Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libbigwig-0.4.4+dfsg/bigWig.h
Examining data/libbigwig-0.4.4+dfsg/bigWigIO.h
Examining data/libbigwig-0.4.4+dfsg/bwCommon.h
Examining data/libbigwig-0.4.4+dfsg/bwRead.c
Examining data/libbigwig-0.4.4+dfsg/bwStats.c
Examining data/libbigwig-0.4.4+dfsg/bwValues.c
Examining data/libbigwig-0.4.4+dfsg/bwValues.h
Examining data/libbigwig-0.4.4+dfsg/bwWrite.c
Examining data/libbigwig-0.4.4+dfsg/io.c
Examining data/libbigwig-0.4.4+dfsg/test/exampleWrite.c
Examining data/libbigwig-0.4.4+dfsg/test/testBigBed.c
Examining data/libbigwig-0.4.4+dfsg/test/testIterator.c
Examining data/libbigwig-0.4.4+dfsg/test/testLocal.c
Examining data/libbigwig-0.4.4+dfsg/test/testRemote.c
Examining data/libbigwig-0.4.4+dfsg/test/testRemoteManyContigs.c
Examining data/libbigwig-0.4.4+dfsg/test/testWrite.c
FINAL RESULTS:
data/libbigwig-0.4.4+dfsg/bwWrite.c:320:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p, &(wb->tid), sizeof(uint32_t))) return 1;
data/libbigwig-0.4.4+dfsg/bwWrite.c:321:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+4, &(wb->start), sizeof(uint32_t))) return 2;
data/libbigwig-0.4.4+dfsg/bwWrite.c:322:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+8, &(wb->end), sizeof(uint32_t))) return 3;
data/libbigwig-0.4.4+dfsg/bwWrite.c:323:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+12, &(wb->step), sizeof(uint32_t))) return 4;
data/libbigwig-0.4.4+dfsg/bwWrite.c:324:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+16, &(wb->span), sizeof(uint32_t))) return 5;
data/libbigwig-0.4.4+dfsg/bwWrite.c:325:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+20, &(wb->ltype), sizeof(uint8_t))) return 6;
data/libbigwig-0.4.4+dfsg/bwWrite.c:341:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+22, &nItems, sizeof(uint16_t))) return 8;
data/libbigwig-0.4.4+dfsg/bwWrite.c:402:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l, start, sizeof(uint32_t))) return 7;
data/libbigwig-0.4.4+dfsg/bwWrite.c:403:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l+4, end, sizeof(uint32_t))) return 8;
data/libbigwig-0.4.4+dfsg/bwWrite.c:404:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l+8, values, sizeof(float))) return 9;
data/libbigwig-0.4.4+dfsg/bwWrite.c:423:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l, &(start[i]), sizeof(uint32_t))) return 11;
data/libbigwig-0.4.4+dfsg/bwWrite.c:424:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l+4, &(end[i]), sizeof(uint32_t))) return 12;
data/libbigwig-0.4.4+dfsg/bwWrite.c:425:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l+8, &(values[i]), sizeof(float))) return 13;
data/libbigwig-0.4.4+dfsg/bwWrite.c:450:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l, &(start[i]), sizeof(uint32_t))) return 4;
data/libbigwig-0.4.4+dfsg/bwWrite.c:451:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l+4, &(end[i]), sizeof(uint32_t))) return 5;
data/libbigwig-0.4.4+dfsg/bwWrite.c:452:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l+8, &(values[i]), sizeof(float))) return 6;
data/libbigwig-0.4.4+dfsg/bwWrite.c:485:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l, &(start[i]), sizeof(uint32_t))) return 5;
data/libbigwig-0.4.4+dfsg/bwWrite.c:486:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l+4, &(values[i]), sizeof(float))) return 6;
data/libbigwig-0.4.4+dfsg/bwWrite.c:509:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l, &(start[i]), sizeof(uint32_t))) return 4;
data/libbigwig-0.4.4+dfsg/bwWrite.c:510:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l+4, &(values[i]), sizeof(float))) return 5;
data/libbigwig-0.4.4+dfsg/bwWrite.c:543:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l, &(values[i]), sizeof(float))) return 5;
data/libbigwig-0.4.4+dfsg/bwWrite.c:566:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!memcpy(wb->p+wb->l, &(values[i]), sizeof(float))) return 4;
data/libbigwig-0.4.4+dfsg/bwWrite.c:997:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuffer->p, buffer->p+buffer->l-32, 4);
data/libbigwig-0.4.4+dfsg/bwWrite.c:998:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuffer->p+4, buffer->p+buffer->l-28, 4);
data/libbigwig-0.4.4+dfsg/io.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char range[1024];
data/libbigwig-0.4.4+dfsg/io.c:33:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(range,"%lu-%lu", URL->filePos, URL->filePos+bufSize-1);
data/libbigwig-0.4.4+dfsg/io.c:60:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
p = memcpy(p, URL->memBuf+URL->bufPos, URL->bufLen - URL->bufPos);
data/libbigwig-0.4.4+dfsg/io.c:77:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
p = memcpy(p, URL->memBuf+URL->bufPos, remaining);
data/libbigwig-0.4.4+dfsg/io.c:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, inBuf, copied);
data/libbigwig-0.4.4+dfsg/io.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char range[1024];
data/libbigwig-0.4.4+dfsg/io.c:141:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(range,"%lu-%lu", pos, pos+URL->bufSize-1);
data/libbigwig-0.4.4+dfsg/io.c:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char range[1024];
data/libbigwig-0.4.4+dfsg/io.c:186:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
URL->x.fp = fopen(fname, "rb");
data/libbigwig-0.4.4+dfsg/io.c:223:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(range, "0-%lu", URL->bufSize-1);
data/libbigwig-0.4.4+dfsg/io.c:263:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
URL->x.fp = fopen(fname, mode);
data/libbigwig-0.4.4+dfsg/bwValues.c:533:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str) + 1;
data/libbigwig-0.4.4+dfsg/bwWrite.c:113:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(cl->chrom[i64]);
data/libbigwig-0.4.4+dfsg/bwWrite.c:139:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
chrom = strncpy(chrom, cl->chrom[i * nperblock], keySize);
data/libbigwig-0.4.4+dfsg/bwWrite.c:173:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
chrom = strncpy(chrom, cl->chrom[j], keySize);
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 5047 in approximately 0.31 seconds (16352 lines/second)
Physical Source Lines of Code (SLOC) = 3591
Hits@level = [0] 195 [1] 4 [2] 35 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 234 [1+] 39 [2+] 35 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 65.1629 [1+] 10.8605 [2+] 9.74659 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.