Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/flash-1.2.11/combine_reads.c
Examining data/flash-1.2.11/combine_reads.h
Examining data/flash-1.2.11/flash.c
Examining data/flash-1.2.11/iostream.c
Examining data/flash-1.2.11/iostream.h
Examining data/flash-1.2.11/read.h
Examining data/flash-1.2.11/read_io.c
Examining data/flash-1.2.11/read_io.h
Examining data/flash-1.2.11/read_queue.c
Examining data/flash-1.2.11/read_queue.h
Examining data/flash-1.2.11/read_util.c
Examining data/flash-1.2.11/util.c
Examining data/flash-1.2.11/util.h
FINAL RESULTS:
data/flash-1.2.11/flash.c:1002:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out_suffix, ".%s", optarg);
data/flash-1.2.11/flash.c:1011:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(compress_prog_args, "%s -c -", optarg);
data/flash-1.2.11/flash.c:1019:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out_suffix, ".%s", optarg);
data/flash-1.2.11/flash.c:1147:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
suffix = name_buf + sprintf(name_buf, "%s/%s", output_dir, prefix);
data/flash-1.2.11/flash.c:1150:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suffix, ".readsAndPairs.%s%s", out_filetype, out_suffix);
data/flash-1.2.11/flash.c:1156:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suffix, ".extendedFrags.%s%s", out_filetype, out_suffix);
data/flash-1.2.11/flash.c:1164:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suffix, ".notCombined.%s%s",
data/flash-1.2.11/flash.c:1171:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suffix, ".notCombined_1.%s%s",
data/flash-1.2.11/flash.c:1178:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suffix, ".notCombined_2.%s%s",
data/flash-1.2.11/flash.c:1365:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suffix, ".hist%s", hist_specs[i].suffix);
data/flash-1.2.11/flash.c:1371:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suffix, ".histogram%s", hist_specs[i].suffix);
data/flash-1.2.11/iostream.c:572:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s %s", filter_prog, filter_prog_args);
data/flash-1.2.11/iostream.c:574:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, " > '%s'", path);
data/flash-1.2.11/iostream.c:576:6: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(command, "w");
data/flash-1.2.11/util.c:116:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, va);
data/flash-1.2.11/util.c:137:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, va);
data/flash-1.2.11/util.c:163:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, va);
data/flash-1.2.11/util.c:180:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(infofile, msg, va);
data/flash-1.2.11/util.c:214:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(xmalloc(strlen(str) + 1), str);
data/flash-1.2.11/util.h:31:62: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fatal_error(const char *msg, ...) __noreturn __cold __format(printf, 1, 2);
data/flash-1.2.11/util.h:34:73: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fatal_error_with_errno(const char *msg, ...) __noreturn __cold __format(printf, 1, 2);
data/flash-1.2.11/util.h:39:47: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
warning(const char *msg, ...) __cold __format(printf, 1, 2);
data/flash-1.2.11/util.h:44:37: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
info(const char *msg, ...) __format(printf, 1, 2);
data/flash-1.2.11/flash.c:875:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, optstring, longopts, NULL)) != -1) {
data/flash-1.2.11/flash.c:1144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[strlen(output_dir) + 1 + strlen(prefix) +
data/flash-1.2.11/flash.c:1224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/flash-1.2.11/iostream.c:94:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, mode);
data/flash-1.2.11/iostream.c:127:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, flags | O_BINARY, mode);
data/flash-1.2.11/iostream.c:351:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void * (*open)(const char *path);
data/flash-1.2.11/iostream.c:388:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[2] = {0, 0};
data/flash-1.2.11/iostream.c:415:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in->fp = (*in->ops->open)(path);
data/flash-1.2.11/iostream.c:511:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*lineptr + offset, in->buf_cur_begin, copysize);
data/flash-1.2.11/iostream.c:568:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[len + 1];
data/flash-1.2.11/iostream.c:595:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *(*open)(const char *path,
data/flash-1.2.11/iostream.c:685:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out->fp = (*out->ops->open)(path, filter_prog, filter_prog_args);
data/flash-1.2.11/iostream.c:727:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->buf_cur_end, ptr, tocopy);
data/flash-1.2.11/read_util.c:44:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char canonical_ascii_tab[256] = {
data/flash-1.2.11/read_util.c:201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to->tag, from->tag, from->tag_len + 1);
data/flash-1.2.11/util.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_copy[len + 1];
