Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lastz-1.04.03/src/align_diffs.c
Examining data/lastz-1.04.03/src/align_diffs.h
Examining data/lastz-1.04.03/src/axt.c
Examining data/lastz-1.04.03/src/axt.h
Examining data/lastz-1.04.03/src/build_options.h
Examining data/lastz-1.04.03/src/capsule.c
Examining data/lastz-1.04.03/src/capsule.h
Examining data/lastz-1.04.03/src/chain.c
Examining data/lastz-1.04.03/src/chain.h
Examining data/lastz-1.04.03/src/cigar.c
Examining data/lastz-1.04.03/src/cigar.h
Examining data/lastz-1.04.03/src/continuity_dist.c
Examining data/lastz-1.04.03/src/continuity_dist.h
Examining data/lastz-1.04.03/src/coverage_dist.c
Examining data/lastz-1.04.03/src/coverage_dist.h
Examining data/lastz-1.04.03/src/diag_hash.c
Examining data/lastz-1.04.03/src/diag_hash.h
Examining data/lastz-1.04.03/src/dna_utilities.h
Examining data/lastz-1.04.03/src/edit_script.c
Examining data/lastz-1.04.03/src/edit_script.h
Examining data/lastz-1.04.03/src/gapped_extend.c
Examining data/lastz-1.04.03/src/gapped_extend.h
Examining data/lastz-1.04.03/src/genpaf.c
Examining data/lastz-1.04.03/src/genpaf.h
Examining data/lastz-1.04.03/src/gfa.c
Examining data/lastz-1.04.03/src/gfa.h
Examining data/lastz-1.04.03/src/identity_dist.c
Examining data/lastz-1.04.03/src/identity_dist.h
Examining data/lastz-1.04.03/src/infer_scores.c
Examining data/lastz-1.04.03/src/infer_scores.h
Examining data/lastz-1.04.03/src/lastz.h
Examining data/lastz-1.04.03/src/lav.c
Examining data/lastz-1.04.03/src/lav.h
Examining data/lastz-1.04.03/src/maf.c
Examining data/lastz-1.04.03/src/maf.h
Examining data/lastz-1.04.03/src/masking.c
Examining data/lastz-1.04.03/src/masking.h
Examining data/lastz-1.04.03/src/output.c
Examining data/lastz-1.04.03/src/output.h
Examining data/lastz-1.04.03/src/pos_table.c
Examining data/lastz-1.04.03/src/pos_table.h
Examining data/lastz-1.04.03/src/quantum.c
Examining data/lastz-1.04.03/src/quantum.h
Examining data/lastz-1.04.03/src/sam.c
Examining data/lastz-1.04.03/src/sam.h
Examining data/lastz-1.04.03/src/seed_search.c
Examining data/lastz-1.04.03/src/seed_search.h
Examining data/lastz-1.04.03/src/seeds.c
Examining data/lastz-1.04.03/src/seeds.h
Examining data/lastz-1.04.03/src/segment.c
Examining data/lastz-1.04.03/src/segment.h
Examining data/lastz-1.04.03/src/sequences.h
Examining data/lastz-1.04.03/src/text_align.c
Examining data/lastz-1.04.03/src/text_align.h
Examining data/lastz-1.04.03/src/tweener.c
Examining data/lastz-1.04.03/src/tweener.h
Examining data/lastz-1.04.03/src/utilities.c
Examining data/lastz-1.04.03/src/utilities.h
Examining data/lastz-1.04.03/src/sequences.c
Examining data/lastz-1.04.03/src/dna_utilities.c
Examining data/lastz-1.04.03/src/lastz.c
FINAL RESULTS:
data/lastz-1.04.03/src/axt.c:147:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "# identity=" unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/axt.c:153:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "# coverage=" unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/axt.c:286:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, u64Fmt " %s " unsposFmt " " unsposFmt
data/lastz-1.04.03/src/axt.c:293:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " " unsposFmt, seq2Len);
data/lastz-1.04.03/src/axt.c:447:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "# identity=" unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/axt.c:456:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "# coverage=" unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/axt.c:517:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, u64Fmt " %s " unsposFmt " " unsposFmt
data/lastz-1.04.03/src/axt.c:524:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " " unsposFmt, seq2Len);
data/lastz-1.04.03/src/axt.c:580:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (f, format, args);
data/lastz-1.04.03/src/chain.c:207:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, " seq1: " unsposFmt ".." unsposFmt, \
data/lastz-1.04.03/src/chain.c:210:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, " seq2: " unsposFmt ".." unsposFmt, \
data/lastz-1.04.03/src/chain.c:470:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, \
data/lastz-1.04.03/src/cigar.c:304:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "cigar:"
data/lastz-1.04.03/src/cigar.c:323:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (letterAfter) fprintf (f, unsposFmt "%c", run, chM);
data/lastz-1.04.03/src/cigar.c:324:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, " %c " unsposFmt, chM, run);
data/lastz-1.04.03/src/cigar.c:336:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " %c " unsposFmt, chD, i - prevI);
data/lastz-1.04.03/src/cigar.c:340:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "%c", i - prevI, chD);
data/lastz-1.04.03/src/cigar.c:345:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " %c " unsposFmt, chI, j - prevJ);
data/lastz-1.04.03/src/cigar.c:349:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "%c", j - prevJ, chI);
data/lastz-1.04.03/src/cigar.c:484:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "cigar:"
data/lastz-1.04.03/src/cigar.c:498:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " %c " unsposFmt, chM, length);
data/lastz-1.04.03/src/cigar.c:502:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "%c", length, chM);
data/lastz-1.04.03/src/cigar.c:561:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " %c " unsposFmt, chX, runLen);
data/lastz-1.04.03/src/cigar.c:565:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "%c", runLen, chX);
data/lastz-1.04.03/src/cigar.c:576:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " = " unsposFmt, runLen);
data/lastz-1.04.03/src/cigar.c:580:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "=", runLen);
data/lastz-1.04.03/src/cigar.c:591:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " %c " unsposFmt, ch, runLen);
data/lastz-1.04.03/src/cigar.c:595:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "%c", runLen, ch);
data/lastz-1.04.03/src/dna_utilities.c:407:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, id);
data/lastz-1.04.03/src/dna_utilities.c:408:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp + strlen(id), message);
data/lastz-1.04.03/src/dna_utilities.c:1756:14: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (asInts) fprintf (f, wssScoreFmt, round_score (v));
data/lastz-1.04.03/src/dna_utilities.c:1757:14: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, wssScoreFmt, v);
data/lastz-1.04.03/src/dna_utilities.c:1762:14: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (asInts) fprintf (f, wssScoreFmt, round_score (v));
data/lastz-1.04.03/src/dna_utilities.c:1763:14: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, wssScoreFmt, v);
data/lastz-1.04.03/src/dna_utilities.c:1770:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (asInts) fprintf (f, wssScoreFmt, round_score (v));
data/lastz-1.04.03/src/dna_utilities.c:1771:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, wssScoreFmt, v);
data/lastz-1.04.03/src/dna_utilities.c:1776:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (asInts) fprintf (f, wssScoreFmt, round_score (v));
data/lastz-1.04.03/src/dna_utilities.c:1777:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, wssScoreFmt, v);
data/lastz-1.04.03/src/dna_utilities.c:1796:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (asInts) sprintf (s, wssScoreFmt, round_score (v));
data/lastz-1.04.03/src/dna_utilities.c:1797:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
else sprintf (s, wssScoreFmt, v);
data/lastz-1.04.03/src/dna_utilities.c:1820:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (asInts) fprintf (f, wssScoreFmtStar, w, round_score (v));
data/lastz-1.04.03/src/dna_utilities.c:1821:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, wssScoreFmtStar, w, v);
data/lastz-1.04.03/src/dna_utilities.c:2052:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, (rowsHidden)? " "
data/lastz-1.04.03/src/dna_utilities.c:2070:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, (rowsAsHex)? " " : " ");
data/lastz-1.04.03/src/dna_utilities.c:2080:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " " scoreFmtStar, width, ss->sub[*r][*c]);
data/lastz-1.04.03/src/dna_utilities.c:2117:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " " scoreFmtStar, width, ss->sub[*r][*c]);
data/lastz-1.04.03/src/dna_utilities.c:2146:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " " scoreFmtStar, width, ss->sub[*r][*c]);
data/lastz-1.04.03/src/dna_utilities.c:2148:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " " scoreFmtStar, width, ss->sub[*r][*c+'a'-'A']);
data/lastz-1.04.03/src/dna_utilities.c:2157:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " " scoreFmtStar, width, ss->sub[rr][*c]);
data/lastz-1.04.03/src/dna_utilities.c:2159:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " " scoreFmtStar, width, ss->sub[rr][*c+'a'-'A']);
data/lastz-1.04.03/src/dna_utilities.c:2185:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " " scoreFmtStar, width, ss->sub[r][c]);
data/lastz-1.04.03/src/dna_utilities.c:2301:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (threshold->t == 'S') sprintf (s, scoreFmtSimple, threshold->s);
data/lastz-1.04.03/src/dna_utilities.c:2703:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf (ss, "%*s%02X", symWidth-2, "", q[ix]); ss += symWidth; }
data/lastz-1.04.03/src/gapped_extend.c:713:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr,"anchors[%3d,hspid=" u64Fmt "] " unsposSlashFmt " " unsposFmt " " scoreFmt, \
data/lastz-1.04.03/src/gapped_extend.c:845:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, " " unsposFmt ".." unsposFmt, \
data/lastz-1.04.03/src/gapped_extend.c:953:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, " " unsposDotsFmt " vs " unsposDotsFmt \
data/lastz-1.04.03/src/gapped_extend.c:2336:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "align:\tbck\t%s\t" unsposFmt "\t" unsposFmt \
data/lastz-1.04.03/src/gapped_extend.c:2366:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\nalign:\tfwd\t%s\t" unsposFmt "\t" unsposFmt \
data/lastz-1.04.03/src/gapped_extend.c:2955:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (s < negInf) sprintf (str, "-inf" scoreFmtSimple, s-negInf);
data/lastz-1.04.03/src/gapped_extend.c:2957:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
else if (s <= negInf+2000) sprintf (str, "-inf+" scoreFmtSimple, s-negInf);
data/lastz-1.04.03/src/gapped_extend.c:2958:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
else sprintf (str, scoreFmtSimple, s);
data/lastz-1.04.03/src/gapped_extend.c:2983:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ccSnoop, relative_to_infinity ((dq-1)->CC)); \
