1,clen,bases);
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:333:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(input)) == EOF)
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:338:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fgetc(input) != EOF)
data/falcon-1.8.8/DAZZ_DB/quiva2DB.c:449:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(input) != EOF)
data/falcon-1.8.8/DAZZ_DB/simulator.c:552:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[1]);
data/falcon-1.8.8/DAZZ_DB/simulator.c:553:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr," %*s %s\n",(int) strlen(Prog_Name),"",Usage[2]);
data/falcon-1.8.8/DEXTRACTOR/DB.c:127:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ epos = strlen(find);
data/falcon-1.8.8/DEXTRACTOR/DB.c:128:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
epos -= strlen(suffix);
data/falcon-1.8.8/DEXTRACTOR/DB.c:147:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/falcon-1.8.8/DEXTRACTOR/DB.c:148:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(sep);
data/falcon-1.8.8/DEXTRACTOR/DB.c:149:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(root);
data/falcon-1.8.8/DEXTRACTOR/DB.c:150:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(suffix);
data/falcon-1.8.8/DEXTRACTOR/DB.c:169:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(left);
data/falcon-1.8.8/DEXTRACTOR/DB.c:170:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(right) + 40;
data/falcon-1.8.8/DEXTRACTOR/DB.c:372:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/falcon-1.8.8/DEXTRACTOR/DB.c:658:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
HITS_READ read;
data/falcon-1.8.8/DEXTRACTOR/DB.c:695:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DEXTRACTOR/DB.c:700:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DEXTRACTOR/DB.c:700:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DEXTRACTOR/DB.c:714:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DEXTRACTOR/DB.c:719:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DEXTRACTOR/DB.c:719:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DEXTRACTOR/DB.c:734:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DEXTRACTOR/DB.c:739:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DEXTRACTOR/DB.c:739:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read.flags & DB_BEST) >= allflag && read.rlen >= cutoff)
data/falcon-1.8.8/DEXTRACTOR/DB.c:789:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(db->path)+1
data/falcon-1.8.8/DEXTRACTOR/DB.c:804:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(t->name)+1
data/falcon-1.8.8/DEXTRACTOR/DB.c:944:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ HITS_READ read;
data/falcon-1.8.8/DEXTRACTOR/DB.c:947:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fread(&read,sizeof(HITS_READ),1,indx) != 1)
data/falcon-1.8.8/DEXTRACTOR/DB.c:952:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fseeko(quiva,read.coff,SEEK_SET);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1381:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ char *read;
data/falcon-1.8.8/DEXTRACTOR/DB.c:1395:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(HITS_DB *db, int i, char *read, int ascii)
data/falcon-1.8.8/DEXTRACTOR/DB.c:1419:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/falcon-1.8.8/DEXTRACTOR/DB.c:1424:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(len,read);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1426:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1427:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DEXTRACTOR/DB.c:1430:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1431:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DEXTRACTOR/DB.c:1434:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/falcon-1.8.8/DEXTRACTOR/DB.c:1438:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(HITS_DB *db, int i, int beg, int end, char *read, int ascii)
data/falcon-1.8.8/DEXTRACTOR/DB.c:1466:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,bases) != 1)
data/falcon-1.8.8/DEXTRACTOR/DB.c:1471:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(4*clen,read);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1473:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[len] = 4;
