Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/glam2-1064/src/scan_output.c
Examining data/glam2-1064/src/column_sample.h
Examining data/glam2-1064/src/util.c
Examining data/glam2-1064/src/site_sample.h
Examining data/glam2-1064/src/output.h
Examining data/glam2-1064/src/dna_prior.c
Examining data/glam2-1064/src/version.h
Examining data/glam2-1064/src/util.h
Examining data/glam2-1064/src/args.h
Examining data/glam2-1064/src/output.c
Examining data/glam2-1064/src/glam2_aln.c
Examining data/glam2-1064/src/glam2mask.c
Examining data/glam2-1064/src/alphabet.c
Examining data/glam2-1064/src/init.h
Examining data/glam2-1064/src/scan.h
Examining data/glam2-1064/src/init.c
Examining data/glam2-1064/src/glam2.c
Examining data/glam2-1064/src/recode3_20comp.h
Examining data/glam2-1064/src/args.c
Examining data/glam2-1064/src/motif.c
Examining data/glam2-1064/src/glam2_aln.h
Examining data/glam2-1064/src/column_sample.c
Examining data/glam2-1064/src/dna_prior.h
Examining data/glam2-1064/src/fasta.c
Examining data/glam2-1064/src/recode3_20comp.c
Examining data/glam2-1064/src/site_sample.c
Examining data/glam2-1064/src/convolve.h
Examining data/glam2-1064/src/motif.h
Examining data/glam2-1064/src/fasta.h
Examining data/glam2-1064/src/alignment.h
Examining data/glam2-1064/src/dirichlet.c
Examining data/glam2-1064/src/dirichlet.h
Examining data/glam2-1064/src/glam2.h
Examining data/glam2-1064/src/scan_init.c
Examining data/glam2-1064/src/alignment.c
Examining data/glam2-1064/src/glam2format.c
Examining data/glam2-1064/src/heap.h
Examining data/glam2-1064/src/scan.c
Examining data/glam2-1064/src/heap.c
Examining data/glam2-1064/src/alphabet.h
Examining data/glam2-1064/src/scan_init.h
Examining data/glam2-1064/src/scan_args.c
Examining data/glam2-1064/src/convolve.c
Examining data/glam2-1064/src/scan_args.h
Examining data/glam2-1064/src/scan_output.h
Examining data/glam2-1064/purge/purge.c
Examining data/glam2-1064/purge/mheap.h
Examining data/glam2-1064/purge/stdinc.h
Examining data/glam2-1064/purge/afnio.c
Examining data/glam2-1064/purge/random.h
Examining data/glam2-1064/purge/alphabet.c
Examining data/glam2-1064/purge/mlist.h
Examining data/glam2-1064/purge/gblast.h
Examining data/glam2-1064/purge/sequence.h
Examining data/glam2-1064/purge/block.h
Examining data/glam2-1064/purge/karlin.c
Examining data/glam2-1064/purge/mheap.c
Examining data/glam2-1064/purge/seqset.h
Examining data/glam2-1064/purge/block.c
Examining data/glam2-1064/purge/gblast.c
Examining data/glam2-1064/purge/sequence.c
Examining data/glam2-1064/purge/pairaln.h
Examining data/glam2-1064/purge/random.c
Examining data/glam2-1064/purge/dheap.c
Examining data/glam2-1064/purge/pairaln.c
Examining data/glam2-1064/purge/alphabet.h
Examining data/glam2-1064/purge/afnio.h
Examining data/glam2-1064/purge/purge.h
Examining data/glam2-1064/purge/karlin.h
Examining data/glam2-1064/purge/residues.h
Examining data/glam2-1064/purge/dheap.h
Examining data/glam2-1064/purge/seqset.c
Examining data/glam2-1064/purge/pmain.c
Examining data/glam2-1064/purge/mlist.c
FINAL RESULTS:
data/glam2-1064/purge/afnio.c:9:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,fstring);
data/glam2-1064/purge/afnio.c:10:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s,subfile);
data/glam2-1064/purge/afnio.c:58:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(S,s); return S;
data/glam2-1064/purge/alphabet.c:80:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(A->code2let,map_s);
data/glam2-1064/purge/alphabet.c:82:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(A->code2lower,map_s);
data/glam2-1064/purge/purge.c:107:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s.%c%ld",NameSeqSet(P),method,cutoff);
data/glam2-1064/purge/seqset.c:110:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(P->name,filename); P->A = A;
data/glam2-1064/src/util.c:289:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/glam2-1064/src/util.c:322:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(t, cs);