data/lastz-1.04.03/src/gapped_extend.c:2984:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ddSnoop, relative_to_infinity ((dq-1)->DD)); \
data/lastz-1.04.03/src/gapped_extend.c:2996:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ccSnoop, relative_to_infinity ((dq-1)->CC)); \
data/lastz-1.04.03/src/gapped_extend.c:2997:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ddSnoop, relative_to_infinity ((dq-1)->DD)); \
data/lastz-1.04.03/src/gapped_extend.c:3007:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\nrow " unsposFmt \
data/lastz-1.04.03/src/gapped_extend.c:3014:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, " -> L=" sgnposFmt \
data/lastz-1.04.03/src/gapped_extend.c:3028:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ccSnoop, relative_to_infinity (c)); \
data/lastz-1.04.03/src/gapped_extend.c:3029:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ddSnoop, relative_to_infinity (dp->DD)); \
data/lastz-1.04.03/src/gapped_extend.c:3030:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (iiSnoop, relative_to_infinity (i)); \
data/lastz-1.04.03/src/gapped_extend.c:3042:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ccSnoop, relative_to_infinity (bestScore)); \
data/lastz-1.04.03/src/gapped_extend.c:3053:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ccSnoop, relative_to_infinity ((dq-1)->CC)); \
data/lastz-1.04.03/src/gapped_extend.c:3054:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ddSnoop, relative_to_infinity ((dq-1)->DD)); \
data/lastz-1.04.03/src/gapped_extend.c:3151:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\n leftSeg=%s" \
data/lastz-1.04.03/src/gapped_extend.c:3163:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\n rightSeg=%s" \
data/lastz-1.04.03/src/gapped_extend.c:3173:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\n L=" sgnposFmt " R=" sgnposFmt, \
data/lastz-1.04.03/src/gapped_extend.c:3183:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\n L=" sgnposFmt " R=" sgnposFmt \
data/lastz-1.04.03/src/gapped_extend.c:3190:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\n row " unsposFmt \
data/lastz-1.04.03/src/gapped_extend.c:3200:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\trows=" unsposFmt, row);
data/lastz-1.04.03/src/gapped_extend.c:3206:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\trows=" unsposFmt, row); \
data/lastz-1.04.03/src/gapped_extend.c:4381:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\n update_LR: LY <- " unsposFmt, \
data/lastz-1.04.03/src/gapped_extend.c:4413:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\n update_LR: RY <- " unsposFmt, \
data/lastz-1.04.03/src/gapped_extend.c:4444:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\n update_LR: LY <- " unsposFmt, \
data/lastz-1.04.03/src/gapped_extend.c:4475:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, "\n update_LR: RY <- " unsposFmt, \
data/lastz-1.04.03/src/genpaf.c:728:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, seq1True);
data/lastz-1.04.03/src/genpaf.c:731:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start1);
data/lastz-1.04.03/src/genpaf.c:734:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start1-1);
data/lastz-1.04.03/src/genpaf.c:737:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, dotStart1);
data/lastz-1.04.03/src/genpaf.c:740:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (strand2 == strand1) fprintf (f, unsposFmt, start1);
data/lastz-1.04.03/src/genpaf.c:741:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, unsposFmt, start1+len1-1);
data/lastz-1.04.03/src/genpaf.c:744:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start1+len1-1);
data/lastz-1.04.03/src/genpaf.c:747:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, dotEnd1);
data/lastz-1.04.03/src/genpaf.c:750:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (strand2 == strand1) fprintf (f, unsposFmt, start1+len1-1);
data/lastz-1.04.03/src/genpaf.c:751:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, unsposFmt, start1);
data/lastz-1.04.03/src/genpaf.c:754:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, height);
data/lastz-1.04.03/src/genpaf.c:847:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, seq2True);
data/lastz-1.04.03/src/genpaf.c:852:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, seq2True + 2 - start2 - len2);
data/lastz-1.04.03/src/genpaf.c:857:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start2);
data/lastz-1.04.03/src/genpaf.c:862:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, seq2True + 1 - start2 - len2);
data/lastz-1.04.03/src/genpaf.c:867:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start2-1);
data/lastz-1.04.03/src/genpaf.c:870:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, dotStart2);
data/lastz-1.04.03/src/genpaf.c:875:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, seq2True + 1 - start2);
data/lastz-1.04.03/src/genpaf.c:880:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start2+len2-1);
data/lastz-1.04.03/src/genpaf.c:883:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, dotEnd2);
data/lastz-1.04.03/src/genpaf.c:886:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, width);
data/lastz-1.04.03/src/genpaf.c:969:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, idNumer);
data/lastz-1.04.03/src/genpaf.c:972:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, idDenom - idNumer);
data/lastz-1.04.03/src/genpaf.c:975:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, idDenom);
data/lastz-1.04.03/src/genpaf.c:978:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, conDenom);
data/lastz-1.04.03/src/genpaf.c:1003:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, numGaps);
data/lastz-1.04.03/src/genpaf.c:1006:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, conDenom - conNumer);
data/lastz-1.04.03/src/genpaf.c:1063:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "M", run);
data/lastz-1.04.03/src/genpaf.c:1065:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "m", run);
data/lastz-1.04.03/src/genpaf.c:1076:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "D", i - prevI);
data/lastz-1.04.03/src/genpaf.c:1078:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "d", i - prevI);
data/lastz-1.04.03/src/genpaf.c:1083:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "I", j - prevJ);
data/lastz-1.04.03/src/genpaf.c:1085:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "i", j - prevJ);
data/lastz-1.04.03/src/genpaf.c:1102:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, sgnposFmt, diagNumber(start1,start2));
data/lastz-1.04.03/src/genpaf.c:1121:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, sgnposFmt, diag);
data/lastz-1.04.03/src/genpaf.c:1124:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, scoreFmt, s);
data/lastz-1.04.03/src/genpaf.c:1127:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, u64Fmt, genpafAlignmentNumber);
data/lastz-1.04.03/src/genpaf.c:1130:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, u64Fmt, 1+genpafAlignmentNumber);
data/lastz-1.04.03/src/genpaf.c:1139:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, idNumer, idDenom);
data/lastz-1.04.03/src/genpaf.c:1144:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, idNumer, idDenom);
data/lastz-1.04.03/src/genpaf.c:1155:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, covNumer, covDenom);
data/lastz-1.04.03/src/genpaf.c:1160:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, covNumer, covDenom);
data/lastz-1.04.03/src/genpaf.c:1167:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, conNumer, conDenom);
data/lastz-1.04.03/src/genpaf.c:1172:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, conNumer, conDenom);
data/lastz-1.04.03/src/genpaf.c:1179:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, gapNumer, gapDenom);
data/lastz-1.04.03/src/genpaf.c:1247:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, u64Fmt, hspId);
data/lastz-1.04.03/src/genpaf.c:1480:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, seq1True);
data/lastz-1.04.03/src/genpaf.c:1483:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start1);
data/lastz-1.04.03/src/genpaf.c:1486:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start1-1);
data/lastz-1.04.03/src/genpaf.c:1489:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, dotStart1);
data/lastz-1.04.03/src/genpaf.c:1492:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (strand2 == strand1) fprintf (f, unsposFmt, start1);
data/lastz-1.04.03/src/genpaf.c:1493:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, unsposFmt, start1-1 + length);
data/lastz-1.04.03/src/genpaf.c:1496:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start1-1 + length);
data/lastz-1.04.03/src/genpaf.c:1499:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, dotEnd1);
data/lastz-1.04.03/src/genpaf.c:1502:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (strand2 == strand1) fprintf (f, unsposFmt, start1-1 + length);
data/lastz-1.04.03/src/genpaf.c:1503:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, unsposFmt, start1);
data/lastz-1.04.03/src/genpaf.c:1506:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, length);
data/lastz-1.04.03/src/genpaf.c:1532:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, seq2True);
data/lastz-1.04.03/src/genpaf.c:1537:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, seq2True + 2 - (start2+length));
data/lastz-1.04.03/src/genpaf.c:1542:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start2);
data/lastz-1.04.03/src/genpaf.c:1547:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, seq2True + 1 - (start2+length));
data/lastz-1.04.03/src/genpaf.c:1552:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start2-1);
data/lastz-1.04.03/src/genpaf.c:1555:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, dotStart2);
data/lastz-1.04.03/src/genpaf.c:1560:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, seq2True + 1 - start2);
data/lastz-1.04.03/src/genpaf.c:1565:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, start2-1 + length);
data/lastz-1.04.03/src/genpaf.c:1568:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, dotEnd2);
data/lastz-1.04.03/src/genpaf.c:1571:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, length);
data/lastz-1.04.03/src/genpaf.c:1589:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, numer);
data/lastz-1.04.03/src/genpaf.c:1593:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, denom - numer);
data/lastz-1.04.03/src/genpaf.c:1597:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, denom);
data/lastz-1.04.03/src/genpaf.c:1600:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, length);
data/lastz-1.04.03/src/genpaf.c:1611:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "M", length);