data/falcon-1.8.8/DEXTRACTOR/DB.c:1475:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Lower_Read(read);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1476:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DEXTRACTOR/DB.c:1479:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ Upper_Read(read);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1480:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = '\0';
data/falcon-1.8.8/DEXTRACTOR/DB.c:1483:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[-1] = 4;
data/falcon-1.8.8/DEXTRACTOR/DB.c:1485:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1641:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(path);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1646:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(root);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1670:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(root,name,rlen);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1674:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(root,name,rlen);
data/falcon-1.8.8/DEXTRACTOR/DB.c:1694:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(name);
data/falcon-1.8.8/DEXTRACTOR/DB.h:369:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Load_Read(HITS_DB *db, int i, char *read, int ascii);
data/falcon-1.8.8/DEXTRACTOR/DB.h:378:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *Load_Subread(HITS_DB *db, int i, int beg, int end, char *read, int ascii);
data/falcon-1.8.8/DEXTRACTOR/QV.c:386:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode(HScheme *scheme, FILE *out, uint8 *read, int rlen)
data/falcon-1.8.8/DEXTRACTOR/QV.c:428:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/falcon-1.8.8/DEXTRACTOR/QV.c:448:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void Encode_Run(HScheme *neme, HScheme *reme, FILE *out, uint8 *read, int rlen, int rchar)
data/falcon-1.8.8/DEXTRACTOR/QV.c:477:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (k < rlen && read[k] == rchar)
data/falcon-1.8.8/DEXTRACTOR/QV.c:489:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ x = read[k];
data/falcon-1.8.8/DEXTRACTOR/QV.c:510:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode(HScheme *scheme, FILE *in, char *read, int rlen)
data/falcon-1.8.8/DEXTRACTOR/QV.c:583:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DEXTRACTOR/QV.c:595:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DEXTRACTOR/QV.c:604:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int Decode_Run(HScheme *neme, HScheme *reme, FILE *in, char *read,
data/falcon-1.8.8/DEXTRACTOR/QV.c:650:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/falcon-1.8.8/DEXTRACTOR/QV.c:661:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DEXTRACTOR/QV.c:675:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j++] = (char) rchar;
data/falcon-1.8.8/DEXTRACTOR/QV.c:686:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[j] = (char) c;
data/falcon-1.8.8/DEXTRACTOR/QV.c:770:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(Read);
data/falcon-1.8.8/DEXTRACTOR/QV.c:782:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen += strlen(Read+rlen);
data/falcon-1.8.8/DEXTRACTOR/QV.c:792:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rlen != (int) strlen(other))
data/falcon-1.8.8/DEXTRACTOR/QV.c:1139:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(coding->prefix);
data/falcon-1.8.8/DEXTRACTOR/dexqv.c:85:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ char *slash, *read; // Get header line prefix from first line
data/falcon-1.8.8/DEXTRACTOR/dexqv.c:92:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
coding->prefix = (char *) malloc((slash-read)+1);
data/falcon-1.8.8/DEXTRACTOR/dexqv.c:98:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strcpy(coding->prefix,read);
data/falcon-1.8.8/DEXTRACTOR/dexta.c:59:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ char *read;
data/falcon-1.8.8/DEXTRACTOR/dexta.c:104:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
eof = (fgets(read,MAX_BUFFER,input) == NULL);
data/falcon-1.8.8/DEXTRACTOR/dexta.c:105:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/falcon-1.8.8/DEXTRACTOR/dexta.c:105:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read[strlen(read)-1] != '\n')
data/falcon-1.8.8/DEXTRACTOR/dexta.c:105:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[strlen(read)-1] != '\n')
data/falcon-1.8.8/DEXTRACTOR/dexta.c:109:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!eof && read[0] != '>')
data/falcon-1.8.8/DEXTRACTOR/dexta.c:114:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
slash = index(read,'/');
