Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/freebayes-1.3.2/src/Allele.cpp
Examining data/freebayes-1.3.2/src/Allele.h
Examining data/freebayes-1.3.2/src/AlleleParser.cpp
Examining data/freebayes-1.3.2/src/AlleleParser.h
Examining data/freebayes-1.3.2/src/BGZF.cpp
Examining data/freebayes-1.3.2/src/BGZF.h
Examining data/freebayes-1.3.2/src/Bias.cpp
Examining data/freebayes-1.3.2/src/Bias.h
Examining data/freebayes-1.3.2/src/CNV.cpp
Examining data/freebayes-1.3.2/src/CNV.h
Examining data/freebayes-1.3.2/src/Contamination.cpp
Examining data/freebayes-1.3.2/src/Contamination.h
Examining data/freebayes-1.3.2/src/DataLikelihood.cpp
Examining data/freebayes-1.3.2/src/DataLikelihood.h
Examining data/freebayes-1.3.2/src/Dirichlet.cpp
Examining data/freebayes-1.3.2/src/Dirichlet.h
Examining data/freebayes-1.3.2/src/Ewens.cpp
Examining data/freebayes-1.3.2/src/Ewens.h
Examining data/freebayes-1.3.2/src/Fasta.h
Examining data/freebayes-1.3.2/src/Genotype.cpp
Examining data/freebayes-1.3.2/src/Genotype.h
Examining data/freebayes-1.3.2/src/GenotypePriors.cpp
Examining data/freebayes-1.3.2/src/GenotypePriors.h
Examining data/freebayes-1.3.2/src/IndelAllele.cpp
Examining data/freebayes-1.3.2/src/IndelAllele.h
Examining data/freebayes-1.3.2/src/LargeFileSupport.h
Examining data/freebayes-1.3.2/src/LeftAlign.cpp
Examining data/freebayes-1.3.2/src/LeftAlign.h
Examining data/freebayes-1.3.2/src/Logging.h
Examining data/freebayes-1.3.2/src/Marginals.cpp
Examining data/freebayes-1.3.2/src/Marginals.h
Examining data/freebayes-1.3.2/src/Multinomial.cpp
Examining data/freebayes-1.3.2/src/Multinomial.h
Examining data/freebayes-1.3.2/src/NonCall.cpp
Examining data/freebayes-1.3.2/src/NonCall.h
Examining data/freebayes-1.3.2/src/Parameters.cpp
Examining data/freebayes-1.3.2/src/Parameters.h
Examining data/freebayes-1.3.2/src/Product.h
Examining data/freebayes-1.3.2/src/Result.cpp
Examining data/freebayes-1.3.2/src/Result.h
Examining data/freebayes-1.3.2/src/ResultData.cpp
Examining data/freebayes-1.3.2/src/ResultData.h
Examining data/freebayes-1.3.2/src/Sample.cpp
Examining data/freebayes-1.3.2/src/Sample.h
Examining data/freebayes-1.3.2/src/SegfaultHandler.cpp
Examining data/freebayes-1.3.2/src/SegfaultHandler.h
Examining data/freebayes-1.3.2/src/Sum.h
Examining data/freebayes-1.3.2/src/TryCatch.h
Examining data/freebayes-1.3.2/src/Utility.cpp
Examining data/freebayes-1.3.2/src/Utility.h
Examining data/freebayes-1.3.2/src/Version.h
Examining data/freebayes-1.3.2/src/alleles.cpp
Examining data/freebayes-1.3.2/src/bamfiltertech.cpp
Examining data/freebayes-1.3.2/src/bamleftalign.cpp
Examining data/freebayes-1.3.2/src/convert.h
Examining data/freebayes-1.3.2/src/dummy.cpp
Examining data/freebayes-1.3.2/src/fastlz.c
Examining data/freebayes-1.3.2/src/fastlz.h
Examining data/freebayes-1.3.2/src/freebayes.cpp
Examining data/freebayes-1.3.2/src/join.h
Examining data/freebayes-1.3.2/src/levenshtein.cpp
Examining data/freebayes-1.3.2/src/multichoose.h
Examining data/freebayes-1.3.2/src/multipermute.h
Examining data/freebayes-1.3.2/src/split.cpp
Examining data/freebayes-1.3.2/src/split.h
Examining data/freebayes-1.3.2/src/BedReader.cpp
Examining data/freebayes-1.3.2/src/BedReader.h
Examining data/freebayes-1.3.2/src/Fasta.cpp
Examining data/freebayes-1.3.2/ttmath/ttmath.h
Examining data/freebayes-1.3.2/ttmath/ttmathbig.h
Examining data/freebayes-1.3.2/ttmath/ttmathdec.h
Examining data/freebayes-1.3.2/ttmath/ttmathint.h
Examining data/freebayes-1.3.2/ttmath/ttmathmisc.h
Examining data/freebayes-1.3.2/ttmath/ttmathobjects.h
Examining data/freebayes-1.3.2/ttmath/ttmathparser.h
Examining data/freebayes-1.3.2/ttmath/ttmaththreads.h
Examining data/freebayes-1.3.2/ttmath/ttmathtypes.h
Examining data/freebayes-1.3.2/ttmath/ttmathuint.h
Examining data/freebayes-1.3.2/ttmath/ttmathuint_noasm.h
Examining data/freebayes-1.3.2/ttmath/ttmathuint_x86.h
Examining data/freebayes-1.3.2/ttmath/ttmathuint_x86_64.h
FINAL RESULTS:
data/freebayes-1.3.2/src/split.cpp:21:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cstr, s.c_str());
data/freebayes-1.3.2/src/Parameters.cpp:592:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hcO4ZKjH[0diN5a)Ik=wl6#uVXJY:b:G:M:x:@:A:f:t:r:s:v:n:B:p:m:q:R:Q:U:$:e:T:P:D:^:S:W:F:C:&:L:8z:1:3:E:7:2:9:%:_:,:(:!:+:g:",
data/freebayes-1.3.2/src/bamleftalign.cpp:71:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hdcsf:m:",
data/freebayes-1.3.2/src/freebayes.cpp:110:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(13);
