Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/lastz-1.04.03/src/align_diffs.c Examining data/lastz-1.04.03/src/align_diffs.h Examining data/lastz-1.04.03/src/axt.c Examining data/lastz-1.04.03/src/axt.h Examining data/lastz-1.04.03/src/build_options.h Examining data/lastz-1.04.03/src/capsule.c Examining data/lastz-1.04.03/src/capsule.h Examining data/lastz-1.04.03/src/chain.c Examining data/lastz-1.04.03/src/chain.h Examining data/lastz-1.04.03/src/cigar.c Examining data/lastz-1.04.03/src/cigar.h Examining data/lastz-1.04.03/src/continuity_dist.c Examining data/lastz-1.04.03/src/continuity_dist.h Examining data/lastz-1.04.03/src/coverage_dist.c Examining data/lastz-1.04.03/src/coverage_dist.h Examining data/lastz-1.04.03/src/diag_hash.c Examining data/lastz-1.04.03/src/diag_hash.h Examining data/lastz-1.04.03/src/dna_utilities.h Examining data/lastz-1.04.03/src/edit_script.c Examining data/lastz-1.04.03/src/edit_script.h Examining data/lastz-1.04.03/src/gapped_extend.c Examining data/lastz-1.04.03/src/gapped_extend.h Examining data/lastz-1.04.03/src/genpaf.c Examining data/lastz-1.04.03/src/genpaf.h Examining data/lastz-1.04.03/src/gfa.c Examining data/lastz-1.04.03/src/gfa.h Examining data/lastz-1.04.03/src/identity_dist.c Examining data/lastz-1.04.03/src/identity_dist.h Examining data/lastz-1.04.03/src/infer_scores.c Examining data/lastz-1.04.03/src/infer_scores.h Examining data/lastz-1.04.03/src/lastz.h Examining data/lastz-1.04.03/src/lav.c Examining data/lastz-1.04.03/src/lav.h Examining data/lastz-1.04.03/src/maf.c Examining data/lastz-1.04.03/src/maf.h Examining data/lastz-1.04.03/src/masking.c Examining data/lastz-1.04.03/src/masking.h Examining data/lastz-1.04.03/src/output.c Examining data/lastz-1.04.03/src/output.h Examining data/lastz-1.04.03/src/pos_table.c Examining data/lastz-1.04.03/src/pos_table.h Examining data/lastz-1.04.03/src/quantum.c Examining data/lastz-1.04.03/src/quantum.h Examining data/lastz-1.04.03/src/sam.c Examining data/lastz-1.04.03/src/sam.h Examining data/lastz-1.04.03/src/seed_search.c Examining data/lastz-1.04.03/src/seed_search.h Examining data/lastz-1.04.03/src/seeds.c Examining data/lastz-1.04.03/src/seeds.h Examining data/lastz-1.04.03/src/segment.c Examining data/lastz-1.04.03/src/segment.h Examining data/lastz-1.04.03/src/sequences.h Examining data/lastz-1.04.03/src/text_align.c Examining data/lastz-1.04.03/src/text_align.h Examining data/lastz-1.04.03/src/tweener.c Examining data/lastz-1.04.03/src/tweener.h Examining data/lastz-1.04.03/src/utilities.c Examining data/lastz-1.04.03/src/utilities.h Examining data/lastz-1.04.03/src/sequences.c Examining data/lastz-1.04.03/src/dna_utilities.c Examining data/lastz-1.04.03/src/lastz.c FINAL RESULTS: data/lastz-1.04.03/src/axt.c:147:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "# identity=" unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/axt.c:153:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "# coverage=" unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/axt.c:286:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, u64Fmt " %s " unsposFmt " " unsposFmt data/lastz-1.04.03/src/axt.c:293:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " " unsposFmt, seq2Len); data/lastz-1.04.03/src/axt.c:447:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "# identity=" unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/axt.c:456:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "# coverage=" unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/axt.c:517:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, u64Fmt " %s " unsposFmt " " unsposFmt data/lastz-1.04.03/src/axt.c:524:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " " unsposFmt, seq2Len); data/lastz-1.04.03/src/axt.c:580:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (f, format, args); data/lastz-1.04.03/src/chain.c:207:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, " seq1: " unsposFmt ".." unsposFmt, \ data/lastz-1.04.03/src/chain.c:210:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, " seq2: " unsposFmt ".." unsposFmt, \ data/lastz-1.04.03/src/chain.c:470:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, \ data/lastz-1.04.03/src/cigar.c:304:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "cigar:" data/lastz-1.04.03/src/cigar.c:323:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (letterAfter) fprintf (f, unsposFmt "%c", run, chM); data/lastz-1.04.03/src/cigar.c:324:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, " %c " unsposFmt, chM, run); data/lastz-1.04.03/src/cigar.c:336:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " %c " unsposFmt, chD, i - prevI); data/lastz-1.04.03/src/cigar.c:340:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "%c", i - prevI, chD); data/lastz-1.04.03/src/cigar.c:345:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " %c " unsposFmt, chI, j - prevJ); data/lastz-1.04.03/src/cigar.c:349:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "%c", j - prevJ, chI); data/lastz-1.04.03/src/cigar.c:484:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "cigar:" data/lastz-1.04.03/src/cigar.c:498:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " %c " unsposFmt, chM, length); data/lastz-1.04.03/src/cigar.c:502:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "%c", length, chM); data/lastz-1.04.03/src/cigar.c:561:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " %c " unsposFmt, chX, runLen); data/lastz-1.04.03/src/cigar.c:565:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "%c", runLen, chX); data/lastz-1.04.03/src/cigar.c:576:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " = " unsposFmt, runLen); data/lastz-1.04.03/src/cigar.c:580:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "=", runLen); data/lastz-1.04.03/src/cigar.c:591:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " %c " unsposFmt, ch, runLen); data/lastz-1.04.03/src/cigar.c:595:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "%c", runLen, ch); data/lastz-1.04.03/src/dna_utilities.c:407:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp, id); data/lastz-1.04.03/src/dna_utilities.c:408:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp + strlen(id), message); data/lastz-1.04.03/src/dna_utilities.c:1756:14: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (asInts) fprintf (f, wssScoreFmt, round_score (v)); data/lastz-1.04.03/src/dna_utilities.c:1757:14: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, wssScoreFmt, v); data/lastz-1.04.03/src/dna_utilities.c:1762:14: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (asInts) fprintf (f, wssScoreFmt, round_score (v)); data/lastz-1.04.03/src/dna_utilities.c:1763:14: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, wssScoreFmt, v); data/lastz-1.04.03/src/dna_utilities.c:1770:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (asInts) fprintf (f, wssScoreFmt, round_score (v)); data/lastz-1.04.03/src/dna_utilities.c:1771:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, wssScoreFmt, v); data/lastz-1.04.03/src/dna_utilities.c:1776:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (asInts) fprintf (f, wssScoreFmt, round_score (v)); data/lastz-1.04.03/src/dna_utilities.c:1777:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, wssScoreFmt, v); data/lastz-1.04.03/src/dna_utilities.c:1796:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. if (asInts) sprintf (s, wssScoreFmt, round_score (v)); data/lastz-1.04.03/src/dna_utilities.c:1797:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. else sprintf (s, wssScoreFmt, v); data/lastz-1.04.03/src/dna_utilities.c:1820:16: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (asInts) fprintf (f, wssScoreFmtStar, w, round_score (v)); data/lastz-1.04.03/src/dna_utilities.c:1821:16: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, wssScoreFmtStar, w, v); data/lastz-1.04.03/src/dna_utilities.c:2052:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, (rowsHidden)? " " data/lastz-1.04.03/src/dna_utilities.c:2070:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, (rowsAsHex)? " " : " "); data/lastz-1.04.03/src/dna_utilities.c:2080:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " " scoreFmtStar, width, ss->sub[*r][*c]); data/lastz-1.04.03/src/dna_utilities.c:2117:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " " scoreFmtStar, width, ss->sub[*r][*c]); data/lastz-1.04.03/src/dna_utilities.c:2146:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " " scoreFmtStar, width, ss->sub[*r][*c]); data/lastz-1.04.03/src/dna_utilities.c:2148:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " " scoreFmtStar, width, ss->sub[*r][*c+'a'-'A']); data/lastz-1.04.03/src/dna_utilities.c:2157:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " " scoreFmtStar, width, ss->sub[rr][*c]); data/lastz-1.04.03/src/dna_utilities.c:2159:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " " scoreFmtStar, width, ss->sub[rr][*c+'a'-'A']); data/lastz-1.04.03/src/dna_utilities.c:2185:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " " scoreFmtStar, width, ss->sub[r][c]); data/lastz-1.04.03/src/dna_utilities.c:2301:32: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. if (threshold->t == 'S') sprintf (s, scoreFmtSimple, threshold->s); data/lastz-1.04.03/src/dna_utilities.c:2703:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. { sprintf (ss, "%*s%02X", symWidth-2, "", q[ix]); ss += symWidth; } data/lastz-1.04.03/src/gapped_extend.c:713:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr,"anchors[%3d,hspid=" u64Fmt "] " unsposSlashFmt " " unsposFmt " " scoreFmt, \ data/lastz-1.04.03/src/gapped_extend.c:845:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, " " unsposFmt ".." unsposFmt, \ data/lastz-1.04.03/src/gapped_extend.c:953:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, " " unsposDotsFmt " vs " unsposDotsFmt \ data/lastz-1.04.03/src/gapped_extend.c:2336:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "align:\tbck\t%s\t" unsposFmt "\t" unsposFmt \ data/lastz-1.04.03/src/gapped_extend.c:2366:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\nalign:\tfwd\t%s\t" unsposFmt "\t" unsposFmt \ data/lastz-1.04.03/src/gapped_extend.c:2955:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. if (s < negInf) sprintf (str, "-inf" scoreFmtSimple, s-negInf); data/lastz-1.04.03/src/gapped_extend.c:2957:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. else if (s <= negInf+2000) sprintf (str, "-inf+" scoreFmtSimple, s-negInf); data/lastz-1.04.03/src/gapped_extend.c:2958:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. else sprintf (str, scoreFmtSimple, s); data/lastz-1.04.03/src/gapped_extend.c:2983:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ccSnoop, relative_to_infinity ((dq-1)->CC)); \ data/lastz-1.04.03/src/gapped_extend.c:2984:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ddSnoop, relative_to_infinity ((dq-1)->DD)); \ data/lastz-1.04.03/src/gapped_extend.c:2996:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ccSnoop, relative_to_infinity ((dq-1)->CC)); \ data/lastz-1.04.03/src/gapped_extend.c:2997:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ddSnoop, relative_to_infinity ((dq-1)->DD)); \ data/lastz-1.04.03/src/gapped_extend.c:3007:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\nrow " unsposFmt \ data/lastz-1.04.03/src/gapped_extend.c:3014:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, " -> L=" sgnposFmt \ data/lastz-1.04.03/src/gapped_extend.c:3028:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ccSnoop, relative_to_infinity (c)); \ data/lastz-1.04.03/src/gapped_extend.c:3029:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ddSnoop, relative_to_infinity (dp->DD)); \ data/lastz-1.04.03/src/gapped_extend.c:3030:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (iiSnoop, relative_to_infinity (i)); \ data/lastz-1.04.03/src/gapped_extend.c:3042:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ccSnoop, relative_to_infinity (bestScore)); \ data/lastz-1.04.03/src/gapped_extend.c:3053:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ccSnoop, relative_to_infinity ((dq-1)->CC)); \ data/lastz-1.04.03/src/gapped_extend.c:3054:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ddSnoop, relative_to_infinity ((dq-1)->DD)); \ data/lastz-1.04.03/src/gapped_extend.c:3151:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\n leftSeg=%s" \ data/lastz-1.04.03/src/gapped_extend.c:3163:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\n rightSeg=%s" \ data/lastz-1.04.03/src/gapped_extend.c:3173:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\n L=" sgnposFmt " R=" sgnposFmt, \ data/lastz-1.04.03/src/gapped_extend.c:3183:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\n L=" sgnposFmt " R=" sgnposFmt \ data/lastz-1.04.03/src/gapped_extend.c:3190:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\n row " unsposFmt \ data/lastz-1.04.03/src/gapped_extend.c:3200:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\trows=" unsposFmt, row); data/lastz-1.04.03/src/gapped_extend.c:3206:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\trows=" unsposFmt, row); \ data/lastz-1.04.03/src/gapped_extend.c:4381:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\n update_LR: LY <- " unsposFmt, \ data/lastz-1.04.03/src/gapped_extend.c:4413:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\n update_LR: RY <- " unsposFmt, \ data/lastz-1.04.03/src/gapped_extend.c:4444:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\n update_LR: LY <- " unsposFmt, \ data/lastz-1.04.03/src/gapped_extend.c:4475:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, "\n update_LR: RY <- " unsposFmt, \ data/lastz-1.04.03/src/genpaf.c:728:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, seq1True); data/lastz-1.04.03/src/genpaf.c:731:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start1); data/lastz-1.04.03/src/genpaf.c:734:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start1-1); data/lastz-1.04.03/src/genpaf.c:737:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, dotStart1); data/lastz-1.04.03/src/genpaf.c:740:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (strand2 == strand1) fprintf (f, unsposFmt, start1); data/lastz-1.04.03/src/genpaf.c:741:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, unsposFmt, start1+len1-1); data/lastz-1.04.03/src/genpaf.c:744:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start1+len1-1); data/lastz-1.04.03/src/genpaf.c:747:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, dotEnd1); data/lastz-1.04.03/src/genpaf.c:750:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (strand2 == strand1) fprintf (f, unsposFmt, start1+len1-1); data/lastz-1.04.03/src/genpaf.c:751:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, unsposFmt, start1); data/lastz-1.04.03/src/genpaf.c:754:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, height); data/lastz-1.04.03/src/genpaf.c:847:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, seq2True); data/lastz-1.04.03/src/genpaf.c:852:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, seq2True + 2 - start2 - len2); data/lastz-1.04.03/src/genpaf.c:857:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start2); data/lastz-1.04.03/src/genpaf.c:862:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, seq2True + 1 - start2 - len2); data/lastz-1.04.03/src/genpaf.c:867:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start2-1); data/lastz-1.04.03/src/genpaf.c:870:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, dotStart2); data/lastz-1.04.03/src/genpaf.c:875:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, seq2True + 1 - start2); data/lastz-1.04.03/src/genpaf.c:880:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start2+len2-1); data/lastz-1.04.03/src/genpaf.c:883:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, dotEnd2); data/lastz-1.04.03/src/genpaf.c:886:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, width); data/lastz-1.04.03/src/genpaf.c:969:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, idNumer); data/lastz-1.04.03/src/genpaf.c:972:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, idDenom - idNumer); data/lastz-1.04.03/src/genpaf.c:975:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, idDenom); data/lastz-1.04.03/src/genpaf.c:978:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, conDenom); data/lastz-1.04.03/src/genpaf.c:1003:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, numGaps); data/lastz-1.04.03/src/genpaf.c:1006:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, conDenom - conNumer); data/lastz-1.04.03/src/genpaf.c:1063:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "M", run); data/lastz-1.04.03/src/genpaf.c:1065:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "m", run); data/lastz-1.04.03/src/genpaf.c:1076:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "D", i - prevI); data/lastz-1.04.03/src/genpaf.c:1078:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "d", i - prevI); data/lastz-1.04.03/src/genpaf.c:1083:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "I", j - prevJ); data/lastz-1.04.03/src/genpaf.c:1085:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "i", j - prevJ); data/lastz-1.04.03/src/genpaf.c:1102:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, sgnposFmt, diagNumber(start1,start2)); data/lastz-1.04.03/src/genpaf.c:1121:20: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, sgnposFmt, diag); data/lastz-1.04.03/src/genpaf.c:1124:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, scoreFmt, s); data/lastz-1.04.03/src/genpaf.c:1127:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, u64Fmt, genpafAlignmentNumber); data/lastz-1.04.03/src/genpaf.c:1130:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, u64Fmt, 1+genpafAlignmentNumber); data/lastz-1.04.03/src/genpaf.c:1139:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, idNumer, idDenom); data/lastz-1.04.03/src/genpaf.c:1144:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, idNumer, idDenom); data/lastz-1.04.03/src/genpaf.c:1155:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, covNumer, covDenom); data/lastz-1.04.03/src/genpaf.c:1160:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, covNumer, covDenom); data/lastz-1.04.03/src/genpaf.c:1167:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, conNumer, conDenom); data/lastz-1.04.03/src/genpaf.c:1172:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, conNumer, conDenom); data/lastz-1.04.03/src/genpaf.c:1179:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, gapNumer, gapDenom); data/lastz-1.04.03/src/genpaf.c:1247:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, u64Fmt, hspId); data/lastz-1.04.03/src/genpaf.c:1480:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, seq1True); data/lastz-1.04.03/src/genpaf.c:1483:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start1); data/lastz-1.04.03/src/genpaf.c:1486:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start1-1); data/lastz-1.04.03/src/genpaf.c:1489:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, dotStart1); data/lastz-1.04.03/src/genpaf.c:1492:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (strand2 == strand1) fprintf (f, unsposFmt, start1); data/lastz-1.04.03/src/genpaf.c:1493:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, unsposFmt, start1-1 + length); data/lastz-1.04.03/src/genpaf.c:1496:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start1-1 + length); data/lastz-1.04.03/src/genpaf.c:1499:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, dotEnd1); data/lastz-1.04.03/src/genpaf.c:1502:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (strand2 == strand1) fprintf (f, unsposFmt, start1-1 + length); data/lastz-1.04.03/src/genpaf.c:1503:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, unsposFmt, start1); data/lastz-1.04.03/src/genpaf.c:1506:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, length); data/lastz-1.04.03/src/genpaf.c:1532:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, seq2True); data/lastz-1.04.03/src/genpaf.c:1537:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, seq2True + 2 - (start2+length)); data/lastz-1.04.03/src/genpaf.c:1542:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start2); data/lastz-1.04.03/src/genpaf.c:1547:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, seq2True + 1 - (start2+length)); data/lastz-1.04.03/src/genpaf.c:1552:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start2-1); data/lastz-1.04.03/src/genpaf.c:1555:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, dotStart2); data/lastz-1.04.03/src/genpaf.c:1560:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, seq2True + 1 - start2); data/lastz-1.04.03/src/genpaf.c:1565:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, start2-1 + length); data/lastz-1.04.03/src/genpaf.c:1568:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, dotEnd2); data/lastz-1.04.03/src/genpaf.c:1571:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, length); data/lastz-1.04.03/src/genpaf.c:1589:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, numer); data/lastz-1.04.03/src/genpaf.c:1593:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, denom - numer); data/lastz-1.04.03/src/genpaf.c:1597:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, denom); data/lastz-1.04.03/src/genpaf.c:1600:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, length); data/lastz-1.04.03/src/genpaf.c:1611:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "M", length); data/lastz-1.04.03/src/genpaf.c:1614:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "m", length); data/lastz-1.04.03/src/genpaf.c:1628:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, sgnposFmt, diagNumber(start1,start2)); data/lastz-1.04.03/src/genpaf.c:1647:20: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf (f, sgnposFmt, diag); data/lastz-1.04.03/src/genpaf.c:1650:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, scoreFmt, s); data/lastz-1.04.03/src/genpaf.c:1653:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, u64Fmt, genpafAlignmentNumber); data/lastz-1.04.03/src/genpaf.c:1656:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, u64Fmt, 1+genpafAlignmentNumber); data/lastz-1.04.03/src/genpaf.c:1666:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/genpaf.c:1672:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/genpaf.c:1689:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/genpaf.c:1698:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/genpaf.c:1710:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/genpaf.c:1716:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/genpaf.c:1726:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/genpaf.c:1794:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, u64Fmt, hspId); data/lastz-1.04.03/src/gfa.c:367:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (f, format, args); data/lastz-1.04.03/src/gfa.c:426:2: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf (s, unsposFmtScanf " " unsposFmtScanf " %d %d%n", data/lastz-1.04.03/src/gfa.c:448:2: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf (s, unsposFmtScanf " " unsposFmtScanf " %d %d%n", data/lastz-1.04.03/src/gfa.c:461:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name1, "%s[" unsposDotsFmt "]%s", n1, start1, stop1, (rc1==1)?"-":""); data/lastz-1.04.03/src/gfa.c:469:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name2, "%s[" unsposDotsFmt "]%s", n2, start2, stop2, (rc2==1)?"-":""); data/lastz-1.04.03/src/identity_dist.c:819:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, identityBinFormat "\t" unsposFmt "\t" possumFmt "\n", data/lastz-1.04.03/src/infer_scores.c:1387:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name, params->ic.inferFilename); data/lastz-1.04.03/src/infer_scores.c:1508:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (unsposSlashFmt " identity=" unsposSlashFmt data/lastz-1.04.03/src/infer_scores.c:1628:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("bin: " identityBinFormat " cov=" possumFmt, data/lastz-1.04.03/src/infer_scores.c:1973:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " %c:" unsposFmt, nuc, bkgd[c]); data/lastz-1.04.03/src/infer_scores.c:1994:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "%c%c:" unsposFmt, nuc1, nuc2, subs[c1][c2]); data/lastz-1.04.03/src/lastz.c:1307:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (currParams->outputFile, unsposFmt " " unsposFmt "\n", data/lastz-1.04.03/src/lastz.c:2102:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, " %s " unsposFmt " " unsposFmt, data/lastz-1.04.03/src/lastz.c:2110:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, " %s " unsposFmt " " unsposFmt, data/lastz-1.04.03/src/lastz.c:3582:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, \ data/lastz-1.04.03/src/lastz.c:5032:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (buffer, "O=" scoreFmtSimple " E=" scoreFmtSimple, scoring->gapOpen, scoring->gapExtend); data/lastz-1.04.03/src/lastz.c:5037:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buffer, "K=%s", score_thresh_to_string (&currParams->hspThreshold)); data/lastz-1.04.03/src/lastz.c:5041:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buffer, "L=%s", score_thresh_to_string (&currParams->gappedThreshold)); data/lastz-1.04.03/src/lastz.c:5051:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (buffer, "X=" scoreFmtSimple, currParams->xDrop); data/lastz-1.04.03/src/lastz.c:5059:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (buffer, "Y=" scoreFmtSimple, currParams->yDrop); data/lastz-1.04.03/src/lastz.c:5062:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (buffer, "H=" scoreFmtSimple, currParams->innerThreshold); data/lastz-1.04.03/src/lastz.c:5125:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/lastz-1.04.03/src/lastz.c:5241:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (argTemp+2, arg+6); data/lastz-1.04.03/src/lastz.c:5251:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (lzParams->args+argsLen, arg); data/lastz-1.04.03/src/lav.c:85:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, ", X = " scoreFmtSimple data/lastz-1.04.03/src/lav.c:510:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (f, format, args); data/lastz-1.04.03/src/maf.c:175:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "# identity=" unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/maf.c:181:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "# coverage=" unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/maf.c:187:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "# continuity=" unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/maf.c:204:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "m", run); data/lastz-1.04.03/src/maf.c:213:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "d", i - prevI); data/lastz-1.04.03/src/maf.c:215:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "i", j - prevJ); data/lastz-1.04.03/src/maf.c:539:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "# identity=" unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/maf.c:548:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "# coverage=" unsposSlashFmt, numer, denom); data/lastz-1.04.03/src/maf.c:695:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (f, format, args); data/lastz-1.04.03/src/maf.c:718:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int w1 = snprintf (NULL, 0, s64Fmt, num1); data/lastz-1.04.03/src/maf.c:719:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int w2 = snprintf (NULL, 0, s64Fmt, num2); data/lastz-1.04.03/src/masking.c:618:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt " " unsposFmt "\n", beg, end); data/lastz-1.04.03/src/masking.c:702:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(f, unsposFmt "%c%u\n", pos+1, delimiter, count); data/lastz-1.04.03/src/output.c:1199:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (f, format, args); data/lastz-1.04.03/src/output.c:1213:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (f, format, args); data/lastz-1.04.03/src/output.c:1338:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " " unsposFmt, count[ix][iy]); data/lastz-1.04.03/src/output.c:1405:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (_progName, data/lastz-1.04.03/src/pos_table.c:1539:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " " unsposFmt, count); data/lastz-1.04.03/src/pos_table.c:1601:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, (unspos) fieldVal); data/lastz-1.04.03/src/pos_table.c:1647:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, (unspos) fieldVal); data/lastz-1.04.03/src/pos_table.c:1698:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt, (unspos) fieldVal); data/lastz-1.04.03/src/quantum.c:534:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, " in ball: %s score=" scoreFmtSimple, data/lastz-1.04.03/src/sam.c:427:20: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (preMask != 0) fprintf (f, unsposFmt "%c", preMask, maskCh); data/lastz-1.04.03/src/sam.c:435:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "M", run); data/lastz-1.04.03/src/sam.c:444:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "D", i - prevI); data/lastz-1.04.03/src/sam.c:446:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposFmt "I", j - prevJ); data/lastz-1.04.03/src/sam.c:450:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (postMask != 0) fprintf (f, unsposFmt "%c", postMask, maskCh); data/lastz-1.04.03/src/sam.c:603:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (preMask != 0) fprintf (f, unsposFmt "%c", preMask, maskCh); data/lastz-1.04.03/src/sam.c:604:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. /* */ fprintf (f, unsposFmt "M", length); data/lastz-1.04.03/src/sam.c:605:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (postMask != 0) fprintf (f, unsposFmt "%c", postMask, maskCh); data/lastz-1.04.03/src/seed_search.c:402:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("# seed bases hit in %s%c: " u64Fmt, name2, strand2, basesHit); data/lastz-1.04.03/src/seed_search.c:2120:18: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (nonTrivial) fprintf (stderr, unsposSlashFmt, \ data/lastz-1.04.03/src/seed_search.c:2133:19: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (!nonTrivial) fprintf (stderr, unsposSlashFmt, pos1, pos2); \ data/lastz-1.04.03/src/seed_search.c:2457:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, \ data/lastz-1.04.03/src/seed_search.c:2462:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, \ data/lastz-1.04.03/src/seed_search.c:2472:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, \ data/lastz-1.04.03/src/seed_search.c:2482:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, \ data/lastz-1.04.03/src/seed_search.c:2727:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (unsposFmt ":" data/lastz-1.04.03/src/seed_search.c:2783:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("gfex: (diag %9s) " unsposSlashFmt " diagEnd[%04X] <-- " unsposFmt, data/lastz-1.04.03/src/seed_search.c:3384:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, unsposFmt, *mm - seq1->v); \ data/lastz-1.04.03/src/seed_search.c:4066:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. else if (diag > 0) sprintf (s, "+" sgnposFmt, diag); data/lastz-1.04.03/src/seed_search.c:4067:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. else sprintf (s, sgnposFmt, diag); data/lastz-1.04.03/src/seeds.c:575:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (seed->pattern, pattern); data/lastz-1.04.03/src/seeds.c:752:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s->pattern, pattern); data/lastz-1.04.03/src/seeds.c:833:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s->pattern, _seed->pattern); data/lastz-1.04.03/src/segment.c:588:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (field, unsposFmtScanf "%n", &tStart, &charsUsed); data/lastz-1.04.03/src/segment.c:597:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (field, unsposFmtScanf "%n", &tEnd, &charsUsed); data/lastz-1.04.03/src/segment.c:613:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (field, unsposFmtScanf "%n", &qStart, &charsUsed); data/lastz-1.04.03/src/segment.c:622:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (field, unsposFmtScanf "%n", &qEnd, &charsUsed); data/lastz-1.04.03/src/segment.c:643:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (field, scoreFmtScanf "%n", &s, &charsUsed); data/lastz-1.04.03/src/segment.c:1982:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " %s " unsposFmt " " unsposFmt, data/lastz-1.04.03/src/segment.c:1985:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " %s " unsposFmt "+" unsposFmt " " unsposFmt "+" unsposFmt, data/lastz-1.04.03/src/segment.c:1988:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " %s " unsposFmt " " unsposFmt, data/lastz-1.04.03/src/segment.c:1991:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " %s " unsposFmt "+" unsposFmt " " unsposFmt "+" unsposFmt, data/lastz-1.04.03/src/segment.c:1993:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, " %c " scoreFmtSimple, seg->id, seg->s); data/lastz-1.04.03/src/sequences.c:217:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, " %s " unsposFmt " " unsposFmt, \ data/lastz-1.04.03/src/sequences.c:225:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, " %s " unsposFmt " " unsposFmt, \ data/lastz-1.04.03/src/sequences.c:3585:12: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = snprintf (_seq->header, 0, "%s:" unsposDashFmt, data/lastz-1.04.03/src/sequences.c:3598:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf (_seq->header, length+1, "%s:" unsposDashFmt, data/lastz-1.04.03/src/sequences.c:3723:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (/*to*/ _seq->header, /*from*/ seqName); data/lastz-1.04.03/src/sequences.c:4199:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (/*to*/ nameScan + pathLen, data/lastz-1.04.03/src/sequences.c:4202:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (/*to*/ nameScan + pathLen+strlen(s) + 1, data/lastz-1.04.03/src/sequences.c:4212:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (/*to*/ nameScan + baseLen + 1, data/lastz-1.04.03/src/sequences.c:4331:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (/*to*/ _seq->header, /*from*/ seqName); data/lastz-1.04.03/src/sequences.c:4881:14: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. numChars = snprintf (_seq->header, 0, "%s:" unsposDashFmt, data/lastz-1.04.03/src/sequences.c:4894:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf (_seq->header, numChars+1, "%s:" unsposDashFmt, data/lastz-1.04.03/src/sequences.c:5654:15: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (field, unsposFmtScanf "%n", &_seq->chore.tStart, &charsUsed); data/lastz-1.04.03/src/sequences.c:5667:15: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (field, unsposFmtScanf "%n", &_seq->chore.tEnd, &charsUsed); data/lastz-1.04.03/src/sequences.c:5680:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (field, unsposFmtScanf "%n", &_seq->chore.qStart, &charsUsed); data/lastz-1.04.03/src/sequences.c:5693:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (field, unsposFmtScanf "%n", &_seq->chore.qEnd, &charsUsed); data/lastz-1.04.03/src/sequences.c:5715:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (/*to*/ _seq->chore.tName, /*from*/ tName); data/lastz-1.04.03/src/sequences.c:5721:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (/*to*/ _seq->nextContigName, /*from*/ qName); data/lastz-1.04.03/src/sequences.c:5736:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (/*to*/ _seq->chore.idTag, /*from*/ idTag); data/lastz-1.04.03/src/sequences.c:6039:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. + snprintf (NULL, 0, unsposFmt, contigNumber); data/lastz-1.04.03/src/sequences.c:6065:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (d, unsposFmt, contigNumber); data/lastz-1.04.03/src/sequences.c:6068:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (d, s); data/lastz-1.04.03/src/sequences.c:6333:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (/*to*/ &sp->pool[p->header], /*from*/ header); data/lastz-1.04.03/src/sequences.c:6903:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, "[%2d] %8u %8u " unsposStarFmt " " unsposStarFmt, data/lastz-1.04.03/src/sequences.c:7016:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (line, unsposFmtScanf " " unsposFmtScanf "%c", data/lastz-1.04.03/src/sequences.c:7180:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (line, unsposFmtScanf " " unsposFmtScanf "%c", data/lastz-1.04.03/src/sequences.c:8504:15: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "]%n", &temp, &charsUsed); data/lastz-1.04.03/src/sequences.c:8526:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposDotsFmtScanf "]%n", &start, &end, &charsUsed); data/lastz-1.04.03/src/sequences.c:8539:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposDotsFmtScanf "+%f%%]%n", &start, &end, &zoom, &charsUsed); data/lastz-1.04.03/src/sequences.c:8565:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposCommaFmtScanf "]%n", &start, &end, &charsUsed); data/lastz-1.04.03/src/sequences.c:8578:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "#" unsposFmtScanf "]%n", &start, &end, &charsUsed); data/lastz-1.04.03/src/sequences.c:8593:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "#" unsposFmtScanf "K]%n", &start, &end, &charsUsed); data/lastz-1.04.03/src/sequences.c:8609:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "#%fK]%n", &start, &size, &charsUsed); data/lastz-1.04.03/src/sequences.c:8625:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "#" unsposFmtScanf "M]%n", &start, &end, &charsUsed); data/lastz-1.04.03/src/sequences.c:8641:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "#%fM]%n", &start, &size, &charsUsed); data/lastz-1.04.03/src/sequences.c:8657:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "^" unsposFmtScanf "]%n", &start, &end, &charsUsed); data/lastz-1.04.03/src/sequences.c:8674:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "^" unsposFmtScanf "K]%n", &start, &end, &charsUsed); data/lastz-1.04.03/src/sequences.c:8692:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "^%fK]%n", &start, &size, &charsUsed); data/lastz-1.04.03/src/sequences.c:8710:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "^" unsposFmtScanf "M]%n", &start, &end, &charsUsed); data/lastz-1.04.03/src/sequences.c:8728:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "^%fM]%n", &start, &size, &charsUsed); data/lastz-1.04.03/src/sequences.c:8746:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. numItems = sscanf (action, unsposFmtScanf "..]%n", &start, &charsUsed); data/lastz-1.04.03/src/sequences.c:9716:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt "%c:", digits, pos1+1, (isRev1)?'-':'+'); data/lastz-1.04.03/src/sequences.c:9725:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt "%c:", digits, pos2+1, (isRev2)?'-':'+'); data/lastz-1.04.03/src/sequences.c:9775:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt ": %s\n", width, start, buffer); data/lastz-1.04.03/src/sequences.c:9787:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt ": %s\n", width, start, buffer); data/lastz-1.04.03/src/sequences.c:9800:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt ": %s\n", width, start, buffer); data/lastz-1.04.03/src/text_align.c:478:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt ": ", 10, pos1 + bo - offset1 + startLoc1); data/lastz-1.04.03/src/text_align.c:506:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt ": ", 10, pos2 + bo - offset2 + startLoc2); data/lastz-1.04.03/src/text_align.c:586:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt ":", 10, pos1 + bo - offset1 + startLoc1); data/lastz-1.04.03/src/text_align.c:608:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt ":", 10, pos2 + bo - offset2 + startLoc2); data/lastz-1.04.03/src/text_align.c:953:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt " %s\n", digits, disp->beg1, disp->row1); data/lastz-1.04.03/src/text_align.c:981:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt " %s\n", digits, disp->beg2, disp->row2); data/lastz-1.04.03/src/text_align.c:1032:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt " ", digits, disp->beg1); data/lastz-1.04.03/src/text_align.c:1056:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (f, unsposStarFmt " ", digits, disp->beg2); data/lastz-1.04.03/src/utilities.c:371:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy (/*to*/ ss, /*from*/ s); data/lastz-1.04.03/src/utilities.c:416:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (s1 != NULL) { strcpy (scan, s1); scan += strlen (s1); } data/lastz-1.04.03/src/utilities.c:417:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (s2 != NULL) { strcpy (scan, s2); scan += strlen (s2); } data/lastz-1.04.03/src/utilities.c:441:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (s1 != NULL) { strcpy (scan, s1); scan += strlen (s1); } data/lastz-1.04.03/src/utilities.c:442:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (s2 != NULL) { strcpy (scan, s2); scan += strlen (s2); } data/lastz-1.04.03/src/utilities.c:443:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (s3 != NULL) { strcpy (scan, s3); scan += strlen (s3); } data/lastz-1.04.03/src/utilities.c:444:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (s4 != NULL) { strcpy (scan, s4); scan += strlen (s4); } data/lastz-1.04.03/src/utilities.c:700:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss, s); data/lastz-1.04.03/src/utilities.c:774:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss, s); data/lastz-1.04.03/src/utilities.c:797:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf (parseMe, s64Fmt "%c", &v, &extra) != 1) data/lastz-1.04.03/src/utilities.c:920:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss, s); data/lastz-1.04.03/src/utilities.c:1235:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (sign < 0) sprintf (s, "-%.1f%s", rep, unitName[unit]); data/lastz-1.04.03/src/utilities.c:1236:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf (s, "%.1f%s", rep, unitName[unit]); data/lastz-1.04.03/src/utilities.c:1308:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (p > 1.0) strcpy (/*to*/ s.s, /*from*/ ">??"); data/lastz-1.04.03/src/utilities.c:1309:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else if (p >= 0.995) strcpy (/*to*/ s.s, /*from*/ " 1 "); data/lastz-1.04.03/src/utilities.c:1310:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else if (p < 0.005) strcpy (/*to*/ s.s, /*from*/ " ~~"); data/lastz-1.04.03/src/utilities.c:1311:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else if (p < 0.0) strcpy (/*to*/ s.s, /*from*/ "<??"); data/lastz-1.04.03/src/utilities.c:1315:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (/*to*/ s.s, /*from*/ field+1); data/lastz-1.04.03/src/utilities.c:1871:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/lastz-1.04.03/src/utilities.c:1901:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/lastz-1.04.03/src/utilities.h:120:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define