data/glam2-1064/src/args.c:100:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "hn:r:o:2a:b:z:w:D:E:I:J:pm:x:t:c:u:d:q:s:"))
data/glam2-1064/src/glam2format.c:319:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "o:cf:")) != -1) { /* non-ANSI */
data/glam2-1064/src/glam2mask.c:71:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "o:x:")) != -1) { /* non-ANSI */
data/glam2-1064/src/init.c:163:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(d->a.seed);
data/glam2-1064/src/scan_args.c:57:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "ho:n:2D:E:I:J:d:")) != -1) {
data/glam2-1064/purge/afnio.c:6:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/glam2-1064/purge/afnio.c:11:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fptr = fopen(s,cmnd)) == NULL) {
data/glam2-1064/purge/pmain.c:6:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char score[100],*DBS_NAME,c=' ';
data/glam2-1064/purge/pmain.c:15:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(score,".%c%d",c,cutoff_score);
data/glam2-1064/purge/purge.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/glam2-1064/purge/seqset.c:84:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(P->name,"temp_file"); P->A = A;
data/glam2-1064/purge/seqset.c:130:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fptr = fopen(P->name,"r")) == NULL) {
data/glam2-1064/purge/sequence.c:111:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fptr = fopen(DBS_NAME,"r")) == NULL) {
data/glam2-1064/purge/sequence.c:610:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fptr = fopen(infile,"r")) == NULL) {
data/glam2-1064/purge/sequence.c:631:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fptr = fopen(infile,"r")) == NULL) {
data/glam2-1064/src/dirichlet.c:261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[21]; /* allow for terminating NUL */
data/glam2-1064/src/glam2format.c:254:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_seq + left_tot, s->seq, aln_len);
data/glam2-1064/src/util.c:329:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(t, cs, n);
data/glam2-1064/src/util.c:395:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, mode);
data/glam2-1064/src/util.h:9:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define COPY(s, t, n) memcpy(s, t, (n) * sizeof *(s))
data/glam2-1064/purge/afnio.c:56:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((S=(char*) calloc((strlen(s)+1),sizeof(char)))==NULL)
data/glam2-1064/purge/alphabet.c:59:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NEW(A->prs,strlen(prs)+2,char);
data/glam2-1064/purge/alphabet.c:78:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(A->alphabet,map_s,nAlpha(A)+1);
data/glam2-1064/purge/alphabet.c:79:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NEW(A->code2let,(strlen(map_s)+1),char); /* CODE2LETTER */
data/glam2-1064/purge/alphabet.c:81:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NEW(A->code2lower,(strlen(map_s)+1),char); /* LOWER*/
data/glam2-1064/purge/alphabet.c:111:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(R)==0) { A->R = NULL; return A; }
data/glam2-1064/purge/seqset.c:109:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NEW(P->name,strlen(filename)+2,char);
data/glam2-1064/purge/seqset.c:241:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c=fgetc(fptr))!=EOF){ if(c=='>') break; }
data/glam2-1064/purge/seqset.c:243:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(c=='>') while((c=fgetc(fptr))!=EOF){ if(c=='\n') break; }
data/glam2-1064/purge/seqset.c:248:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(j=0; (c=fgetc(fptr)) != EOF; j++) {
data/glam2-1064/purge/seqset.c:256:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((c=fgetc(fptr))==EOF) break;
data/glam2-1064/purge/sequence.c:9:32: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(c != EOF){ if((c=fgetc(fptr)) == '>') break; }
data/glam2-1064/purge/sequence.c:12:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(i=0; (c=fgetc(fptr))!=EOF; i++){