data/freebayes-1.3.2/src/AlleleParser.cpp:16:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(str.c_str());
data/freebayes-1.3.2/src/AlleleParser.cpp:132:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputFile.open(parameters.outputFile.c_str(), ios::out);
data/freebayes-1.3.2/src/AlleleParser.cpp:562:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
variantCallInputFile.open(parameters.variantPriorsFile);
data/freebayes-1.3.2/src/AlleleParser.cpp:583:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
haplotypeVariantInputFile.open(parameters.haplotypeVariantFile);
data/freebayes-1.3.2/src/AlleleParser.cpp:616:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reference.open(parameters.fasta);
data/freebayes-1.3.2/src/BGZF.cpp:162:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(UncompressedBlock, UncompressedBlock + inputLength, remaining);
data/freebayes-1.3.2/src/BGZF.cpp:243:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Stream = fopen(filename.c_str(), mode);
data/freebayes-1.3.2/src/BGZF.cpp:282:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, buffer + BlockOffset, copyLength);
data/freebayes-1.3.2/src/BGZF.cpp:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[BLOCK_HEADER_LENGTH];
data/freebayes-1.3.2/src/BGZF.cpp:322:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(compressedBlock, header, BLOCK_HEADER_LENGTH);
data/freebayes-1.3.2/src/BGZF.cpp:387:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + BlockOffset, input, copyLength);
data/freebayes-1.3.2/src/BGZF.h:183:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { double value; unsigned char valueBuffer[sizeof(double)]; } un;
data/freebayes-1.3.2/src/BGZF.h:198:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { double value; unsigned char valueBuffer[sizeof(double)]; } un;
data/freebayes-1.3.2/src/BGZF.h:214:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { float value; unsigned char valueBuffer[sizeof(float)]; } un;
data/freebayes-1.3.2/src/BGZF.h:225:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { float value; unsigned char valueBuffer[sizeof(float)]; } un;
data/freebayes-1.3.2/src/BGZF.h:237:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed int value; unsigned char valueBuffer[sizeof(signed int)]; } un;
data/freebayes-1.3.2/src/BGZF.h:248:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed int value; unsigned char valueBuffer[sizeof(signed int)]; } un;
data/freebayes-1.3.2/src/BGZF.h:260:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed short value; unsigned char valueBuffer[sizeof(signed short)]; } un;
data/freebayes-1.3.2/src/BGZF.h:269:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed short value; unsigned char valueBuffer[sizeof(signed short)]; } un;
data/freebayes-1.3.2/src/BGZF.h:279:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned int value; unsigned char valueBuffer[sizeof(unsigned int)]; } un;
data/freebayes-1.3.2/src/BGZF.h:290:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned int value; unsigned char valueBuffer[sizeof(unsigned int)]; } un;
data/freebayes-1.3.2/src/BGZF.h:302:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned short value; unsigned char valueBuffer[sizeof(unsigned short)]; } un;
data/freebayes-1.3.2/src/BGZF.h:311:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned short value; unsigned char valueBuffer[sizeof(unsigned short)]; } un;
data/freebayes-1.3.2/src/BedReader.cpp:38:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(strip(fields[1]).c_str()),
data/freebayes-1.3.2/src/BedReader.cpp:39:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(strip(fields[2]).c_str()) - 1, // use inclusive format internally
data/freebayes-1.3.2/src/BedReader.h:58:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(fname.c_str());
data/freebayes-1.3.2/src/Bias.cpp:7:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Bias::open(string& file) {
data/freebayes-1.3.2/src/Bias.cpp:10:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input.open(file.c_str());
data/freebayes-1.3.2/src/Bias.h:23:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(string& file);
data/freebayes-1.3.2/src/CNV.cpp:11:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ploidy = atoi(fields.at(1).c_str());
data/freebayes-1.3.2/src/CNV.cpp:17:34: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long int start = atol(fields.at(1).c_str());