data/flash-1.2.11/combine_reads.c:248:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pair_align(const struct read *read_1, const struct read *read_2,
data/flash-1.2.11/combine_reads.c:248:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pair_align(const struct read *read_1, const struct read *read_2,
data/flash-1.2.11/combine_reads.c:303:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const struct read *tmp = read_1;
data/flash-1.2.11/combine_reads.c:320:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
generate_combined_read(const struct read *read_1,
data/flash-1.2.11/combine_reads.c:321:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const struct read *read_2,
data/flash-1.2.11/combine_reads.c:322:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *combined_read,
data/flash-1.2.11/combine_reads.c:454:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
combine_reads(const struct read *read_1, const struct read *read_2,
data/flash-1.2.11/combine_reads.c:454:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
combine_reads(const struct read *read_1, const struct read *read_2,
data/flash-1.2.11/combine_reads.c:455:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *combined_read,
data/flash-1.2.11/combine_reads.c:499:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const struct read *tmp;
data/flash-1.2.11/combine_reads.h:6:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read;
data/flash-1.2.11/combine_reads.h:52:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
combine_reads(const struct read *read_1, const struct read *read_2,
data/flash-1.2.11/combine_reads.h:52:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
combine_reads(const struct read *read_1, const struct read *read_2,
data/flash-1.2.11/combine_reads.h:53:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *combined_read,
data/flash-1.2.11/flash.c:687:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r1 = s1->reads[i];
data/flash-1.2.11/flash.c:688:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r2 = s2->reads[i];
data/flash-1.2.11/flash.c:689:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r_combined;
data/flash-1.2.11/flash.c:1001:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_suffix = xmalloc(strlen(optarg) + 2);
data/flash-1.2.11/flash.c:1010:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
compress_prog_args = xmalloc(strlen(optarg) + 6);
data/flash-1.2.11/flash.c:1018:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_suffix = xmalloc(strlen(optarg) + 2);
data/flash-1.2.11/flash.c:1144:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char name_buf[strlen(output_dir) + 1 + strlen(prefix) +
data/flash-1.2.11/flash.c:1144:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char name_buf[strlen(output_dir) + 1 + strlen(prefix) +
data/flash-1.2.11/flash.c:1145:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
100 + strlen(out_suffix) + 1];
data/flash-1.2.11/iostream.c:245:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret = read(fd, buf, trycount);
data/flash-1.2.11/iostream.c:355:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t (*read)(void *fp, void *buf, size_t count, const char *name);
data/flash-1.2.11/iostream.c:479:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
navail = (*in->ops->read)(in->fp,
data/flash-1.2.11/iostream.c:539:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xfree(in->name, strlen(in->name));
data/flash-1.2.11/iostream.c:566:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(filter_prog) + 32 +
data/flash-1.2.11/iostream.c:567:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path) + strlen(filter_prog_args);
data/flash-1.2.11/iostream.c:567:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(path) + strlen(filter_prog_args);
data/flash-1.2.11/iostream.c:738:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output_stream_write(out, s, strlen(s));
data/flash-1.2.11/iostream.c:758:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xfree(out->name, strlen(out->name));
data/flash-1.2.11/read.h:7:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read {
data/flash-1.2.11/read.h:36:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reverse_complement(struct read *r);
data/flash-1.2.11/read.h:39:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
clean_read(struct read *r, int phred_offset, struct input_stream *in,
data/flash-1.2.11/read.h:43:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
clean_read_for_write(struct read *r, int phred_offset);
data/flash-1.2.11/read.h:46:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
copy_tag(struct read *to, const struct read *from);
data/flash-1.2.11/read.h:46:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
copy_tag(struct read *to, const struct read *from);
data/flash-1.2.11/read.h:49:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
get_combined_tag(const struct read *read_1,
data/flash-1.2.11/read.h:50:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const struct read *read_2,
data/flash-1.2.11/read.h:51:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *combined_read);
data/flash-1.2.11/read_io.c:39:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
