Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnTranslator.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnLocation.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFilter.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnPosSpecificTranslator.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnprec.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnStringSpec.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnDNASequence.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnExceptionCode.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnContigSpec.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFeature.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnBaseFeature.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/OmpGuard.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSEQSource.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/IntervalSequenceTree.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnRAWSource.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnPosSpecificTranslator.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnBaseQualifier.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFileContig.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSetup.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnTranslator.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSequence.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSourceQualifier.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFragmentSpec.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSEQSource.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnBaseHeader.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSourceFactory.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFastTranslator.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnGBKSource.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnRNASequence.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFASSource.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnDataBaseSource.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnGenomeSpec.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/testTests.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSourceSpec.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnBaseSpec.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/TestgnSeqConverter.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnABISource.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnGenomeSpec.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/test-o-matic.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnBaseSource.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFastTranslator.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFileSource.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFeature.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSourceHeader.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnStringTools.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFilter.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSequence.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnCompare.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnRAWSource.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnClone.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnMultiSpec.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnGBKSource.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/coordMapper.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFileSource.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnDefs.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/testSourceSeq.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnContigSpec.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSeqStringTest.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSourceFactory.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnStringTools.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFragmentSpec.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFASSource.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/testSource.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFileContig.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/testgnSequence.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnABISource.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnStringHeader.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnVersion.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnBaseFeature.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnException.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnLocation.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnCompare.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSourceSpec.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnBaseFilter.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/TestRevComp.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnException.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnStringQualifier.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnDebug.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnStringSpec.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnProteinSequence.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSourceQualifier.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSourceHeader.h Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/testSourceFactory.cpp Examining data/libgenome-1.3.11+svn20110227.4616/libGenome/gnDefs.cpp FINAL RESULTS: data/libgenome-1.3.11+svn20110227.4616/libGenome/gnCompare.cpp:116:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, array[ch]); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFastTranslator.cpp:127:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( output_array + outpos, iter->second.c_str() ); data/libgenome-1.3.11+svn20110227.4616/libGenome/TestRevComp.cpp:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bubba[50]; data/libgenome-1.3.11+svn20110227.4616/libGenome/coordMapper.cpp:51:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). coord_file.open(filename.c_str()); data/libgenome-1.3.11+svn20110227.4616/libGenome/coordMapper.cpp:136:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minimum_match_size = atoi(argv[6]); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFileSource.cpp:37:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifstream.open( m_openString.c_str(), ios::in | ios::binary ); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFileSource.cpp:49:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifstream.open(openString.c_str(), ios::in | ios::binary ); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFileSource.cpp:74:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifstream.open( m_openString.c_str(), ios::in | ios::binary ); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFileSource.cpp:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ BUFFER_SIZE ]; data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFilter.cpp:164:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*seq, tmp, len); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnGBKSource.cpp:754:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). curLocationStart = atoi(starter.c_str()); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnGBKSource.cpp:797:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gnSeqI curLocationEnd = atoi(ender.c_str()); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSEQSource.cpp:511:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). curLocationStart = atoi(starter.c_str()); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSEQSource.cpp:554:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gnSeqI curLocationEnd = atoi(ender.c_str()); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSequence.cpp:303:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pSeqC, *tomp, length); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSourceFactory.cpp:293:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char folder[FILENAME_MAX], *f2; data/libgenome-1.3.11+svn20110227.4616/libGenome/gnStringSpec.h:100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, m_seqString.data() + start, bufLen); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnTranslator.cpp:119:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*seq, output.data(), len); data/libgenome-1.3.11+svn20110227.4616/libGenome/testSourceFactory.cpp:192:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bubba[50]; data/libgenome-1.3.11+svn20110227.4616/libGenome/testSourceSeq.cpp:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bubba[50]; data/libgenome-1.3.11+svn20110227.4616/libGenome/testgnSequence.cpp:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bubba[50]; data/libgenome-1.3.11+svn20110227.4616/libGenome/gnCompare.cpp:114:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 curlen = strlen(array[ch]); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnCompare.cpp:134:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 curlen = strlen(array[ch]); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFASSource.cpp:138:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_ifstream.read(tmpBuf, readLen); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFASSource.cpp:171:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_ifstream.read(tmpBuf, readLen); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFASSource.cpp:256:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_ifstream.read( tmpbuf, tmpbufsize ); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFASSource.cpp:431:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fin.read( buf, BUFFER_SIZE); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFileSource.cpp:95:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_ifstream.read(buf, bufLen); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnFileSource.cpp:116:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_ifstream.read( buf, 2); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnGBKSource.cpp:136:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_ifstream.read(tmpBuf, readLen); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnGBKSource.cpp:167:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_ifstream.read(tmpBuf, readLen); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnGBKSource.cpp:255:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_ifstream.read( tmpbuf, tmpbufsize ); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnGBKSource.cpp:630:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fin.read( buf + remainingBuffer, BUFFER_SIZE - remainingBuffer); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnRAWSource.cpp:135:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fin.read( buf , BUFFER_SIZE ); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSEQSource.cpp:123:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_ifstream.read(tmpBuf, readLen); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSEQSource.cpp:154:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_ifstream.read(tmpBuf, readLen); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSEQSource.cpp:246:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_ifstream.read( tmpbuf, tmpbufsize ); data/libgenome-1.3.11+svn20110227.4616/libGenome/gnSEQSource.cpp:385:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fin.read( buf + remainingBuffer, BUFFER_SIZE - remainingBuffer); ANALYSIS SUMMARY: Hits = 38 Lines analyzed = 16344 in approximately 0.43 seconds (38262 lines/second) Physical Source Lines of Code (SLOC) = 11124 Hits@level = [0] 0 [1] 17 [2] 19 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 38 [1+] 38 [2+] 21 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 3.41604 [1+] 3.41604 [2+] 1.88781 [3+] 0.179791 [4+] 0.179791 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.