data/freebayes-1.3.2/src/CNV.cpp:18:32: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long int end = atol(fields.at(2).c_str());
data/freebayes-1.3.2/src/CNV.cpp:19:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ploidy = atoi(fields.at(4).c_str());
data/freebayes-1.3.2/src/Contamination.cpp:7:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Contamination::open(string& file) {
data/freebayes-1.3.2/src/Contamination.cpp:10:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input.open(file.c_str());
data/freebayes-1.3.2/src/Contamination.h:30:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(string& file);
data/freebayes-1.3.2/src/Fasta.cpp:48:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
indexFile.open(fname.c_str(), ifstream::in);
data/freebayes-1.3.2/src/Fasta.cpp:60:73: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this->insert(make_pair(name, FastaIndexEntry(fields[0], atoi(fields[1].c_str()),
data/freebayes-1.3.2/src/Fasta.cpp:62:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(fields[3].c_str()),
data/freebayes-1.3.2/src/Fasta.cpp:63:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(fields[4].c_str()))));
data/freebayes-1.3.2/src/Fasta.cpp:114:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
refFile.open(refname.c_str());
data/freebayes-1.3.2/src/Fasta.cpp:195:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(fname.c_str());
data/freebayes-1.3.2/src/Fasta.cpp:225:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void FastaReference::open(string reffilename) {
data/freebayes-1.3.2/src/Fasta.cpp:227:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(file = fopen(filename.c_str(), "r"))) {
data/freebayes-1.3.2/src/Fasta.h:60:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(string reffilename);
data/freebayes-1.3.2/src/Parameters.cpp:676:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gVCFchunk = atoi(optarg);
data/freebayes-1.3.2/src/Utility.cpp:549:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/freebayes-1.3.2/src/Utility.cpp:610:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cigar.push_back(make_pair(atoi(number.c_str()), type));
data/freebayes-1.3.2/src/Utility.cpp:620:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cigar.push_back(make_pair(atoi(number.c_str()), type));
data/freebayes-1.3.2/src/Utility.cpp:637:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cigar.push_back(make_pair(atoi(number.c_str()), type));
data/freebayes-1.3.2/src/Utility.cpp:647:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cigar.push_back(make_pair(atoi(number.c_str()), type));
data/freebayes-1.3.2/src/Utility.cpp:700:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(f.c_str(), ifstream::in);
data/freebayes-1.3.2/src/bamleftalign.cpp:81:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reference.open(optarg); // will exit on open failure
data/freebayes-1.3.2/src/bamleftalign.cpp:86:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxiterations = atoi(optarg);
data/freebayes-1.3.2/src/freebayes.cpp:74:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
observationBias.open(parameters.alleleObservationBiasFile);
data/freebayes-1.3.2/src/freebayes.cpp:79:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
contaminationEstimates.open(parameters.contaminationEstimateFile);
data/freebayes-1.3.2/src/split.cpp:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cchars [s.size()+1];
data/freebayes-1.3.2/ttmath/ttmathparser.h:1424:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30]; // char, not wchar_t
data/freebayes-1.3.2/ttmath/ttmathparser.h:1432:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", par);
data/freebayes-1.3.2/ttmath/ttmathparser.h:1470:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[30];
data/freebayes-1.3.2/ttmath/ttmaththreads.h:115:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "TTMATH_LOCK_%ul", (unsigned long)GetCurrentProcessId());
data/freebayes-1.3.2/ttmath/ttmaththreads.h:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[50];
ANALYSIS SUMMARY:
Hits = 66
Lines analyzed = 142102 in approximately 3.08 seconds (46194 lines/second)
Physical Source Lines of Code (SLOC) = 125270
Hits@level = [0] 23 [1] 0 [2] 62 [3] 3 [4] 1 [5] 0
Hits@level+ = [0+] 89 [1+] 66 [2+] 66 [3+] 4 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 0.710465 [1+] 0.526862 [2+] 0.526862 [3+] 0.031931 [4+] 0.00798276 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.