data/lastz-1.04.03/src/genpaf.c:1614:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "m", length);
data/lastz-1.04.03/src/genpaf.c:1628:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, sgnposFmt, diagNumber(start1,start2));
data/lastz-1.04.03/src/genpaf.c:1647:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else fprintf (f, sgnposFmt, diag);
data/lastz-1.04.03/src/genpaf.c:1650:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, scoreFmt, s);
data/lastz-1.04.03/src/genpaf.c:1653:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, u64Fmt, genpafAlignmentNumber);
data/lastz-1.04.03/src/genpaf.c:1656:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, u64Fmt, 1+genpafAlignmentNumber);
data/lastz-1.04.03/src/genpaf.c:1666:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/genpaf.c:1672:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/genpaf.c:1689:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/genpaf.c:1698:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/genpaf.c:1710:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/genpaf.c:1716:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/genpaf.c:1726:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/genpaf.c:1794:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, u64Fmt, hspId);
data/lastz-1.04.03/src/gfa.c:367:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (f, format, args);
data/lastz-1.04.03/src/gfa.c:426:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (s, unsposFmtScanf " " unsposFmtScanf " %d %d%n",
data/lastz-1.04.03/src/gfa.c:448:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (s, unsposFmtScanf " " unsposFmtScanf " %d %d%n",
data/lastz-1.04.03/src/gfa.c:461:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (name1, "%s[" unsposDotsFmt "]%s", n1, start1, stop1, (rc1==1)?"-":"");
data/lastz-1.04.03/src/gfa.c:469:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (name2, "%s[" unsposDotsFmt "]%s", n2, start2, stop2, (rc2==1)?"-":"");
data/lastz-1.04.03/src/identity_dist.c:819:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, identityBinFormat "\t" unsposFmt "\t" possumFmt "\n",
data/lastz-1.04.03/src/infer_scores.c:1387:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name, params->ic.inferFilename);
data/lastz-1.04.03/src/infer_scores.c:1508:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (unsposSlashFmt " identity=" unsposSlashFmt
data/lastz-1.04.03/src/infer_scores.c:1628:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ("bin: " identityBinFormat " cov=" possumFmt,
data/lastz-1.04.03/src/infer_scores.c:1973:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " %c:" unsposFmt, nuc, bkgd[c]);
data/lastz-1.04.03/src/infer_scores.c:1994:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "%c%c:" unsposFmt, nuc1, nuc2, subs[c1][c2]);
data/lastz-1.04.03/src/lastz.c:1307:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (currParams->outputFile, unsposFmt " " unsposFmt "\n",
data/lastz-1.04.03/src/lastz.c:2102:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, " %s " unsposFmt " " unsposFmt,
data/lastz-1.04.03/src/lastz.c:2110:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, " %s " unsposFmt " " unsposFmt,
data/lastz-1.04.03/src/lastz.c:3582:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, \
data/lastz-1.04.03/src/lastz.c:5032:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, "O=" scoreFmtSimple " E=" scoreFmtSimple, scoring->gapOpen, scoring->gapExtend);
data/lastz-1.04.03/src/lastz.c:5037:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "K=%s", score_thresh_to_string (&currParams->hspThreshold));
data/lastz-1.04.03/src/lastz.c:5041:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "L=%s", score_thresh_to_string (&currParams->gappedThreshold));
data/lastz-1.04.03/src/lastz.c:5051:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, "X=" scoreFmtSimple, currParams->xDrop);
data/lastz-1.04.03/src/lastz.c:5059:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, "Y=" scoreFmtSimple, currParams->yDrop);
data/lastz-1.04.03/src/lastz.c:5062:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (buffer, "H=" scoreFmtSimple, currParams->innerThreshold);
data/lastz-1.04.03/src/lastz.c:5125:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, format, args);
data/lastz-1.04.03/src/lastz.c:5241:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (argTemp+2, arg+6);
data/lastz-1.04.03/src/lastz.c:5251:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lzParams->args+argsLen, arg);
data/lastz-1.04.03/src/lav.c:85:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, ", X = " scoreFmtSimple
data/lastz-1.04.03/src/lav.c:510:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (f, format, args);
data/lastz-1.04.03/src/maf.c:175:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "# identity=" unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/maf.c:181:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "# coverage=" unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/maf.c:187:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "# continuity=" unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/maf.c:204:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "m", run);
data/lastz-1.04.03/src/maf.c:213:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "d", i - prevI);
data/lastz-1.04.03/src/maf.c:215:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "i", j - prevJ);
data/lastz-1.04.03/src/maf.c:539:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "# identity=" unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/maf.c:548:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "# coverage=" unsposSlashFmt, numer, denom);
data/lastz-1.04.03/src/maf.c:695:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (f, format, args);
data/lastz-1.04.03/src/maf.c:718:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int w1 = snprintf (NULL, 0, s64Fmt, num1);
data/lastz-1.04.03/src/maf.c:719:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int w2 = snprintf (NULL, 0, s64Fmt, num2);
data/lastz-1.04.03/src/masking.c:618:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt " " unsposFmt "\n", beg, end);
data/lastz-1.04.03/src/masking.c:702:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, unsposFmt "%c%u\n", pos+1, delimiter, count);
data/lastz-1.04.03/src/output.c:1199:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (f, format, args);
data/lastz-1.04.03/src/output.c:1213:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (f, format, args);
data/lastz-1.04.03/src/output.c:1338:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " " unsposFmt, count[ix][iy]);
data/lastz-1.04.03/src/output.c:1405:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (_progName,
data/lastz-1.04.03/src/pos_table.c:1539:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " " unsposFmt, count);
data/lastz-1.04.03/src/pos_table.c:1601:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, (unspos) fieldVal);
data/lastz-1.04.03/src/pos_table.c:1647:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, (unspos) fieldVal);
data/lastz-1.04.03/src/pos_table.c:1698:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt, (unspos) fieldVal);
data/lastz-1.04.03/src/quantum.c:534:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, " in ball: %s score=" scoreFmtSimple,
data/lastz-1.04.03/src/sam.c:427:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (preMask != 0) fprintf (f, unsposFmt "%c", preMask, maskCh);
data/lastz-1.04.03/src/sam.c:435:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "M", run);
data/lastz-1.04.03/src/sam.c:444:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "D", i - prevI);
data/lastz-1.04.03/src/sam.c:446:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposFmt "I", j - prevJ);
data/lastz-1.04.03/src/sam.c:450:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (postMask != 0) fprintf (f, unsposFmt "%c", postMask, maskCh);
data/lastz-1.04.03/src/sam.c:603:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (preMask != 0) fprintf (f, unsposFmt "%c", preMask, maskCh);
data/lastz-1.04.03/src/sam.c:604:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
/* */ fprintf (f, unsposFmt "M", length);
data/lastz-1.04.03/src/sam.c:605:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (postMask != 0) fprintf (f, unsposFmt "%c", postMask, maskCh);
data/lastz-1.04.03/src/seed_search.c:402:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ("# seed bases hit in %s%c: " u64Fmt, name2, strand2, basesHit);
data/lastz-1.04.03/src/seed_search.c:2120:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nonTrivial) fprintf (stderr, unsposSlashFmt, \
data/lastz-1.04.03/src/seed_search.c:2133:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (!nonTrivial) fprintf (stderr, unsposSlashFmt, pos1, pos2); \
data/lastz-1.04.03/src/seed_search.c:2457:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, \
data/lastz-1.04.03/src/seed_search.c:2462:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, \
data/lastz-1.04.03/src/seed_search.c:2472:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, \
data/lastz-1.04.03/src/seed_search.c:2482:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, \
data/lastz-1.04.03/src/seed_search.c:2727:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (unsposFmt ":"
data/lastz-1.04.03/src/seed_search.c:2783:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ("gfex: (diag %9s) " unsposSlashFmt " diagEnd[%04X] <-- " unsposFmt,
data/lastz-1.04.03/src/seed_search.c:3384:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, unsposFmt, *mm - seq1->v); \
data/lastz-1.04.03/src/seed_search.c:4066:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
else if (diag > 0) sprintf (s, "+" sgnposFmt, diag);
data/lastz-1.04.03/src/seed_search.c:4067:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
else sprintf (s, sgnposFmt, diag);
data/lastz-1.04.03/src/seeds.c:575:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (seed->pattern, pattern);
data/lastz-1.04.03/src/seeds.c:752:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->pattern, pattern);
data/lastz-1.04.03/src/seeds.c:833:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->pattern, _seed->pattern);
data/lastz-1.04.03/src/segment.c:588:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (field, unsposFmtScanf "%n", &tStart, &charsUsed);
data/lastz-1.04.03/src/segment.c:597:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (field, unsposFmtScanf "%n", &tEnd, &charsUsed);
data/lastz-1.04.03/src/segment.c:613:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (field, unsposFmtScanf "%n", &qStart, &charsUsed);
data/lastz-1.04.03/src/segment.c:622:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (field, unsposFmtScanf "%n", &qEnd, &charsUsed);