data/glam2-1064/purge/sequence.c:18:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(length=1; (c=fgetc(fptr))!=EOF; ){
data/glam2-1064/purge/sequence.c:117:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c=fgetc(fptr))!=EOF){ if(c=='>') break; }
data/glam2-1064/purge/sequence.c:121:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(c=='>') while((c=fgetc(fptr))!=EOF){ if(c=='\n') break; }
data/glam2-1064/purge/sequence.c:134:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((c=fgetc(fptr))==EOF) break;
data/glam2-1064/purge/sequence.c:186:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(E->info);
data/glam2-1064/purge/sequence.c:615:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c=fgetc(fptr))!=EOF){ if(c=='>') break; }
data/glam2-1064/purge/sequence.c:616:29: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(c=='>') while((c=fgetc(fptr))!=EOF){ if(c=='\n') break; }
data/glam2-1064/purge/sequence.c:621:28: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c=fgetc(fptr)) != EOF) {
data/glam2-1064/purge/sequence.c:628:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((c=fgetc(fptr))==EOF) break;
data/glam2-1064/purge/stdinc.h:48:28: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(getchar()!='\n') if(feof(stdin)) exit(1);\
data/glam2-1064/purge/stdinc.h:50:15: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} while(getchar()!='\n') if(feof(stdin)) exit(1);\
data/glam2-1064/purge/stdinc.h:55:28: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(getchar()!='\n') if(feof(stdin)) exit(1);\
data/glam2-1064/purge/stdinc.h:57:15: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} while(getchar()!='\n') if(feof(stdin)) exit(1);\
data/glam2-1064/src/alignment.c:7:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(a->key_positions);
data/glam2-1064/src/alignment.c:10:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a->seqs[i].seq) != len)
data/glam2-1064/src/alphabet.c:19:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a->size = strlen(string);
data/glam2-1064/src/alphabet.c:40:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a->size = strlen(string);
data/glam2-1064/src/alphabet.c:64:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = getc(fp)) != EOF) {
data/glam2-1064/src/dirichlet.c:269:10: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
while (fscanf(stream, "%20s", word) == 1) {
data/glam2-1064/src/fasta.c:105:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = getc(fp)) != EOF) {
data/glam2-1064/src/fasta.c:133:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fp)) != EOF)
data/glam2-1064/src/glam2format.c:54:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(a->seqs[i].seq);
data/glam2-1064/src/glam2format.c:74:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->name, (unsigned long)strlen(s->seq));
data/glam2-1064/src/glam2format.c:82:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(s->seq); /* slow */
data/glam2-1064/src/glam2format.c:237:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int aln_len = strlen(s->seq);
data/glam2-1064/src/motif.c:17:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int columns = strlen(a->key_positions);
data/glam2-1064/src/motif.c:62:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(aln.key_positions) <= INT_MAX); /* can fail */
data/glam2-1064/src/util.c:321:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = xmalloc(strlen(cs) + 1);
data/glam2-1064/src/util.c:426:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = getc(stream)) != EOF) {
ANALYSIS SUMMARY:
Hits = 71
Lines analyzed = 8796 in approximately 0.33 seconds (26635 lines/second)
Physical Source Lines of Code (SLOC) = 6796
Hits@level = [0] 186 [1] 42 [2] 15 [3] 5 [4] 9 [5] 0
Hits@level+ = [0+] 257 [1+] 71 [2+] 29 [3+] 14 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 37.8164 [1+] 10.4473 [2+] 4.26722 [3+] 2.06004 [4+] 1.32431 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.