data/falcon-1.8.8/DEXTRACTOR/dexta.c:123:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x = slash-read;
data/falcon-1.8.8/DEXTRACTOR/dexta.c:125:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fwrite(read,1,slash-read,output);
data/falcon-1.8.8/DEXTRACTOR/dexta.c:125:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fwrite(read,1,slash-read,output);
data/falcon-1.8.8/DEXTRACTOR/dexta.c:163:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(read+rlen)-1;
data/falcon-1.8.8/DEXTRACTOR/dexta.c:164:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[rlen+x] != '\n')
data/falcon-1.8.8/DEXTRACTOR/dexta.c:169:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (eof || read[rlen] == '>')
data/falcon-1.8.8/DEXTRACTOR/dexta.c:174:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = (char *) Realloc(read,rmax+1,"Reallocaing read buffer");
data/falcon-1.8.8/DEXTRACTOR/dexta.c:179:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[rlen] = '\0';
data/falcon-1.8.8/DEXTRACTOR/dexta.c:198:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Number_Read(read);
data/falcon-1.8.8/DEXTRACTOR/dexta.c:199:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Compress_Read(rlen,read);
data/falcon-1.8.8/DEXTRACTOR/dexta.c:200:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fwrite(read,1,COMPRESSED_LEN(rlen),output);
data/falcon-1.8.8/DEXTRACTOR/dexta.c:215:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
free(read);
data/falcon-1.8.8/DEXTRACTOR/undexta.c:92:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ char *read;
data/falcon-1.8.8/DEXTRACTOR/undexta.c:244:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = (char *) Realloc(read,rmax+1,"Allocating read buffer");
data/falcon-1.8.8/DEXTRACTOR/undexta.c:248:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ if (fread(read,clen,1,input) != 1)
data/falcon-1.8.8/DEXTRACTOR/undexta.c:251:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Uncompress_Read(rlen,read);
data/falcon-1.8.8/DEXTRACTOR/undexta.c:253:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Upper_Read(read);
data/falcon-1.8.8/DEXTRACTOR/undexta.c:255:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Lower_Read(read);
data/falcon-1.8.8/DEXTRACTOR/undexta.c:281:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
free(read);
data/falcon-1.8.8/FALCON/src/c/falcon.c:591:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sa_ptr = allocate_seq( (seq_coor_t) strlen( input_seq[0]) );
data/falcon-1.8.8/FALCON/src/c/falcon.c:592:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sda_ptr = allocate_seq_addr( (seq_coor_t) strlen( input_seq[0]) );
data/falcon-1.8.8/FALCON/src/c/falcon.c:593:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_sequence( 0, K, input_seq[0], strlen(input_seq[0]), sda_ptr, sa_ptr, lk_ptr);
data/falcon-1.8.8/FALCON/src/c/falcon.c:601:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kmer_match_ptr = find_kmer_pos_for_seq(input_seq[j], strlen(input_seq[j]), K, sda_ptr, lk_ptr);
data/falcon-1.8.8/FALCON/src/c/falcon.c:650:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
consensus = get_cns_from_align_tags( tags_list, aligned_seq_count, strlen(input_seq[0]), min_cov );
data/falcon-1.8.8/FALCON/src/c/falcon.c:697:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utg_len = strlen(input_seq[0]);
data/falcon-1.8.8/FALCON/src/c/falcon.c:702:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e1 = strlen(input_seq[0]);
data/falcon-1.8.8/FALCON/src/c/falcon.c:704:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e2 = strlen(input_seq[0]);
data/falcon-1.8.8/FALCON/src/c/falcon.c:706:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(input_seq[0]), arange, 0, 0);
data/falcon-1.8.8/FALCON/src/c/falcon.c:710:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e1 = strlen(input_seq[j])-1;
data/falcon-1.8.8/FALCON/src/c/falcon.c:712:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arange->e2 = strlen(input_seq[j])-1;
data/falcon-1.8.8/FALCON/src/c/falcon.c:714:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r_len = strlen(input_seq[j]);
ANALYSIS SUMMARY:
Hits = 808
Lines analyzed = 44780 in approximately 1.33 seconds (33651 lines/second)
Physical Source Lines of Code (SLOC) = 35012
Hits@level = [0] 2083 [1] 410 [2] 194 [3] 16 [4] 188 [5] 0
Hits@level+ = [0+] 2891 [1+] 808 [2+] 398 [3+] 204 [4+] 188 [5+] 0
Hits/KSLOC@level+ = [0+] 82.5717 [1+] 23.0778 [2+] 11.3675 [3+] 5.82657 [4+] 5.36959 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.