data/lastz-1.04.03/src/segment.c:643:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (field, scoreFmtScanf "%n", &s, &charsUsed);
data/lastz-1.04.03/src/segment.c:1982:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " %s " unsposFmt " " unsposFmt,
data/lastz-1.04.03/src/segment.c:1985:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " %s " unsposFmt "+" unsposFmt " " unsposFmt "+" unsposFmt,
data/lastz-1.04.03/src/segment.c:1988:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " %s " unsposFmt " " unsposFmt,
data/lastz-1.04.03/src/segment.c:1991:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " %s " unsposFmt "+" unsposFmt " " unsposFmt "+" unsposFmt,
data/lastz-1.04.03/src/segment.c:1993:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, " %c " scoreFmtSimple, seg->id, seg->s);
data/lastz-1.04.03/src/sequences.c:217:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, " %s " unsposFmt " " unsposFmt, \
data/lastz-1.04.03/src/sequences.c:225:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, " %s " unsposFmt " " unsposFmt, \
data/lastz-1.04.03/src/sequences.c:3585:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
length = snprintf (_seq->header, 0, "%s:" unsposDashFmt,
data/lastz-1.04.03/src/sequences.c:3598:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (_seq->header, length+1, "%s:" unsposDashFmt,
data/lastz-1.04.03/src/sequences.c:3723:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (/*to*/ _seq->header, /*from*/ seqName);
data/lastz-1.04.03/src/sequences.c:4199:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (/*to*/ nameScan + pathLen,
data/lastz-1.04.03/src/sequences.c:4202:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (/*to*/ nameScan + pathLen+strlen(s) + 1,
data/lastz-1.04.03/src/sequences.c:4212:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (/*to*/ nameScan + baseLen + 1,
data/lastz-1.04.03/src/sequences.c:4331:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (/*to*/ _seq->header, /*from*/ seqName);
data/lastz-1.04.03/src/sequences.c:4881:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
numChars = snprintf (_seq->header, 0, "%s:" unsposDashFmt,
data/lastz-1.04.03/src/sequences.c:4894:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (_seq->header, numChars+1, "%s:" unsposDashFmt,
data/lastz-1.04.03/src/sequences.c:5654:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (field, unsposFmtScanf "%n", &_seq->chore.tStart, &charsUsed);
data/lastz-1.04.03/src/sequences.c:5667:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (field, unsposFmtScanf "%n", &_seq->chore.tEnd, &charsUsed);
data/lastz-1.04.03/src/sequences.c:5680:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (field, unsposFmtScanf "%n", &_seq->chore.qStart, &charsUsed);
data/lastz-1.04.03/src/sequences.c:5693:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (field, unsposFmtScanf "%n", &_seq->chore.qEnd, &charsUsed);
data/lastz-1.04.03/src/sequences.c:5715:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (/*to*/ _seq->chore.tName, /*from*/ tName);
data/lastz-1.04.03/src/sequences.c:5721:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (/*to*/ _seq->nextContigName, /*from*/ qName);
data/lastz-1.04.03/src/sequences.c:5736:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (/*to*/ _seq->chore.idTag, /*from*/ idTag);
data/lastz-1.04.03/src/sequences.c:6039:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
+ snprintf (NULL, 0, unsposFmt, contigNumber);
data/lastz-1.04.03/src/sequences.c:6065:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (d, unsposFmt, contigNumber);
data/lastz-1.04.03/src/sequences.c:6068:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (d, s);
data/lastz-1.04.03/src/sequences.c:6333:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (/*to*/ &sp->pool[p->header], /*from*/ header);
data/lastz-1.04.03/src/sequences.c:6903:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, "[%2d] %8u %8u " unsposStarFmt " " unsposStarFmt,
data/lastz-1.04.03/src/sequences.c:7016:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (line, unsposFmtScanf " " unsposFmtScanf "%c",
data/lastz-1.04.03/src/sequences.c:7180:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (line, unsposFmtScanf " " unsposFmtScanf "%c",
data/lastz-1.04.03/src/sequences.c:8504:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "]%n", &temp, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8526:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposDotsFmtScanf "]%n", &start, &end, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8539:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposDotsFmtScanf "+%f%%]%n", &start, &end, &zoom, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8565:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposCommaFmtScanf "]%n", &start, &end, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8578:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "#" unsposFmtScanf "]%n", &start, &end, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8593:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "#" unsposFmtScanf "K]%n", &start, &end, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8609:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "#%fK]%n", &start, &size, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8625:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "#" unsposFmtScanf "M]%n", &start, &end, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8641:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "#%fM]%n", &start, &size, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8657:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "^" unsposFmtScanf "]%n", &start, &end, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8674:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "^" unsposFmtScanf "K]%n", &start, &end, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8692:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "^%fK]%n", &start, &size, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8710:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "^" unsposFmtScanf "M]%n", &start, &end, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8728:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "^%fM]%n", &start, &size, &charsUsed);
data/lastz-1.04.03/src/sequences.c:8746:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
numItems = sscanf (action, unsposFmtScanf "..]%n", &start, &charsUsed);
data/lastz-1.04.03/src/sequences.c:9716:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt "%c:", digits, pos1+1, (isRev1)?'-':'+');
data/lastz-1.04.03/src/sequences.c:9725:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt "%c:", digits, pos2+1, (isRev2)?'-':'+');
data/lastz-1.04.03/src/sequences.c:9775:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt ": %s\n", width, start, buffer);
data/lastz-1.04.03/src/sequences.c:9787:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt ": %s\n", width, start, buffer);
data/lastz-1.04.03/src/sequences.c:9800:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt ": %s\n", width, start, buffer);
data/lastz-1.04.03/src/text_align.c:478:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt ": ", 10, pos1 + bo - offset1 + startLoc1);
data/lastz-1.04.03/src/text_align.c:506:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt ": ", 10, pos2 + bo - offset2 + startLoc2);
data/lastz-1.04.03/src/text_align.c:586:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt ":", 10, pos1 + bo - offset1 + startLoc1);
data/lastz-1.04.03/src/text_align.c:608:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt ":", 10, pos2 + bo - offset2 + startLoc2);
data/lastz-1.04.03/src/text_align.c:953:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt " %s\n", digits, disp->beg1, disp->row1);
data/lastz-1.04.03/src/text_align.c:981:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt " %s\n", digits, disp->beg2, disp->row2);
data/lastz-1.04.03/src/text_align.c:1032:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt " ", digits, disp->beg1);
data/lastz-1.04.03/src/text_align.c:1056:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (f, unsposStarFmt " ", digits, disp->beg2);
data/lastz-1.04.03/src/utilities.c:371:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy (/*to*/ ss, /*from*/ s);
data/lastz-1.04.03/src/utilities.c:416:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (s1 != NULL) { strcpy (scan, s1); scan += strlen (s1); }
data/lastz-1.04.03/src/utilities.c:417:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (s2 != NULL) { strcpy (scan, s2); scan += strlen (s2); }
data/lastz-1.04.03/src/utilities.c:441:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (s1 != NULL) { strcpy (scan, s1); scan += strlen (s1); }
data/lastz-1.04.03/src/utilities.c:442:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (s2 != NULL) { strcpy (scan, s2); scan += strlen (s2); }
data/lastz-1.04.03/src/utilities.c:443:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (s3 != NULL) { strcpy (scan, s3); scan += strlen (s3); }
data/lastz-1.04.03/src/utilities.c:444:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (s4 != NULL) { strcpy (scan, s4); scan += strlen (s4); }
data/lastz-1.04.03/src/utilities.c:700:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss, s);
data/lastz-1.04.03/src/utilities.c:774:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss, s);
data/lastz-1.04.03/src/utilities.c:797:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf (parseMe, s64Fmt "%c", &v, &extra) != 1)
data/lastz-1.04.03/src/utilities.c:920:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss, s);
data/lastz-1.04.03/src/utilities.c:1235:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (sign < 0) sprintf (s, "-%.1f%s", rep, unitName[unit]);
data/lastz-1.04.03/src/utilities.c:1236:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (s, "%.1f%s", rep, unitName[unit]);
data/lastz-1.04.03/src/utilities.c:1308:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (p > 1.0) strcpy (/*to*/ s.s, /*from*/ ">??");
data/lastz-1.04.03/src/utilities.c:1309:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (p >= 0.995) strcpy (/*to*/ s.s, /*from*/ " 1 ");
data/lastz-1.04.03/src/utilities.c:1310:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (p < 0.005) strcpy (/*to*/ s.s, /*from*/ " ~~");
data/lastz-1.04.03/src/utilities.c:1311:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (p < 0.0) strcpy (/*to*/ s.s, /*from*/ "<??");
data/lastz-1.04.03/src/utilities.c:1315:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (/*to*/ s.s, /*from*/ field+1);
data/lastz-1.04.03/src/utilities.c:1871:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, format, args);
data/lastz-1.04.03/src/utilities.c:1901:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, format, args);
