Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lumpy-sv-0.3.1+dfsg/src/filter/filter.c
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_BamReader.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_BamReader.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Bedpe.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Bedpe.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_BedpeReader.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_BedpeReader.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_BreakPoint.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_BreakPoint.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Evidence.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Evidence.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_EvidenceReader.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_EvidenceReader.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_InterChromBamReader.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_InterChromBamReader.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Pair.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Pair.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_PairReader.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_PairReader.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_SplitRead.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_SplitRead.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_SplitReadReader.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_SplitReadReader.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Tools.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Tools.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_VcfVariant.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_VcfVariant.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/bp_softclip_fa.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/log_space.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/log_space.h
Examining data/lumpy-sv-0.3.1+dfsg/src/lumpy/lumpy.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/BamTools-Ancillary/BamAncillary.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/BamTools-Ancillary/BamAncillary.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/BlockedIntervals/BlockedIntervals.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/BlockedIntervals/BlockedIntervals.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/Point/Point.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/UCSCBins/ucsc_bins.hpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/VectorOps/VectorOps.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/VectorOps/VectorOps.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/bedFile/bedFile.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/bedFile/bedFile.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/bedGraphFile/bedGraphFile.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/bedGraphFile/bedGraphFile.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/chromsweep/chromsweep.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/chromsweep/chromsweep.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/fileType/fileType.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/fileType/fileType.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/genomeFile/genomeFile.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/genomeFile/genomeFile.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/lineFileUtilities/lineFileUtilities.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/sequenceUtilities/sequenceUtils.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/sequenceUtilities/sequenceUtils.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/stringUtilities/stringUtilities.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/tabFile/tabFile.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/tabFile/tabFile.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/version/version.cpp
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/version/version.h
Examining data/lumpy-sv-0.3.1+dfsg/src/utils/version/version_git.h
FINAL RESULTS:
data/lumpy-sv-0.3.1+dfsg/src/filter/filter.c:232:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (( c = getopt(argc, argv, "f:")) != -1) {
data/lumpy-sv-0.3.1+dfsg/src/lumpy/lumpy.cpp:143:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time(NULL));
data/lumpy-sv-0.3.1+dfsg/src/filter/filter.c:47:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, b->data, _pre_seq_bytes(b));
data/lumpy-sv-0.3.1+dfsg/src/filter/filter.c:48:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + _pre_seq_bytes(b), bam_get_aux(b), _post_qual_bytes(b));
data/lumpy-sv-0.3.1+dfsg/src/filter/filter.c:201:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*pos = atoi(strtok(NULL, ","));
data/lumpy-sv-0.3.1+dfsg/src/filter/filter.c:241:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threads = atoi(argv[3+optind]);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_BedpeReader.cpp:79:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
weight = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_PairReader.cpp:129:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
read_length = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_PairReader.cpp:131:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_non_overlap = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_PairReader.cpp:133:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
discordant_z = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_PairReader.cpp:135:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
back_distance = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_PairReader.cpp:137:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
weight = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_PairReader.cpp:139:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_mapping_threshold = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_SplitReadReader.cpp:79:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_non_overlap = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_SplitReadReader.cpp:81:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
back_distance = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_SplitReadReader.cpp:83:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
weight = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_SplitReadReader.cpp:85:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_mapping_threshold = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_SplitReadReader.cpp:87:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_clip = atoi(val);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Tools.cpp:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LINE_MAX];
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Tools.cpp:84:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(file_name.c_str(), "r");
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Tools.cpp:96:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(file_name.c_str(), "r");
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Tools.cpp:102:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int tmp = atoi(strtok(line, "\t"));
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Tools.cpp:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LINE_MAX];
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Tools.cpp:127:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(file_name.c_str(), "r");
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_Tools.cpp:140:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(file_name.c_str(), "r");
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_VcfVariant.cpp:386:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int samp_supp = atoi(get_sample_field(samp, "SU").c_str());
data/lumpy-sv-0.3.1+dfsg/src/lumpy/SV_VcfVariant.cpp:387:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ev = atoi(get_sample_field(samp, ev_type).c_str());
data/lumpy-sv-0.3.1+dfsg/src/lumpy/lumpy.cpp:366:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_weight = atoi(argv[i + 1]);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/lumpy.cpp:373:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_sample_weight = atoi(argv[i + 1]);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/lumpy.cpp:380:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
window_size = atoi(argv[i + 1]);