ustrcpy(s1,s2) (strcpy((char*)(s1),(char*)(s2))) data/lastz-1.04.03/src/utilities.h:193:38: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define memory_checkpoint(fmt) fprintf(stderr,fmt) data/lastz-1.04.03/src/utilities.h:194:38: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define memory_checkpoint_1(fmt,i) fprintf(stderr,fmt,i) data/lastz-1.04.03/src/utilities.h:195:38: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define memory_checkpoint_2(fmt,i,s) fprintf(stderr,fmt,i,s) data/lastz-1.04.03/src/capsule.c:682:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (filename, O_RDONLY); data/lastz-1.04.03/src/dna_utilities.c:276:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (/*to*/ ss->sub[r], /*from*/ ss->sub[1], data/lastz-1.04.03/src/dna_utilities.c:398:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[200]; data/lastz-1.04.03/src/dna_utilities.c:474:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (/*to*/ ssNew->sub, /*from*/ ss->sub, /*how much*/ sizeof(ss->sub)); data/lastz-1.04.03/src/dna_utilities.c:662:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[256*25+1]; // (must hold 256 fields, up to 25 chars each) data/lastz-1.04.03/src/dna_utilities.c:1007:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (/*to*/ xss->ss.sub[r], /*from*/ fillRowData, data/lastz-1.04.03/src/dna_utilities.c:1211:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (/*to*/ xss->ss.sub[r+'a'-'A'], /*from*/ xss->ss.sub[r], data/lastz-1.04.03/src/dna_utilities.c:1706:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[101]; data/lastz-1.04.03/src/dna_utilities.c:2006:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[3]; data/lastz-1.04.03/src/dna_utilities.c:2059:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (colsAsHex) sprintf (s, "%02X", *c); data/lastz-1.04.03/src/dna_utilities.c:2060:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (s, "%c", *c); data/lastz-1.04.03/src/dna_utilities.c:2073:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (rowsAsHex) sprintf (s, "%02X", *r); data/lastz-1.04.03/src/dna_utilities.c:2074:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (s, "%c", *r); data/lastz-1.04.03/src/dna_utilities.c:2192:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s1[10], s2[10], s3[10]; data/lastz-1.04.03/src/dna_utilities.c:2197:41: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if ((isprint (ch)) && (!isspace (ch))) sprintf (s, "%c", ch); data/lastz-1.04.03/src/dna_utilities.c:2198:41: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (s, "%02X", ch); data/lastz-1.04.03/src/dna_utilities.c:2295:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s1[41]; data/lastz-1.04.03/src/dna_utilities.c:2296:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s2[41]; data/lastz-1.04.03/src/dna_utilities.c:2302:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (threshold->t == 'P') sprintf (s, "top%.1f%%", 100*threshold->p); data/lastz-1.04.03/src/dna_utilities.c:2303:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (threshold->t == 'C') sprintf (s, "top%d", threshold->c); data/lastz-1.04.03/src/dna_utilities.c:2304:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (s, "(unrecognized)"); data/lastz-1.04.03/src/dna_utilities.c:2438:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[5*25+1]; // (must hold 5 fields, up to 25 chars each) data/lastz-1.04.03/src/dna_utilities.c:2685:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s1[200]; data/lastz-1.04.03/src/dna_utilities.c:2686:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s2[200]; data/lastz-1.04.03/src/dna_utilities.c:2833:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[33]; data/lastz-1.04.03/src/dna_utilities.c:3087:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char _desc[50]; data/lastz-1.04.03/src/dna_utilities.c:3103:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (_desc, "the digit %c", ch); data/lastz-1.04.03/src/dna_utilities.c:3111:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (_desc, "uppercase %c", ch); data/lastz-1.04.03/src/dna_utilities.c:3119:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (_desc, "lowercase %c", ch); data/lastz-1.04.03/src/dna_utilities.c:3125:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (_desc, "ascii %02X", ch); data/lastz-1.04.03/src/dna_utilities.h:231:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dna[4]; // (usually "ACGT") data/lastz-1.04.03/src/edit_script.c:236:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (/*to*/ newS, /*from*/ s, /*how much*/ bytesNeeded); data/lastz-1.04.03/src/edit_script.c:392:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, s, toCopy*sizeof(editop)); data/lastz-1.04.03/src/gapped_extend.c:300:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding[dpCell_padding_sz]; data/lastz-1.04.03/src/gapped_extend.c:2910:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[100]; \ data/lastz-1.04.03/src/gapped_extend.c:2948:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ccSnoop[100]; data/lastz-1.04.03/src/gapped_extend.c:2949:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ddSnoop[100]; data/lastz-1.04.03/src/gapped_extend.c:2950:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char iiSnoop[100]; data/lastz-1.04.03/src/gapped_extend.c:2954:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[100]; data/lastz-1.04.03/src/gapped_extend.c:2956:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (s == negInf) sprintf (str, "-inf"); data/lastz-1.04.03/src/gapped_extend.c:2967:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char A25[26], B25[26]; \ data/lastz-1.04.03/src/infer_scores.c:269:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scoreFileId[20]; data/lastz-1.04.03/src/infer_scores.c:449:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (scoreFileId, "s%03d", trial-1); data/lastz-1.04.03/src/infer_scores.c:583:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (scoreFileId, "g%03d", trial-1); data/lastz-1.04.03/src/infer_scores.c:1379:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[201]; data/lastz-1.04.03/src/infer_scores.c:2117:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (/*to*/ dst->items, /*from*/ src->items, data/lastz-1.04.03/src/lastz.c:4981:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _commentPrefix[2]; data/lastz-1.04.03/src/lastz.c:4982:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[501]; data/lastz-1.04.03/src/lastz.c:5012:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "Z=%d", currParams->step); data/lastz-1.04.03/src/lastz.c:5020:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "W=%d", hitSeed->length); data/lastz-1.04.03/src/lastz.c:5065:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "M=%d", currParams->dynamicMasking); data/lastz-1.04.03/src/lastz.c:5068:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "m=%u", currParams->tracebackMem); data/lastz-1.04.03/src/lastz.c:8032:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[2001]; data/lastz-1.04.03/src/lastz.c:9085:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seedString[innerWordSize+1]; data/lastz-1.04.03/src/lastz.c:9566:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[201]; data/lastz-1.04.03/src/output.c:371:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prevNameBuff1[maxSequenceName+1]; data/lastz-1.04.03/src/output.c:372:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prevNameBuff2[maxSequenceName+1]; data/lastz-1.04.03/src/output.c:1301:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pstr[6]; data/lastz-1.04.03/src/output.c:1398:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char _progName[101]; data/lastz-1.04.03/src/pos_table.c:2183:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char weight[10]; data/lastz-1.04.03/src/pos_table.c:2193:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (weight, "%d", posTableStats.wordWeight / 2); data/lastz-1.04.03/src/pos_table.c:2195:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (weight, "%d.5", posTableStats.wordWeight / 2); data/lastz-1.04.03/src/seed_search.c:1211:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prevSeq2Name[41] = ""; data/lastz-1.04.03/src/seed_search.c:2488:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s1[4]; data/lastz-1.04.03/src/seed_search.c:2489:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s2[4]; data/lastz-1.04.03/src/seed_search.c:2494:39: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (_seq->fileType == seq_type_qdna) sprintf (s, "%02X", ch); data/lastz-1.04.03/src/seed_search.c:2495:39: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (s, "%c", ch); data/lastz-1.04.03/src/seed_search.c:4063:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[25]; // (more than enough for 2^64 in decimal with sign) data/lastz-1.04.03/src/seed_search.c:4131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scratch[19]; data/lastz-1.04.03/src/seed_search.c:4216:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (scratch, "> %d", maxHitsPerColumn); data/lastz-1.04.03/src/seeds.c:327:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pattern[maxHwSeedLen+1]; data/lastz-1.04.03/src/seeds.c:951:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[70]; data/lastz-1.04.03/src/seeds.c:1224:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[maxHwSeedLen+1]; data/lastz-1.04.03/src/segment.c:464:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[1024]; data/lastz-1.04.03/src/sequences.c:645:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char nibTo1stChar[256] = data/lastz-1.04.03/src/sequences.c:663:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char nibTo2ndChar[256] = data/lastz-1.04.03/src/sequences.c:681:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char nibTo1stCharUnmasked[256] = data/lastz-1.04.03/src/sequences.c:699:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char nibTo2ndCharUnmasked[256] = data/lastz-1.04.03/src/sequences.c:3624:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static u32 read_2bit_index_entry (seq* _seq, char seqName[256], u32 seqNum); data/lastz-1.04.03/src/sequences.c:3680:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seqName[maxSequenceName+1]; data/lastz-1.04.03/src/sequences.c:4012:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seqName[maxSequenceName+1]; data/lastz-1.04.03/src/sequences.c:4030:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seqName[maxSequenceName+1], data/lastz-1.04.03/src/sequences.c:4086:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extension[10]; data/lastz-1.04.03/src/sequences.c:4591:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[256]; data/lastz-1.04.03/src/sequences.c:5072:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[maxSequenceHeader+1]; data/lastz-1.04.03/src/sequences.c:5218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[maxSequenceHeader+1]; data/lastz-1.04.03/src/sequences.c:5339:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seqName[maxSequenceName+1]; data/lastz-1.04.03/src/sequences.c:5427:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char