data/lastz-1.04.03/src/utilities.h:120:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define ustrcpy(s1,s2) (strcpy((char*)(s1),(char*)(s2)))
data/lastz-1.04.03/src/utilities.h:193:38: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define memory_checkpoint(fmt) fprintf(stderr,fmt)
data/lastz-1.04.03/src/utilities.h:194:38: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define memory_checkpoint_1(fmt,i) fprintf(stderr,fmt,i)
data/lastz-1.04.03/src/utilities.h:195:38: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define memory_checkpoint_2(fmt,i,s) fprintf(stderr,fmt,i,s)
data/lastz-1.04.03/src/capsule.c:682:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (filename, O_RDONLY);
data/lastz-1.04.03/src/dna_utilities.c:276:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (/*to*/ ss->sub[r], /*from*/ ss->sub[1],
data/lastz-1.04.03/src/dna_utilities.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[200];
data/lastz-1.04.03/src/dna_utilities.c:474:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (/*to*/ ssNew->sub, /*from*/ ss->sub, /*how much*/ sizeof(ss->sub));
data/lastz-1.04.03/src/dna_utilities.c:662:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[256*25+1]; // (must hold 256 fields, up to 25 chars each)
data/lastz-1.04.03/src/dna_utilities.c:1007:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (/*to*/ xss->ss.sub[r], /*from*/ fillRowData,
data/lastz-1.04.03/src/dna_utilities.c:1211:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (/*to*/ xss->ss.sub[r+'a'-'A'], /*from*/ xss->ss.sub[r],
data/lastz-1.04.03/src/dna_utilities.c:1706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[101];
data/lastz-1.04.03/src/dna_utilities.c:2006:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[3];
data/lastz-1.04.03/src/dna_utilities.c:2059:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (colsAsHex) sprintf (s, "%02X", *c);
data/lastz-1.04.03/src/dna_utilities.c:2060:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (s, "%c", *c);
data/lastz-1.04.03/src/dna_utilities.c:2073:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (rowsAsHex) sprintf (s, "%02X", *r);
data/lastz-1.04.03/src/dna_utilities.c:2074:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (s, "%c", *r);
data/lastz-1.04.03/src/dna_utilities.c:2192:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s1[10], s2[10], s3[10];
data/lastz-1.04.03/src/dna_utilities.c:2197:41: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if ((isprint (ch)) && (!isspace (ch))) sprintf (s, "%c", ch);
data/lastz-1.04.03/src/dna_utilities.c:2198:41: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (s, "%02X", ch);
data/lastz-1.04.03/src/dna_utilities.c:2295:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s1[41];
data/lastz-1.04.03/src/dna_utilities.c:2296:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s2[41];
data/lastz-1.04.03/src/dna_utilities.c:2302:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (threshold->t == 'P') sprintf (s, "top%.1f%%", 100*threshold->p);
data/lastz-1.04.03/src/dna_utilities.c:2303:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (threshold->t == 'C') sprintf (s, "top%d", threshold->c);
data/lastz-1.04.03/src/dna_utilities.c:2304:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (s, "(unrecognized)");
data/lastz-1.04.03/src/dna_utilities.c:2438:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[5*25+1]; // (must hold 5 fields, up to 25 chars each)
data/lastz-1.04.03/src/dna_utilities.c:2685:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s1[200];
data/lastz-1.04.03/src/dna_utilities.c:2686:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s2[200];
data/lastz-1.04.03/src/dna_utilities.c:2833:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[33];
data/lastz-1.04.03/src/dna_utilities.c:3087:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _desc[50];
data/lastz-1.04.03/src/dna_utilities.c:3103:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (_desc, "the digit %c", ch);
data/lastz-1.04.03/src/dna_utilities.c:3111:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (_desc, "uppercase %c", ch);
data/lastz-1.04.03/src/dna_utilities.c:3119:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (_desc, "lowercase %c", ch);
data/lastz-1.04.03/src/dna_utilities.c:3125:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (_desc, "ascii %02X", ch);
data/lastz-1.04.03/src/dna_utilities.h:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dna[4]; // (usually "ACGT")
data/lastz-1.04.03/src/edit_script.c:236:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (/*to*/ newS, /*from*/ s, /*how much*/ bytesNeeded);
data/lastz-1.04.03/src/edit_script.c:392:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (d, s, toCopy*sizeof(editop));
data/lastz-1.04.03/src/gapped_extend.c:300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding[dpCell_padding_sz];
data/lastz-1.04.03/src/gapped_extend.c:2910:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[100]; \
data/lastz-1.04.03/src/gapped_extend.c:2948:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ccSnoop[100];
data/lastz-1.04.03/src/gapped_extend.c:2949:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ddSnoop[100];
data/lastz-1.04.03/src/gapped_extend.c:2950:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iiSnoop[100];
data/lastz-1.04.03/src/gapped_extend.c:2954:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[100];
data/lastz-1.04.03/src/gapped_extend.c:2956:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (s == negInf) sprintf (str, "-inf");
data/lastz-1.04.03/src/gapped_extend.c:2967:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char A25[26], B25[26]; \
data/lastz-1.04.03/src/infer_scores.c:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scoreFileId[20];
data/lastz-1.04.03/src/infer_scores.c:449:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (scoreFileId, "s%03d", trial-1);
data/lastz-1.04.03/src/infer_scores.c:583:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (scoreFileId, "g%03d", trial-1);
data/lastz-1.04.03/src/infer_scores.c:1379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[201];
data/lastz-1.04.03/src/infer_scores.c:2117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (/*to*/ dst->items, /*from*/ src->items,
data/lastz-1.04.03/src/lastz.c:4981:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _commentPrefix[2];
data/lastz-1.04.03/src/lastz.c:4982:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[501];
data/lastz-1.04.03/src/lastz.c:5012:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "Z=%d", currParams->step);
data/lastz-1.04.03/src/lastz.c:5020:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "W=%d", hitSeed->length);
data/lastz-1.04.03/src/lastz.c:5065:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "M=%d", currParams->dynamicMasking);
data/lastz-1.04.03/src/lastz.c:5068:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "m=%u", currParams->tracebackMem);
data/lastz-1.04.03/src/lastz.c:8032:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[2001];
data/lastz-1.04.03/src/lastz.c:9085:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seedString[innerWordSize+1];
data/lastz-1.04.03/src/lastz.c:9566:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[201];
data/lastz-1.04.03/src/output.c:371:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prevNameBuff1[maxSequenceName+1];
data/lastz-1.04.03/src/output.c:372:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prevNameBuff2[maxSequenceName+1];
data/lastz-1.04.03/src/output.c:1301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pstr[6];
data/lastz-1.04.03/src/output.c:1398:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _progName[101];
data/lastz-1.04.03/src/pos_table.c:2183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weight[10];
data/lastz-1.04.03/src/pos_table.c:2193:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (weight, "%d", posTableStats.wordWeight / 2);
data/lastz-1.04.03/src/pos_table.c:2195:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (weight, "%d.5", posTableStats.wordWeight / 2);
data/lastz-1.04.03/src/seed_search.c:1211:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prevSeq2Name[41] = "";
data/lastz-1.04.03/src/seed_search.c:2488:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s1[4];
data/lastz-1.04.03/src/seed_search.c:2489:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s2[4];
data/lastz-1.04.03/src/seed_search.c:2494:39: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (_seq->fileType == seq_type_qdna) sprintf (s, "%02X", ch);
data/lastz-1.04.03/src/seed_search.c:2495:39: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf (s, "%c", ch);
data/lastz-1.04.03/src/seed_search.c:4063:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[25]; // (more than enough for 2^64 in decimal with sign)
data/lastz-1.04.03/src/seed_search.c:4131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[19];
data/lastz-1.04.03/src/seed_search.c:4216:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (scratch, "> %d", maxHitsPerColumn);
data/lastz-1.04.03/src/seeds.c:327:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[maxHwSeedLen+1];
data/lastz-1.04.03/src/seeds.c:951:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[70];
data/lastz-1.04.03/src/seeds.c:1224:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[maxHwSeedLen+1];
data/lastz-1.04.03/src/segment.c:464:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[1024];
data/lastz-1.04.03/src/sequences.c:645:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nibTo1stChar[256] =
data/lastz-1.04.03/src/sequences.c:663:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nibTo2ndChar[256] =
data/lastz-1.04.03/src/sequences.c:681:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nibTo1stCharUnmasked[256] =
data/lastz-1.04.03/src/sequences.c:699:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nibTo2ndCharUnmasked[256] =
data/lastz-1.04.03/src/sequences.c:3624:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static u32 read_2bit_index_entry (seq* _seq, char seqName[256], u32 seqNum);
data/lastz-1.04.03/src/sequences.c:3680:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqName[maxSequenceName+1];
data/lastz-1.04.03/src/sequences.c:4012:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqName[maxSequenceName+1];
data/lastz-1.04.03/src/sequences.c:4030:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqName[maxSequenceName+1],
data/lastz-1.04.03/src/sequences.c:4086:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension[10];
data/lastz-1.04.03/src/sequences.c:4591:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[256];
data/lastz-1.04.03/src/sequences.c:5072:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxSequenceHeader+1];