load_fastq_read(struct input_stream *in, struct read *r,
data/flash-1.2.11/read_io.c:98:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
load_tab_delimited_read(struct input_stream *in, struct read *r,
data/flash-1.2.11/read_io.c:157:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r1, struct read *r2, uint64_t *line_no_p)
data/flash-1.2.11/read_io.c:157:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r1, struct read *r2, uint64_t *line_no_p)
data/flash-1.2.11/read_io.c:256:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r, uint64_t *line_no_p)
data/flash-1.2.11/read_io.c:289:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r1, struct read *r2,
data/flash-1.2.11/read_io.c:289:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r1, struct read *r2,
data/flash-1.2.11/read_io.c:321:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
write_fastq_read(struct output_stream *out, const struct read *r)
data/flash-1.2.11/read_io.c:338:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
write_tab_delimited_read(struct output_stream *out, const struct read *r)
data/flash-1.2.11/read_io.c:357:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const struct read *r1, const struct read *r2)
data/flash-1.2.11/read_io.c:357:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const struct read *r1, const struct read *r2)
data/flash-1.2.11/read_io.c:388:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r)
data/flash-1.2.11/read_io.c:411:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r1, struct read *r2)
data/flash-1.2.11/read_io.c:411:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r1, struct read *r2)
data/flash-1.2.11/read_io.h:9:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read;
data/flash-1.2.11/read_io.h:30:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *read);
data/flash-1.2.11/read_io.h:30:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *read);
data/flash-1.2.11/read_io.h:35:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *read_1, struct read *read_2);
data/flash-1.2.11/read_io.h:35:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *read_1, struct read *read_2);
data/flash-1.2.11/read_io.h:40:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *read, uint64_t *line_no_p);
data/flash-1.2.11/read_io.h:40:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *read, uint64_t *line_no_p);
data/flash-1.2.11/read_io.h:45:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *read_1, struct read *read_2,
data/flash-1.2.11/read_io.h:45:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *read_1, struct read *read_2,
data/flash-1.2.11/read_queue.c:40:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static struct read *
data/flash-1.2.11/read_queue.c:43:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return xzalloc(sizeof(struct read));
data/flash-1.2.11/read_queue.c:47:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
free_read(struct read *r)
data/flash-1.2.11/read_queue.c:319:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *r = s_read1->reads[s_read1->filled];
data/flash-1.2.11/read_queue.c:517:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
goto mismatch;
data/flash-1.2.11/read_queue.c:524:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
goto mismatch;
data/flash-1.2.11/read_queue.c:527:1: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch:
data/flash-1.2.11/read_queue.h:6:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read;
data/flash-1.2.11/read_queue.h:40:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *reads[];
data/flash-1.2.11/read_util.c:115:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reverse_complement(struct read *r)
data/flash-1.2.11/read_util.c:132:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
clean_read(struct read *r, int phred_offset, struct input_stream *in,
data/flash-1.2.11/read_util.c:180:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
clean_read_for_write(struct read *r, int phred_offset)
data/flash-1.2.11/read_util.c:194:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
copy_tag(struct read *to, const struct read *from)
data/flash-1.2.11/read_util.c:194:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
copy_tag(struct read *to, const struct read *from)
data/flash-1.2.11/read_util.c:213:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
get_combined_tag(const struct read *read_1,
data/flash-1.2.11/read_util.c:214:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const struct read *read_2,
data/flash-1.2.11/read_util.c:215:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct read *combined_read)
data/flash-1.2.11/util.c:214:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strcpy(xmalloc(strlen(str) + 1), str);
data/flash-1.2.11/util.c:287:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dir);
ANALYSIS SUMMARY:
Hits = 122
Lines analyzed = 4890 in approximately 0.22 seconds (21986 lines/second)
Physical Source Lines of Code (SLOC) = 3549
Hits@level = [0] 9 [1] 83 [2] 15 [3] 1 [4] 23 [5] 0
Hits@level+ = [0+] 131 [1+] 122 [2+] 39 [3+] 24 [4+] 23 [5+] 0
Hits/KSLOC@level+ = [0+] 36.9118 [1+] 34.3759 [2+] 10.989 [3+] 6.76247 [4+] 6.4807 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.