data/lumpy-sv-0.3.1+dfsg/src/utils/BlockedIntervals/BlockedIntervals.cpp:78:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int blockCount = atoi(bed.fields[9].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFile/bedFile.h:554:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int cdsStart = atoi(lineVector[6].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFile/bedFile.h:555:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int cdsEnd = atoi(lineVector[7].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFile/bedFile.h:556:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int numExons = atoi(lineVector[9].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFile/bedFile.h:613:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(lineVector[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFile/bedFile.h:619:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(lineVector[2].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFile/bedFile.h:692:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start = atoi(lineVector[1].c_str()) - 1; // VCF is one-based
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFile/bedFile.h:746:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start = atoi(lineVector[3].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFile/bedFile.h:748:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end = atoi(lineVector[4].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:197:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start1 = atoi(lineVector[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:198:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end1 = atoi(lineVector[2].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:201:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start2 = atoi(lineVector[4].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:202:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end2 = atoi(lineVector[5].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:208:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start1 = atoi(lineVector[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:209:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end1 = atoi(lineVector[2].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:212:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start2 = atoi(lineVector[4].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:213:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end2 = atoi(lineVector[5].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:220:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start1 = atoi(lineVector[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:221:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end1 = atoi(lineVector[2].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:224:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start2 = atoi(lineVector[4].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:225:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end2 = atoi(lineVector[5].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:233:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start1 = atoi(lineVector[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:234:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end1 = atoi(lineVector[2].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:237:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start2 = atoi(lineVector[4].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:238:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end2 = atoi(lineVector[5].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:250:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start1 = atoi(lineVector[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:251:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end1 = atoi(lineVector[2].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:254:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start2 = atoi(lineVector[4].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:255:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end2 = atoi(lineVector[5].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:292:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start1 = atoi(lineVector[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:293:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end1 = atoi(lineVector[2].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:296:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start2 = atoi(lineVector[4].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:297:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end2 = atoi(lineVector[5].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:303:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start1 = atoi(lineVector[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:304:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end1 = atoi(lineVector[2].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:307:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start2 = atoi(lineVector[4].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:308:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end2 = atoi(lineVector[5].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:315:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start1 = atoi(lineVector[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:316:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end1 = atoi(lineVector[2].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:319:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start2 = atoi(lineVector[4].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:320:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end2 = atoi(lineVector[5].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:328:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start1 = atoi(lineVector[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:329:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end1 = atoi(lineVector[2].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:332:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start2 = atoi(lineVector[4].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:333:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end2 = atoi(lineVector[5].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:345:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start1 = atoi(lineVector[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:346:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end1 = atoi(lineVector[2].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:349:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.start2 = atoi(lineVector[4].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/bedFilePE/bedFilePE.cpp:350:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bed.end2 = atoi(lineVector[5].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/genomeFile/genomeFile.cpp:68:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int size = atoi(genomeFields[1].c_str());
data/lumpy-sv-0.3.1+dfsg/src/utils/lineFileUtilities/lineFileUtilities.h:45:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
elems.push_back(atoi(item.c_str()));
data/lumpy-sv-0.3.1+dfsg/src/filter/filter.c:209:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(sa_tag); ++i) {
data/lumpy-sv-0.3.1+dfsg/src/lumpy/bp_softclip_fa.cpp:110:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int parameterLength = (int)strlen(argv[i]);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/bp_softclip_fa.cpp:121:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int parameterLength = (int)strlen(argv[i]);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/lumpy.cpp:158:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int parameterLength = (int)strlen(argv[i]);
data/lumpy-sv-0.3.1+dfsg/src/lumpy/lumpy.cpp:172:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int parameterLength = (int)strlen(argv[i]);
data/lumpy-sv-0.3.1+dfsg/src/utils/fileType/fileType.cpp:57:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!file->read((char*)&gzip_header, sizeof(gzip_header))) {
ANALYSIS SUMMARY:
Hits = 87
Lines analyzed = 14854 in approximately 0.39 seconds (37751 lines/second)
Physical Source Lines of Code (SLOC) = 10230
Hits@level = [0] 80 [1] 6 [2] 79 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 167 [1+] 87 [2+] 81 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 16.3245 [1+] 8.5044 [2+] 7.91789 [3+] 0.195503 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.