data/lastz-1.04.03/src/sequences.c:5218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxSequenceHeader+1];
data/lastz-1.04.03/src/sequences.c:5339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqName[maxSequenceName+1];
data/lastz-1.04.03/src/sequences.c:5427:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char discard[maxSequenceName+1];
data/lastz-1.04.03/src/sequences.c:5537:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[511+1], discard[511+1];
data/lastz-1.04.03/src/sequences.c:6373:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (spTo->pool, spFrom->pool, poolLen);
data/lastz-1.04.03/src/sequences.c:6957:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[511+1], discard[511+1];
data/lastz-1.04.03/src/sequences.c:7112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[511+1], discard[511+1];
data/lastz-1.04.03/src/sequences.c:9041:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxSequenceHeader+3];
data/lastz-1.04.03/src/sequences.c:9750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[101];
data/lastz-1.04.03/src/utilities.c:77:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (name, mode);
data/lastz-1.04.03/src/utilities.c:383:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (/*to*/ ss, /*from*/ s, /*how much*/ n);
data/lastz-1.04.03/src/utilities.c:684:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[20];
data/lastz-1.04.03/src/utilities.c:758:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[20];
data/lastz-1.04.03/src/utilities.c:906:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[20];
data/lastz-1.04.03/src/utilities.c:1094:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s1[53];// (big enough for 128-bit decimal value with commas,
data/lastz-1.04.03/src/utilities.c:1095:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s2[53];// .. the biggest being
data/lastz-1.04.03/src/utilities.c:1096:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s3[53];// .. -170,141,183,460,469,231,731,687,303,715,884,105,728)
data/lastz-1.04.03/src/utilities.c:1097:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s4[53];
data/lastz-1.04.03/src/utilities.c:1098:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s5[53];
data/lastz-1.04.03/src/utilities.c:1109:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "%jd", (intmax_t) v); // $$$ this could overflow the buffer
data/lastz-1.04.03/src/utilities.c:1139:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s1[52];// (big enough for 128-bit decimal value with commas,
data/lastz-1.04.03/src/utilities.c:1140:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s2[52];// .. the biggest being
data/lastz-1.04.03/src/utilities.c:1141:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s3[52];// .. 340,282,366,920,938,463,463,374,607,431,768,211,455)
data/lastz-1.04.03/src/utilities.c:1142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s4[52];
data/lastz-1.04.03/src/utilities.c:1143:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s5[52];
data/lastz-1.04.03/src/utilities.c:1154:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s, "%jd", (intmax_t) v); // $$$ this could overflow the buffer
data/lastz-1.04.03/src/utilities.c:1213:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s1[10];
data/lastz-1.04.03/src/utilities.c:1214:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s2[10];
data/lastz-1.04.03/src/utilities.c:1268:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s1[17];
data/lastz-1.04.03/src/utilities.c:1269:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s2[17];
data/lastz-1.04.03/src/utilities.c:1306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[5]; // "0.xx" plus a terminator
data/lastz-1.04.03/src/utilities.c:1314:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (field, "%.2f", p);
data/lastz-1.04.03/src/utilities.c:1392:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (/*to*/ pos, /*from*/ rep, /*how much*/ repLen);
data/lastz-1.04.03/src/utilities.h:91:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct char3 { char s[4]; } char3;
data/lastz-1.04.03/src/axt.c:217:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((extras != NULL) && (strlen(extras) != 1) && (extras[0] != genpafSize2))
data/lastz-1.04.03/src/axt.c:292:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((extras != NULL) && (strlen(extras) == 1) && (extras[0] == genpafSize2))
data/lastz-1.04.03/src/axt.c:437:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((extras != NULL) && (strlen(extras) != 1) && (extras[0] != genpafSize2))
data/lastz-1.04.03/src/axt.c:523:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((extras != NULL) && (strlen(extras) == 1) && (extras[0] == genpafSize2))
data/lastz-1.04.03/src/capsule.c:255:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = strlen(seqName) + 1;
data/lastz-1.04.03/src/dna_utilities.c:403:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(id) + strlen(message) + 1 > sizeof(temp))
data/lastz-1.04.03/src/dna_utilities.c:403:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(id) + strlen(message) + 1 > sizeof(temp))
data/lastz-1.04.03/src/dna_utilities.c:408:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy (temp + strlen(id), message);
data/lastz-1.04.03/src/dna_utilities.c:719:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/dna_utilities.c:856:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valLength = strlen(valString);
data/lastz-1.04.03/src/dna_utilities.c:1043:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/dna_utilities.c:1798:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strleni(s)+1 > w) w = strlen(s)+1;
data/lastz-1.04.03/src/dna_utilities.c:2262:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/lastz-1.04.03/src/dna_utilities.c:2484:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/gapped_extend.c:2969:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (A25, (char*) A+1, sizeof(A25)); A25[sizeof(A25)-1] = 0; \
data/lastz-1.04.03/src/gapped_extend.c:2970:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (B25, (char*) B+1, sizeof(B25)); B25[sizeof(B25)-1] = 0; \
data/lastz-1.04.03/src/genpaf.c:1884:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen (field) == strlen(genpafTDName) + genpafTDInfoSize))
data/lastz-1.04.03/src/genpaf.c:1884:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen (field) == strlen(genpafTDName) + genpafTDInfoSize))
data/lastz-1.04.03/src/genpaf.c:1887:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diffChars = field + strlen(genpafTDName);
data/lastz-1.04.03/src/lastz.c:4839:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLen = strlen(name);
data/lastz-1.04.03/src/lastz.c:5022:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (buffer, "");
data/lastz-1.04.03/src/lastz.c:5094:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (expanders[ix].argName);
data/lastz-1.04.03/src/lastz.c:5232:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argTempNeeded = 2 + strlen(arg+6) + 1;
data/lastz-1.04.03/src/lastz.c:5250:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argsLen = strlen(lzParams->args);
data/lastz-1.04.03/src/lastz.c:5252:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (lzParams->args+argsLen+strlen(arg)," ");
data/lastz-1.04.03/src/lastz.c:5252:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy (lzParams->args+argsLen+strlen(arg)," ");
data/lastz-1.04.03/src/lastz.c:5354:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (argStr[strlen(argStr)-1] == ')'))
data/lastz-1.04.03/src/lastz.c:5364:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scan = argStr + strlen("match");
data/lastz-1.04.03/src/lastz.c:5391:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (argStr[strlen(argStr)-1] == ')'))
data/lastz-1.04.03/src/lastz.c:5401:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scan = argStr + strlen("half");
data/lastz-1.04.03/src/lastz.c:5452:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lzParams->maxTransversions = string_to_int (argStr + strlen("cares:"));
data/lastz-1.04.03/src/lastz.c:5458:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lzParams->minMatches = string_to_int (argStr + strlen("cares:"));
data/lastz-1.04.03/src/lastz.c:5625:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (argTempSub, argStr, argTempSubNeeded-1);
data/lastz-1.04.03/src/lastz.c:5664:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (argTempSub, argStr, argTempSubNeeded-1);
data/lastz-1.04.03/src/lastz.c:6244:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argLen = strlen(argStr);
data/lastz-1.04.03/src/lastz.c:6325:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argLen = strlen(argStr);
data/lastz-1.04.03/src/lastz.c:6671:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argLen = strlen(argStr);
data/lastz-1.04.03/src/lastz.c:7159:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (arg[strlen(arg)-1] == ')'))
data/lastz-1.04.03/src/lastz.c:7220:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wordLen = strlen(lzParams->readGroup);
data/lastz-1.04.03/src/lastz.c:7221:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argLen = strlen(argStr);
data/lastz-1.04.03/src/lastz.c:7339:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expLen = strlen(expanders[ix].argName);
data/lastz-1.04.03/src/lastz.c:8055:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/lastz-1.04.03/src/lastz.c:8158:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argsLen += 1 + strlen(argv[ix]);
data/lastz-1.04.03/src/lastz.c:9604:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/lastz-1.04.03/src/lastz.c:9627:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valLen = strlen (valString);
data/lastz-1.04.03/src/lastz.c:9671:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valString[valLen-strlen("*inference_scale")] = 0;
data/lastz-1.04.03/src/lastz.c:9681:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valString[valLen-strlen("*worst_substitution")] = 0;
data/lastz-1.04.03/src/lastz.c:9701:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valString[valLen-strlen("*inference_scale")] = 0;
data/lastz-1.04.03/src/lastz.c:9711:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valString[valLen-strlen("*worst_substitution")] = 0;
data/lastz-1.04.03/src/lastz.c:9733:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valString[valLen-strlen("*inference_scale")] = 0;
data/lastz-1.04.03/src/lastz.c:9742:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valString[valLen-strlen("*worst_substitution")] = 0;
data/lastz-1.04.03/src/lastz.c:9756:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valString[valLen-strlen("*inference_scale")] = 0;
data/lastz-1.04.03/src/lastz.c:9765:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valString[valLen-strlen("*worst_substitution")] = 0;