discard[maxSequenceName+1]; data/lastz-1.04.03/src/sequences.c:5537:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[511+1], discard[511+1]; data/lastz-1.04.03/src/sequences.c:6373:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (spTo->pool, spFrom->pool, poolLen); data/lastz-1.04.03/src/sequences.c:6957:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[511+1], discard[511+1]; data/lastz-1.04.03/src/sequences.c:7112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[511+1], discard[511+1]; data/lastz-1.04.03/src/sequences.c:9041:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[maxSequenceHeader+3]; data/lastz-1.04.03/src/sequences.c:9750:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[101]; data/lastz-1.04.03/src/utilities.c:77:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (name, mode); data/lastz-1.04.03/src/utilities.c:383:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (/*to*/ ss, /*from*/ s, /*how much*/ n); data/lastz-1.04.03/src/utilities.c:684:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[20]; data/lastz-1.04.03/src/utilities.c:758:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[20]; data/lastz-1.04.03/src/utilities.c:906:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[20]; data/lastz-1.04.03/src/utilities.c:1094:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s1[53];// (big enough for 128-bit decimal value with commas, data/lastz-1.04.03/src/utilities.c:1095:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s2[53];// .. the biggest being data/lastz-1.04.03/src/utilities.c:1096:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s3[53];// .. -170,141,183,460,469,231,731,687,303,715,884,105,728) data/lastz-1.04.03/src/utilities.c:1097:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s4[53]; data/lastz-1.04.03/src/utilities.c:1098:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s5[53]; data/lastz-1.04.03/src/utilities.c:1109:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%jd", (intmax_t) v); // $$$ this could overflow the buffer data/lastz-1.04.03/src/utilities.c:1139:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s1[52];// (big enough for 128-bit decimal value with commas, data/lastz-1.04.03/src/utilities.c:1140:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s2[52];// .. the biggest being data/lastz-1.04.03/src/utilities.c:1141:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s3[52];// .. 340,282,366,920,938,463,463,374,607,431,768,211,455) data/lastz-1.04.03/src/utilities.c:1142:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s4[52]; data/lastz-1.04.03/src/utilities.c:1143:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s5[52]; data/lastz-1.04.03/src/utilities.c:1154:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%jd", (intmax_t) v); // $$$ this could overflow the buffer data/lastz-1.04.03/src/utilities.c:1213:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s1[10]; data/lastz-1.04.03/src/utilities.c:1214:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s2[10]; data/lastz-1.04.03/src/utilities.c:1268:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s1[17]; data/lastz-1.04.03/src/utilities.c:1269:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s2[17]; data/lastz-1.04.03/src/utilities.c:1306:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field[5]; // "0.xx" plus a terminator data/lastz-1.04.03/src/utilities.c:1314:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (field, "%.2f", p); data/lastz-1.04.03/src/utilities.c:1392:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (/*to*/ pos, /*from*/ rep, /*how much*/ repLen); data/lastz-1.04.03/src/utilities.h:91:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef struct char3 { char s[4]; } char3; data/lastz-1.04.03/src/axt.c:217:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((extras != NULL) && (strlen(extras) != 1) && (extras[0] != genpafSize2)) data/lastz-1.04.03/src/axt.c:292:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((extras != NULL) && (strlen(extras) == 1) && (extras[0] == genpafSize2)) data/lastz-1.04.03/src/axt.c:437:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((extras != NULL) && (strlen(extras) != 1) && (extras[0] != genpafSize2)) data/lastz-1.04.03/src/axt.c:523:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((extras != NULL) && (strlen(extras) == 1) && (extras[0] == genpafSize2)) data/lastz-1.04.03/src/capsule.c:255:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLength = strlen(seqName) + 1; data/lastz-1.04.03/src/dna_utilities.c:403:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(id) + strlen(message) + 1 > sizeof(temp)) data/lastz-1.04.03/src/dna_utilities.c:403:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(id) + strlen(message) + 1 > sizeof(temp)) data/lastz-1.04.03/src/dna_utilities.c:408:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy (temp + strlen(id), message); data/lastz-1.04.03/src/dna_utilities.c:719:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/dna_utilities.c:856:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valLength = strlen(valString); data/lastz-1.04.03/src/dna_utilities.c:1043:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/dna_utilities.c:1798:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strleni(s)+1 > w) w = strlen(s)+1; data/lastz-1.04.03/src/dna_utilities.c:2262:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/lastz-1.04.03/src/dna_utilities.c:2484:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/gapped_extend.c:2969:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (A25, (char*) A+1, sizeof(A25)); A25[sizeof(A25)-1] = 0; \ data/lastz-1.04.03/src/gapped_extend.c:2970:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (B25, (char*) B+1, sizeof(B25)); B25[sizeof(B25)-1] = 0; \ data/lastz-1.04.03/src/genpaf.c:1884:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (strlen (field) == strlen(genpafTDName) + genpafTDInfoSize)) data/lastz-1.04.03/src/genpaf.c:1884:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (strlen (field) == strlen(genpafTDName) + genpafTDInfoSize)) data/lastz-1.04.03/src/genpaf.c:1887:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). diffChars = field + strlen(genpafTDName); data/lastz-1.04.03/src/lastz.c:4839:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLen = strlen(name); data/lastz-1.04.03/src/lastz.c:5022:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (buffer, ""); data/lastz-1.04.03/src/lastz.c:5094:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (expanders[ix].argName); data/lastz-1.04.03/src/lastz.c:5232:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argTempNeeded = 2 + strlen(arg+6) + 1; data/lastz-1.04.03/src/lastz.c:5250:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argsLen = strlen(lzParams->args); data/lastz-1.04.03/src/lastz.c:5252:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (lzParams->args+argsLen+strlen(arg)," "); data/lastz-1.04.03/src/lastz.c:5252:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy (lzParams->args+argsLen+strlen(arg)," "); data/lastz-1.04.03/src/lastz.c:5354:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (argStr[strlen(argStr)-1] == ')')) data/lastz-1.04.03/src/lastz.c:5364:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scan = argStr + strlen("match"); data/lastz-1.04.03/src/lastz.c:5391:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (argStr[strlen(argStr)-1] == ')')) data/lastz-1.04.03/src/lastz.c:5401:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scan = argStr + strlen("half"); data/lastz-1.04.03/src/lastz.c:5452:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lzParams->maxTransversions = string_to_int (argStr + strlen("cares:")); data/lastz-1.04.03/src/lastz.c:5458:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lzParams->minMatches = string_to_int (argStr + strlen("cares:")); data/lastz-1.04.03/src/lastz.c:5625:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (argTempSub, argStr, argTempSubNeeded-1); data/lastz-1.04.03/src/lastz.c:5664:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (argTempSub, argStr, argTempSubNeeded-1); data/lastz-1.04.03/src/lastz.c:6244:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argLen = strlen(argStr); data/lastz-1.04.03/src/lastz.c:6325:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argLen = strlen(argStr); data/lastz-1.04.03/src/lastz.c:6671:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argLen = strlen(argStr); data/lastz-1.04.03/src/lastz.c:7159:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (arg[strlen(arg)-1] == ')')) data/lastz-1.04.03/src/lastz.c:7220:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wordLen = strlen(lzParams->readGroup); data/lastz-1.04.03/src/lastz.c:7221:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argLen = strlen(argStr); data/lastz-1.04.03/src/lastz.c:7339:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). expLen = strlen(expanders[ix].argName); data/lastz-1.04.03/src/lastz.c:8055:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (line); data/lastz-1.04.03/src/lastz.c:8158:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argsLen += 1 + strlen(argv[ix]); data/lastz-1.04.03/src/lastz.c:9604:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (line); data/lastz-1.04.03/src/lastz.c:9627:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valLen = strlen (valString); data/lastz-1.04.03/src/lastz.c:9671:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valString[valLen-strlen("*inference_scale")] = 0; data/lastz-1.04.03/src/lastz.c:9681:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valString[valLen-strlen("*worst_substitution")] = 0; data/lastz-1.04.03/src/lastz.c:9701:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valString[valLen-strlen("*inference_scale")] = 0; data/lastz-1.04.03/src/lastz.c:9711:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valString[valLen-strlen("*worst_substitution")] = 0; data/lastz-1.04.03/src/lastz.c:9733:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valString[valLen-strlen("*inference_scale")] = 0; data/lastz-1.04.03/src/lastz.c:9742:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valString[valLen-strlen("*worst_substitution")] = 0; data/lastz-1.04.03/src/lastz.c:9756:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valString[valLen-strlen("*inference_scale")] = 0; data/lastz-1.04.03/src/lastz.c:9765:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valString[valLen-strlen("*worst_substitution")] = 