data/lastz-1.04.03/src/lastz.c:9771:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valString[valLen-strlen("*gap_open_penalty")] = 0;
data/lastz-1.04.03/src/lastz.c:10057:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
after = where[strlen("quantum")];
data/lastz-1.04.03/src/maf.c:372:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen (name1) + strlen (suff1);
data/lastz-1.04.03/src/maf.c:372:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen (name1) + strlen (suff1);
data/lastz-1.04.03/src/maf.c:373:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen (pref2) + strlen (name2) + strlen (suff2);
data/lastz-1.04.03/src/maf.c:373:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen (pref2) + strlen (name2) + strlen (suff2);
data/lastz-1.04.03/src/maf.c:373:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen (pref2) + strlen (name2) + strlen (suff2);
data/lastz-1.04.03/src/maf.c:627:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen (name1) + strlen (suff1);
data/lastz-1.04.03/src/maf.c:627:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen (name1) + strlen (suff1);
data/lastz-1.04.03/src/maf.c:628:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen (pref2) + strlen (name2) + strlen (suff2);
data/lastz-1.04.03/src/maf.c:628:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen (pref2) + strlen (name2) + strlen (suff2);
data/lastz-1.04.03/src/maf.c:628:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen (pref2) + strlen (name2) + strlen (suff2);
data/lastz-1.04.03/src/output.c:450:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (/*to*/ prevName1, /*from*/ name1, sizeof(prevNameBuff1));
data/lastz-1.04.03/src/output.c:451:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (/*to*/ prevName2, /*from*/ name2, sizeof(prevNameBuff2));
data/lastz-1.04.03/src/output.c:508:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (/*to*/ prevName1, /*from*/ name1, sizeof(prevNameBuff1));
data/lastz-1.04.03/src/output.c:509:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (/*to*/ prevName2, /*from*/ name2, sizeof(prevNameBuff2));
data/lastz-1.04.03/src/sam.c:163:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (/*to*/ ss, /*from*/ idTag, idLen);
data/lastz-1.04.03/src/seed_search.c:1246:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (prevSeq2Name, seq2->header, sizeof(prevSeq2Name));
data/lastz-1.04.03/src/seed_search.c:4065:22: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
if (diag == 0) sprintf (s, "0");
data/lastz-1.04.03/src/seeds.c:256:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (terminator == NULL) terminator = s + strlen (s);
data/lastz-1.04.03/src/seeds.c:740:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = new_seed (numParts, strlen(pattern), numFlips);
data/lastz-1.04.03/src/seeds.c:821:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = new_seed (_seed->numParts, strlen(_seed->pattern), numFlips);
data/lastz-1.04.03/src/segment.c:548:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/segment.c:589:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field;
data/lastz-1.04.03/src/segment.c:598:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field;
data/lastz-1.04.03/src/segment.c:614:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field;
data/lastz-1.04.03/src/segment.c:623:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field;
data/lastz-1.04.03/src/segment.c:632:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(field) != 1) goto bad_field;
data/lastz-1.04.03/src/segment.c:644:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field;
data/lastz-1.04.03/src/sequences.c:1032:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_seq->headerSize = strlen (_seq->header) + 1;
data/lastz-1.04.03/src/sequences.c:1530:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newSeq->headerSize = strlen (newSeq->header) + 1;
data/lastz-1.04.03/src/sequences.c:1542:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newSeq->shortHeaderSize = strlen (newSeq->shortHeader) + 1;
data/lastz-1.04.03/src/sequences.c:1554:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newSeq->trueHeaderSize = strlen (newSeq->trueHeader) + 1;
data/lastz-1.04.03/src/sequences.c:2133:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
whitespace_to_under (_seq->header, strlen(_seq->header));
data/lastz-1.04.03/src/sequences.c:2285:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
triggerFound += strlen (_seq->nameTrigger);
data/lastz-1.04.03/src/sequences.c:2657:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
triggerFound += strlen (_seq->nameTrigger);
data/lastz-1.04.03/src/sequences.c:2830:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (headerIx != strlen(_seq->trueHeader)) goto third_line_short; }
data/lastz-1.04.03/src/sequences.c:2942:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (headerIx >= strlen(_seq->trueHeader)) goto third_line_long;
data/lastz-1.04.03/src/sequences.c:2949:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sequence_filename(_seq), strlen(_seq->trueHeader)+1, _seq->trueHeader);
data/lastz-1.04.03/src/sequences.c:3153:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
triggerFound += strlen (_seq->nameTrigger);
data/lastz-1.04.03/src/sequences.c:3714:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numChars = strlen (seqName);
data/lastz-1.04.03/src/sequences.c:4146:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
baseLen = strlen(_seq->filename);
data/lastz-1.04.03/src/sequences.c:4168:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (/*to*/ extension, /*from*/ s, sizeof(extension));
data/lastz-1.04.03/src/sequences.c:4172:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameBytes += pathLen + strlen(s) + 1 + strlen(extension) + 1;
data/lastz-1.04.03/src/sequences.c:4172:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameBytes += pathLen + strlen(s) + 1 + strlen(extension) + 1;
data/lastz-1.04.03/src/sequences.c:4174:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameBytes += baseLen + 1 + strlen(extension) + 1;
data/lastz-1.04.03/src/sequences.c:4191:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (/*to*/ extension, /*from*/ s, sizeof(extension));
data/lastz-1.04.03/src/sequences.c:4196:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (/*to*/ nameScan,
data/lastz-1.04.03/src/sequences.c:4201:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameScan[pathLen+strlen(s)] = '.';
data/lastz-1.04.03/src/sequences.c:4202:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy (/*to*/ nameScan + pathLen+strlen(s) + 1,
data/lastz-1.04.03/src/sequences.c:4204:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameScan += pathLen + strlen(s) + 1 + strlen(extension) + 1;
data/lastz-1.04.03/src/sequences.c:4204:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameScan += pathLen + strlen(s) + 1 + strlen(extension) + 1;
data/lastz-1.04.03/src/sequences.c:4208:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (/*to*/ nameScan,
data/lastz-1.04.03/src/sequences.c:4214:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameScan += baseLen + 1 + strlen(extension) + 1;
data/lastz-1.04.03/src/sequences.c:4322:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numChars = strlen (seqName);
data/lastz-1.04.03/src/sequences.c:4514:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bucket = hassock_hash (name, strlen(name)) % _seq->hsx.numBuckets;
data/lastz-1.04.03/src/sequences.c:4568:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bucketOffset += 1 + 6 + 5 + strlen(seqName) + 1;
data/lastz-1.04.03/src/sequences.c:5150:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header += strlen (_seq->nameTrigger);
data/lastz-1.04.03/src/sequences.c:5162:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headerLen = strlen(buffer);
data/lastz-1.04.03/src/sequences.c:5167:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headerLen = strlen(buffer);
data/lastz-1.04.03/src/sequences.c:5179:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen (_seq->nextContigName) != headerLen)
data/lastz-1.04.03/src/sequences.c:5191:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ix=strlen(buffer) ; ix>0 ; )
data/lastz-1.04.03/src/sequences.c:5269:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header += strlen (_seq->nameTrigger);
data/lastz-1.04.03/src/sequences.c:5281:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headerLen = strlen(buffer);
data/lastz-1.04.03/src/sequences.c:5286:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headerLen = strlen(buffer);
data/lastz-1.04.03/src/sequences.c:5298:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| ((int) strlen (_seq->nextContigName) != headerLen))
data/lastz-1.04.03/src/sequences.c:5315:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ix=strlen(buffer) ; ix>0 ; )
data/lastz-1.04.03/src/sequences.c:5439:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/sequences.c:5447:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(discard);
data/lastz-1.04.03/src/sequences.c:5459:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/sequences.c:5558:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/sequences.c:5566:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(discard);
data/lastz-1.04.03/src/sequences.c:5578:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/sequences.c:5618:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strncmp (scan, "id=", strlen("id+")) != 0))
data/lastz-1.04.03/src/sequences.c:5636:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (scan, "id=", strlen("id+")) == 0)
data/lastz-1.04.03/src/sequences.c:5638:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idTag = scan + strlen("id+");
data/lastz-1.04.03/src/sequences.c:5655:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field;
data/lastz-1.04.03/src/sequences.c:5668:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field;
data/lastz-1.04.03/src/sequences.c:5681:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field;
data/lastz-1.04.03/src/sequences.c:5694:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field;
data/lastz-1.04.03/src/sequences.c:5712:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(tName) >= sizeof(_seq->chore.tName))
data/lastz-1.04.03/src/sequences.c:5718:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qName) >= sizeof(_seq->nextContigName))
data/lastz-1.04.03/src/sequences.c:5734:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(idTag) >= sizeof(_seq->chore.idTag))
data/lastz-1.04.03/src/sequences.c:5916:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h = skip_whitespace (h + strlen (s));
data/lastz-1.04.03/src/sequences.c:5921:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hh = skip_whitespace (h + strlen (s));