0; data/lastz-1.04.03/src/lastz.c:9771:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valString[valLen-strlen("*gap_open_penalty")] = 0; data/lastz-1.04.03/src/lastz.c:10057:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). after = where[strlen("quantum")]; data/lastz-1.04.03/src/maf.c:372:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen (name1) + strlen (suff1); data/lastz-1.04.03/src/maf.c:372:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen (name1) + strlen (suff1); data/lastz-1.04.03/src/maf.c:373:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen (pref2) + strlen (name2) + strlen (suff2); data/lastz-1.04.03/src/maf.c:373:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen (pref2) + strlen (name2) + strlen (suff2); data/lastz-1.04.03/src/maf.c:373:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen (pref2) + strlen (name2) + strlen (suff2); data/lastz-1.04.03/src/maf.c:627:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen (name1) + strlen (suff1); data/lastz-1.04.03/src/maf.c:627:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen (name1) + strlen (suff1); data/lastz-1.04.03/src/maf.c:628:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen (pref2) + strlen (name2) + strlen (suff2); data/lastz-1.04.03/src/maf.c:628:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen (pref2) + strlen (name2) + strlen (suff2); data/lastz-1.04.03/src/maf.c:628:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen (pref2) + strlen (name2) + strlen (suff2); data/lastz-1.04.03/src/output.c:450:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (/*to*/ prevName1, /*from*/ name1, sizeof(prevNameBuff1)); data/lastz-1.04.03/src/output.c:451:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (/*to*/ prevName2, /*from*/ name2, sizeof(prevNameBuff2)); data/lastz-1.04.03/src/output.c:508:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (/*to*/ prevName1, /*from*/ name1, sizeof(prevNameBuff1)); data/lastz-1.04.03/src/output.c:509:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (/*to*/ prevName2, /*from*/ name2, sizeof(prevNameBuff2)); data/lastz-1.04.03/src/sam.c:163:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (/*to*/ ss, /*from*/ idTag, idLen); data/lastz-1.04.03/src/seed_search.c:1246:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (prevSeq2Name, seq2->header, sizeof(prevSeq2Name)); data/lastz-1.04.03/src/seed_search.c:4065:22: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. if (diag == 0) sprintf (s, "0"); data/lastz-1.04.03/src/seeds.c:256:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (terminator == NULL) terminator = s + strlen (s); data/lastz-1.04.03/src/seeds.c:740:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = new_seed (numParts, strlen(pattern), numFlips); data/lastz-1.04.03/src/seeds.c:821:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = new_seed (_seed->numParts, strlen(_seed->pattern), numFlips); data/lastz-1.04.03/src/segment.c:548:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/segment.c:589:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field; data/lastz-1.04.03/src/segment.c:598:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field; data/lastz-1.04.03/src/segment.c:614:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field; data/lastz-1.04.03/src/segment.c:623:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field; data/lastz-1.04.03/src/segment.c:632:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(field) != 1) goto bad_field; data/lastz-1.04.03/src/segment.c:644:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field; data/lastz-1.04.03/src/sequences.c:1032:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _seq->headerSize = strlen (_seq->header) + 1; data/lastz-1.04.03/src/sequences.c:1530:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newSeq->headerSize = strlen (newSeq->header) + 1; data/lastz-1.04.03/src/sequences.c:1542:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newSeq->shortHeaderSize = strlen (newSeq->shortHeader) + 1; data/lastz-1.04.03/src/sequences.c:1554:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newSeq->trueHeaderSize = strlen (newSeq->trueHeader) + 1; data/lastz-1.04.03/src/sequences.c:2133:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). whitespace_to_under (_seq->header, strlen(_seq->header)); data/lastz-1.04.03/src/sequences.c:2285:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). triggerFound += strlen (_seq->nameTrigger); data/lastz-1.04.03/src/sequences.c:2657:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). triggerFound += strlen (_seq->nameTrigger); data/lastz-1.04.03/src/sequences.c:2830:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { if (headerIx != strlen(_seq->trueHeader)) goto third_line_short; } data/lastz-1.04.03/src/sequences.c:2942:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (headerIx >= strlen(_seq->trueHeader)) goto third_line_long; data/lastz-1.04.03/src/sequences.c:2949:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sequence_filename(_seq), strlen(_seq->trueHeader)+1, _seq->trueHeader); data/lastz-1.04.03/src/sequences.c:3153:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). triggerFound += strlen (_seq->nameTrigger); data/lastz-1.04.03/src/sequences.c:3714:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numChars = strlen (seqName); data/lastz-1.04.03/src/sequences.c:4146:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). baseLen = strlen(_seq->filename); data/lastz-1.04.03/src/sequences.c:4168:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (/*to*/ extension, /*from*/ s, sizeof(extension)); data/lastz-1.04.03/src/sequences.c:4172:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameBytes += pathLen + strlen(s) + 1 + strlen(extension) + 1; data/lastz-1.04.03/src/sequences.c:4172:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameBytes += pathLen + strlen(s) + 1 + strlen(extension) + 1; data/lastz-1.04.03/src/sequences.c:4174:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameBytes += baseLen + 1 + strlen(extension) + 1; data/lastz-1.04.03/src/sequences.c:4191:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (/*to*/ extension, /*from*/ s, sizeof(extension)); data/lastz-1.04.03/src/sequences.c:4196:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (/*to*/ nameScan, data/lastz-1.04.03/src/sequences.c:4201:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameScan[pathLen+strlen(s)] = '.'; data/lastz-1.04.03/src/sequences.c:4202:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy (/*to*/ nameScan + pathLen+strlen(s) + 1, data/lastz-1.04.03/src/sequences.c:4204:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameScan += pathLen + strlen(s) + 1 + strlen(extension) + 1; data/lastz-1.04.03/src/sequences.c:4204:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameScan += pathLen + strlen(s) + 1 + strlen(extension) + 1; data/lastz-1.04.03/src/sequences.c:4208:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (/*to*/ nameScan, data/lastz-1.04.03/src/sequences.c:4214:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameScan += baseLen + 1 + strlen(extension) + 1; data/lastz-1.04.03/src/sequences.c:4322:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numChars = strlen (seqName); data/lastz-1.04.03/src/sequences.c:4514:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bucket = hassock_hash (name, strlen(name)) % _seq->hsx.numBuckets; data/lastz-1.04.03/src/sequences.c:4568:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bucketOffset += 1 + 6 + 5 + strlen(seqName) + 1; data/lastz-1.04.03/src/sequences.c:5150:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). header += strlen (_seq->nameTrigger); data/lastz-1.04.03/src/sequences.c:5162:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). headerLen = strlen(buffer); data/lastz-1.04.03/src/sequences.c:5167:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). headerLen = strlen(buffer); data/lastz-1.04.03/src/sequences.c:5179:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen (_seq->nextContigName) != headerLen) data/lastz-1.04.03/src/sequences.c:5191:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (ix=strlen(buffer) ; ix>0 ; ) data/lastz-1.04.03/src/sequences.c:5269:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). header += strlen (_seq->nameTrigger); data/lastz-1.04.03/src/sequences.c:5281:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). headerLen = strlen(buffer); data/lastz-1.04.03/src/sequences.c:5286:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). headerLen = strlen(buffer); data/lastz-1.04.03/src/sequences.c:5298:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || ((int) strlen (_seq->nextContigName) != headerLen)) data/lastz-1.04.03/src/sequences.c:5315:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (ix=strlen(buffer) ; ix>0 ; ) data/lastz-1.04.03/src/sequences.c:5439:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/sequences.c:5447:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(discard); data/lastz-1.04.03/src/sequences.c:5459:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/sequences.c:5558:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/sequences.c:5566:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(discard); data/lastz-1.04.03/src/sequences.c:5578:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/sequences.c:5618:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (strncmp (scan, "id=", strlen("id+")) != 0)) data/lastz-1.04.03/src/sequences.c:5636:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp (scan, "id=", strlen("id+")) == 0) data/lastz-1.04.03/src/sequences.c:5638:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). idTag = scan + strlen("id+"); data/lastz-1.04.03/src/sequences.c:5655:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field; data/lastz-1.04.03/src/sequences.c:5668:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field; data/lastz-1.04.03/src/sequences.c:5681:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field; data/lastz-1.04.03/src/sequences.c:5694:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((numItems != 1) || (((u32)charsUsed) != strlen(field))) goto bad_field; data/lastz-1.04.03/src/sequences.c:5712:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(tName) >= sizeof(_seq->chore.tName)) data/lastz-1.04.03/src/sequences.c:5718:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(qName) >= sizeof(_seq->nextContigName)) data/lastz-1.04.03/src/sequences.c:5734:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(idTag) >= sizeof(_seq->chore.idTag)) data/lastz-1.04.03/src/sequences.c:5916:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h = skip_whitespace (h + strlen (s)); data/lastz-1.04.03/src/sequences.c:5921:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hh = skip_whitespace (h + strlen (s)); data/lastz-1.04.03/src/sequences.c:5926:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h = skip_whitespace (hh + strlen (s)); // .. "of" is present) data/lastz-1.04.03/src/sequences.c:5961:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sLen = strlen(s); data/lastz-1.04.03/src/sequences.c:5966:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sLen = strlen(s); data/lastz-1.04.03/src/sequences.c:5971:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sLen = strlen(s); data/lastz-1.04.03/src/sequences.c:5976:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sLen = strlen(s); data/lastz-1.04.03/src/sequences.c:5981:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sLen = strlen(s); data/lastz-1.04.03/src/sequences.c:5991:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (src, h, len); data/lastz-1.04.03/src/sequences.c:5995:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). whitespace_to_under (src, strlen(src)); data/lastz-1.04.03/src/sequences.c:6008:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (dst, h, len); data/lastz-1.04.03/src/sequences.c:6014:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). whitespace_to_under (dst, strlen(dst)); data/lastz-1.04.03/src/sequences.c:6037:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (src) data/lastz-1.04.03/src/sequences.c:6038:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). - strlen ("{number}") data/lastz-1.04.03/src/sequences.c:6060:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (d, s, expand-src); data/lastz-1.04.03/src/sequences.c:6062:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = expand + strlen("{number}"); data/lastz-1.04.03/src/sequences.c:6066:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d += strlen(d); data/lastz-1.04.03/src/sequences.c:6315:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). headerLen = strlen(header); data/lastz-1.04.03/src/sequences.c:6989:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/sequences.c:6997:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(discard); data/lastz-1.04.03/src/sequences.c:7005:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/sequences.c:7153:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/sequences.c:7161:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(discard); data/lastz-1.04.03/src/sequences.c:7169:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/lastz-1.04.03/src/sequences.c:7968:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). indent = strlen (action); data/lastz-1.04.03/src/sequences.c:7969:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lineWidth = indent + strlen (description); data/lastz-1.04.03/src/sequences.c:7973:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLen = strlen(name); data/lastz-1.04.03/src/sequences.c:8084:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fname); data/lastz-1.04.03/src/sequences.c:8131:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (mask); data/lastz-1.04.03/src/sequences.c:8172:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (actions); data/lastz-1.04.03/src/sequences.c:8198:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (action); data/lastz-1.04.03/src/sequences.c:8235:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("sep="); data/lastz-1.04.03/src/sequences.c:8241:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("separator="); data/lastz-1.04.03/src/sequences.c:8263:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("@"); data/lastz-1.04.03/src/sequences.c:8269:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("subset="); data/lastz-1.04.03/src/sequences.c:8273:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_name_file; data/lastz-1.04.03/src/sequences.c:8280:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("chores="); data/lastz-1.04.03/src/sequences.c:8283:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_chore_file; data/lastz-1.04.03/src/sequences.c:8290:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("subsample="); data/lastz-1.04.03/src/sequences.c:8293:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_subsample; data/lastz-1.04.03/src/sequences.c:8306:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(slashParse); data/lastz-1.04.03/src/sequences.c:8339:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("nickname="); data/lastz-1.04.03/src/sequences.c:8342:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_nickname; data/lastz-1.04.03/src/sequences.c:8349:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("name="); data/lastz-1.04.03/src/sequences.c:8355:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("nameparse=tag:"); data/lastz-1.04.03/src/sequences.c:8359:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_name_trigger; data/lastz-1.04.03/src/sequences.c:8376:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("soft=keep:"); data/lastz-1.04.03/src/sequences.c:8382:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("softmask=keep:"); data/lastz-1.04.03/src/sequences.c:8386:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_soft_mask_file; data/lastz-1.04.03/src/sequences.c:8394:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("soft="); data/lastz-1.04.03/src/sequences.c:8400:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("softmask="); data/lastz-1.04.03/src/sequences.c:8404:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_soft_mask_file; data/lastz-1.04.03/src/sequences.c:8412:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("xmask=keep:"); data/lastz-1.04.03/src/sequences.c:8415:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_x_mask_file; data/lastz-1.04.03/src/sequences.c:8423:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("xmask="); data/lastz-1.04.03/src/sequences.c:8426:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_x_mask_file; data/lastz-1.04.03/src/sequences.c:8434:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("nmask=keep:"); data/lastz-1.04.03/src/sequences.c:8437:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_n_mask_file; data/lastz-1.04.03/src/sequences.c:8445:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("nmask="); data/lastz-1.04.03/src/sequences.c:8448:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_n_mask_file; data/lastz-1.04.03/src/sequences.c:8466:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("quantum="); data/lastz-1.04.03/src/sequences.c:8469:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actionName) == 0) goto bad_code_file; data/lastz-1.04.03/src/sequences.c:8478:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actionName = action + strlen("format="); data/lastz-1.04.03/src/sequences.c:9440:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc (_seq->f); data/lastz-1.04.03/src/utilities.c:137:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc (f); data/lastz-1.04.03/src/utilities.c:370:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ss = malloc_or_die ("copy_string", strlen(s) + 1); data/lastz-1.04.03/src/utilities.c:410:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s1 != NULL) len += strlen (s1); data/lastz-1.04.03/src/utilities.c:411:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s2 != NULL) len += strlen (s2); data/lastz-1.04.03/src/utilities.c:416:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s1 != NULL) { strcpy (scan, s1); scan += strlen (s1); } data/lastz-1.04.03/src/utilities.c:417:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s2 != NULL) { strcpy (scan, s2); scan += strlen (s2); } data/lastz-1.04.03/src/utilities.c:433:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s1 != NULL) len += strlen (s1); data/lastz-1.04.03/src/utilities.c:434:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s2 != NULL) len += strlen (s2); data/lastz-1.04.03/src/utilities.c:435:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s3 != NULL) len += strlen (s3); data/lastz-1.04.03/src/utilities.c:436:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s4 != NULL) len += strlen (s4); data/lastz-1.04.03/src/utilities.c:441:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s1 != NULL) { strcpy (scan, s1); scan += strlen (s1); } data/lastz-1.04.03/src/utilities.c:442:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s2 != NULL) { strcpy (scan, s2); scan += strlen (s2); } data/lastz-1.04.03/src/utilities.c:443:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s3 != NULL) { strcpy (scan, s3); scan += strlen (s3); } data/lastz-1.04.03/src/utilities.c:444:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s4 != NULL) { strcpy (scan, s4); scan += strlen (s4); } data/lastz-1.04.03/src/utilities.c:527:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strncmp (str1, str2, strlen (str2)); data/lastz-1.04.03/src/utilities.c:554:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = strlen(str1); data/lastz-1.04.03/src/utilities.c:555:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = strlen(str2); data/lastz-1.04.03/src/utilities.c:566:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = strlen(str1); data/lastz-1.04.03/src/utilities.c:567:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = strlen(str2); data/lastz-1.04.03/src/utilities.c:685:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (s); data/lastz-1.04.03/src/utilities.c:759:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (s); data/lastz-1.04.03/src/utilities.c:907:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (s); data/lastz-1.04.03/src/utilities.c:1112:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (s); data/lastz-1.04.03/src/utilities.c:1157:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (s); data/lastz-1.04.03/src/utilities.c:1361:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sLen = strlen(s); data/lastz-1.04.03/src/utilities.c:1362:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subLen = strlen(sub); data/lastz-1.04.03/src/utilities.c:1363:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). repLen = strlen(rep); data/lastz-1.04.03/src/utilities.c:1555:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else return strlen(tag); data/lastz-1.04.03/src/utilities.h:118:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define ustrlen(s) (strlen((char*)(s))) data/lastz-1.04.03/src/utilities.h:123:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define strleni(s) ((int)(strlen(s))) ANALYSIS SUMMARY: Hits = 677 Lines analyzed = 65282 in approximately 2.00 seconds (32720 lines/second) Physical Source Lines of Code (SLOC) = 39076 Hits@level = [0] 2033 [1] 230 [2] 119 [3] 0 [4] 328 [5] 0 Hits@level+ = [0+] 2710 [1+] 677 [2+] 447 [3+] 328 [4+] 328 [5+] 0 Hits/KSLOC@level+ = [0+] 69.352 [1+] 17.3252 [2+] 11.4392 [3+] 8.3939 [4+] 8.3939 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.