data/lastz-1.04.03/src/sequences.c:5926:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h = skip_whitespace (hh + strlen (s)); // .. "of" is present)
data/lastz-1.04.03/src/sequences.c:5961:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sLen = strlen(s);
data/lastz-1.04.03/src/sequences.c:5966:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sLen = strlen(s);
data/lastz-1.04.03/src/sequences.c:5971:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sLen = strlen(s);
data/lastz-1.04.03/src/sequences.c:5976:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sLen = strlen(s);
data/lastz-1.04.03/src/sequences.c:5981:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sLen = strlen(s);
data/lastz-1.04.03/src/sequences.c:5991:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (src, h, len);
data/lastz-1.04.03/src/sequences.c:5995:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
whitespace_to_under (src, strlen(src));
data/lastz-1.04.03/src/sequences.c:6008:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dst, h, len);
data/lastz-1.04.03/src/sequences.c:6014:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
whitespace_to_under (dst, strlen(dst));
data/lastz-1.04.03/src/sequences.c:6037:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (src)
data/lastz-1.04.03/src/sequences.c:6038:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
- strlen ("{number}")
data/lastz-1.04.03/src/sequences.c:6060:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (d, s, expand-src);
data/lastz-1.04.03/src/sequences.c:6062:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = expand + strlen("{number}");
data/lastz-1.04.03/src/sequences.c:6066:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d += strlen(d);
data/lastz-1.04.03/src/sequences.c:6315:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
headerLen = strlen(header);
data/lastz-1.04.03/src/sequences.c:6989:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/sequences.c:6997:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(discard);
data/lastz-1.04.03/src/sequences.c:7005:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/sequences.c:7153:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/sequences.c:7161:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(discard);
data/lastz-1.04.03/src/sequences.c:7169:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/lastz-1.04.03/src/sequences.c:7968:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent = strlen (action);
data/lastz-1.04.03/src/sequences.c:7969:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineWidth = indent + strlen (description);
data/lastz-1.04.03/src/sequences.c:7973:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLen = strlen(name);
data/lastz-1.04.03/src/sequences.c:8084:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (fname);
data/lastz-1.04.03/src/sequences.c:8131:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (mask);
data/lastz-1.04.03/src/sequences.c:8172:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (actions);
data/lastz-1.04.03/src/sequences.c:8198:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (action);
data/lastz-1.04.03/src/sequences.c:8235:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("sep=");
data/lastz-1.04.03/src/sequences.c:8241:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("separator=");
data/lastz-1.04.03/src/sequences.c:8263:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("@");
data/lastz-1.04.03/src/sequences.c:8269:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("subset=");
data/lastz-1.04.03/src/sequences.c:8273:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_name_file;
data/lastz-1.04.03/src/sequences.c:8280:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("chores=");
data/lastz-1.04.03/src/sequences.c:8283:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_chore_file;
data/lastz-1.04.03/src/sequences.c:8290:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("subsample=");
data/lastz-1.04.03/src/sequences.c:8293:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_subsample;
data/lastz-1.04.03/src/sequences.c:8306:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(slashParse);
data/lastz-1.04.03/src/sequences.c:8339:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("nickname=");
data/lastz-1.04.03/src/sequences.c:8342:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_nickname;
data/lastz-1.04.03/src/sequences.c:8349:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("name=");
data/lastz-1.04.03/src/sequences.c:8355:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("nameparse=tag:");
data/lastz-1.04.03/src/sequences.c:8359:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_name_trigger;
data/lastz-1.04.03/src/sequences.c:8376:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("soft=keep:");
data/lastz-1.04.03/src/sequences.c:8382:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("softmask=keep:");
data/lastz-1.04.03/src/sequences.c:8386:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_soft_mask_file;
data/lastz-1.04.03/src/sequences.c:8394:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("soft=");
data/lastz-1.04.03/src/sequences.c:8400:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("softmask=");
data/lastz-1.04.03/src/sequences.c:8404:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_soft_mask_file;
data/lastz-1.04.03/src/sequences.c:8412:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("xmask=keep:");
data/lastz-1.04.03/src/sequences.c:8415:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_x_mask_file;
data/lastz-1.04.03/src/sequences.c:8423:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("xmask=");
data/lastz-1.04.03/src/sequences.c:8426:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_x_mask_file;
data/lastz-1.04.03/src/sequences.c:8434:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("nmask=keep:");
data/lastz-1.04.03/src/sequences.c:8437:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_n_mask_file;
data/lastz-1.04.03/src/sequences.c:8445:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("nmask=");
data/lastz-1.04.03/src/sequences.c:8448:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_n_mask_file;
data/lastz-1.04.03/src/sequences.c:8466:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("quantum=");
data/lastz-1.04.03/src/sequences.c:8469:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actionName) == 0) goto bad_code_file;
data/lastz-1.04.03/src/sequences.c:8478:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actionName = action + strlen("format=");
data/lastz-1.04.03/src/sequences.c:9440:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc (_seq->f);
data/lastz-1.04.03/src/utilities.c:137:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc (f);
data/lastz-1.04.03/src/utilities.c:370:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss = malloc_or_die ("copy_string", strlen(s) + 1);
data/lastz-1.04.03/src/utilities.c:410:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s1 != NULL) len += strlen (s1);
data/lastz-1.04.03/src/utilities.c:411:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s2 != NULL) len += strlen (s2);
data/lastz-1.04.03/src/utilities.c:416:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s1 != NULL) { strcpy (scan, s1); scan += strlen (s1); }
data/lastz-1.04.03/src/utilities.c:417:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s2 != NULL) { strcpy (scan, s2); scan += strlen (s2); }
data/lastz-1.04.03/src/utilities.c:433:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s1 != NULL) len += strlen (s1);
data/lastz-1.04.03/src/utilities.c:434:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s2 != NULL) len += strlen (s2);
data/lastz-1.04.03/src/utilities.c:435:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s3 != NULL) len += strlen (s3);
data/lastz-1.04.03/src/utilities.c:436:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s4 != NULL) len += strlen (s4);
data/lastz-1.04.03/src/utilities.c:441:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s1 != NULL) { strcpy (scan, s1); scan += strlen (s1); }
data/lastz-1.04.03/src/utilities.c:442:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s2 != NULL) { strcpy (scan, s2); scan += strlen (s2); }
data/lastz-1.04.03/src/utilities.c:443:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s3 != NULL) { strcpy (scan, s3); scan += strlen (s3); }
data/lastz-1.04.03/src/utilities.c:444:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s4 != NULL) { strcpy (scan, s4); scan += strlen (s4); }
data/lastz-1.04.03/src/utilities.c:527:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp (str1, str2, strlen (str2));
data/lastz-1.04.03/src/utilities.c:554:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = strlen(str1);
data/lastz-1.04.03/src/utilities.c:555:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = strlen(str2);
data/lastz-1.04.03/src/utilities.c:566:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = strlen(str1);
data/lastz-1.04.03/src/utilities.c:567:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = strlen(str2);
data/lastz-1.04.03/src/utilities.c:685:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (s);
data/lastz-1.04.03/src/utilities.c:759:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (s);
data/lastz-1.04.03/src/utilities.c:907:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (s);
data/lastz-1.04.03/src/utilities.c:1112:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s);
data/lastz-1.04.03/src/utilities.c:1157:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s);
data/lastz-1.04.03/src/utilities.c:1361:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sLen = strlen(s);
data/lastz-1.04.03/src/utilities.c:1362:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subLen = strlen(sub);
data/lastz-1.04.03/src/utilities.c:1363:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
repLen = strlen(rep);
data/lastz-1.04.03/src/utilities.c:1555:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else return strlen(tag);
data/lastz-1.04.03/src/utilities.h:118:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ustrlen(s) (strlen((char*)(s)))
data/lastz-1.04.03/src/utilities.h:123:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strleni(s) ((int)(strlen(s)))
ANALYSIS SUMMARY:
Hits = 677
Lines analyzed = 65282 in approximately 2.00 seconds (32720 lines/second)
Physical Source Lines of Code (SLOC) = 39076
Hits@level = [0] 2033 [1] 230 [2] 119 [3] 0 [4] 328 [5] 0
Hits@level+ = [0+] 2710 [1+] 677 [2+] 447 [3+] 328 [4+] 328 [5+] 0
Hits/KSLOC@level+ = [0+] 69.352 [1+] 17.3252 [2+] 11.4392 [3+] 8.3939 [4+] 8.3939 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.