Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/maq-0.7.1/altchr.cc
Examining data/maq-0.7.1/assemble.cc
Examining data/maq-0.7.1/assemble.h
Examining data/maq-0.7.1/assopt.c
Examining data/maq-0.7.1/aux_utils.c
Examining data/maq-0.7.1/bfa.c
Examining data/maq-0.7.1/bfa.h
Examining data/maq-0.7.1/break_pair.c
Examining data/maq-0.7.1/const.c
Examining data/maq-0.7.1/const.h
Examining data/maq-0.7.1/csmap2ntmap.cc
Examining data/maq-0.7.1/eland2maq.cc
Examining data/maq-0.7.1/fasta2bfa.c
Examining data/maq-0.7.1/fastq2bfq.c
Examining data/maq-0.7.1/genran.c
Examining data/maq-0.7.1/genran.h
Examining data/maq-0.7.1/get_pos.c
Examining data/maq-0.7.1/glf.h
Examining data/maq-0.7.1/glfgen.cc
Examining data/maq-0.7.1/indel_call.cc
Examining data/maq-0.7.1/indel_pe.cc
Examining data/maq-0.7.1/indel_soa.cc
Examining data/maq-0.7.1/main.c
Examining data/maq-0.7.1/main.h
Examining data/maq-0.7.1/mapcheck.cc
Examining data/maq-0.7.1/maqmap.h
Examining data/maq-0.7.1/maqmap_conv.c
Examining data/maq-0.7.1/match.cc
Examining data/maq-0.7.1/match_aux.cc
Examining data/maq-0.7.1/merge.cc
Examining data/maq-0.7.1/pair_stat.cc
Examining data/maq-0.7.1/pileup.cc
Examining data/maq-0.7.1/rbcc.cc
Examining data/maq-0.7.1/read.cc
Examining data/maq-0.7.1/read.h
Examining data/maq-0.7.1/rmdup.cc
Examining data/maq-0.7.1/seq.c
Examining data/maq-0.7.1/seq.h
Examining data/maq-0.7.1/simulate.c
Examining data/maq-0.7.1/sort_mapping.cc
Examining data/maq-0.7.1/stdaln.c
Examining data/maq-0.7.1/stdaln.h
Examining data/maq-0.7.1/submap.c
Examining data/maq-0.7.1/subsnp.cc
Examining data/maq-0.7.1/maqmap.c
FINAL RESULTS:
data/maq-0.7.1/altchr.cc:31:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(fp, "%s%d%s%s", name, &pos, str1, str2) == 4) {
data/maq-0.7.1/break_pair.c:15:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, prefix); strcat(str, ".map");
data/maq-0.7.1/break_pair.c:17:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, prefix); strcat(str, ".0.map");
data/maq-0.7.1/break_pair.c:19:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, prefix); strcat(str, ".1.map");
data/maq-0.7.1/break_pair.c:21:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, prefix); strcat(str, ".2.map");
data/maq-0.7.1/eland2maq.cc:26:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(fp, "%s", str) != 0) {
data/maq-0.7.1/eland2maq.cc:33:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp, "%s", str);
data/maq-0.7.1/eland2maq.cc:79:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(fp_eland, "%s", str) != 0) {
data/maq-0.7.1/eland2maq.cc:88:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp_eland, "%s", str);
data/maq-0.7.1/eland2maq.cc:96:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp_eland, "%s", str);
data/maq-0.7.1/eland2maq.cc:99:4: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp_eland, "%u%u%u%s%u%s", tmp, tmp+1, tmp+2, str, tmp+3, str2);
data/maq-0.7.1/eland2maq.cc:558:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(fp_export, "%s%d%d%d%d%d", str, ti, ti+1, ti+2, ti+3, ti+4) != 0) {
data/maq-0.7.1/eland2maq.cc:563:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str2, "%s_%d:%d:%d:%d:%d", str, ti[0], ti[1], ti[2], ti[3], ti[4]);
data/maq-0.7.1/fastq2bfq.c:22:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (n_reads <= 0) strcpy(str, fn_bfq);
data/maq-0.7.1/fastq2bfq.c:24:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, fn_bfq);
data/maq-0.7.1/mapcheck.cc:22:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(fp, "%s%d", name, &pos) == 2) {
data/maq-0.7.1/match.cc:525:4: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(tmpfp, "%s", adaptor);
data/maq-0.7.1/match.cc:533:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case 'u': strcpy(dump_file, optarg); break;
data/maq-0.7.1/pileup.cc:80:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s.%d", l->name, coor + 1);
data/maq-0.7.1/rbcc.cc:20:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(fp_dbSNP, "%s%d%s%s%d%f", name, &pos, str1, str2, &qual, &het_rate) == 6) {
data/maq-0.7.1/rbcc.cc:21:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str1, "%s.%d", name, pos);
data/maq-0.7.1/rbcc.cc:76:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s.%d", name, i+1);
data/maq-0.7.1/simulate.c:281:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (!is_flip) sprintf(str, "%s_%u_%u_%llx", name, begin+1, end+1, ii);
data/maq-0.7.1/simulate.c:282:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(str, "%s_%u_%u_%llx", name, begin+1, end+1, ii);
data/maq-0.7.1/simulate.c:392:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, m1->name);
data/maq-0.7.1/sort_mapping.cc:389:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_name, lr->name[k>>1]);
data/maq-0.7.1/sort_mapping.cc:391:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (l - MAX_NAMELEN + 1 > 0) strcpy(m1->name, new_name + l - MAX_NAMELEN + 1);
data/maq-0.7.1/sort_mapping.cc:392:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(m1->name, new_name);
data/maq-0.7.1/subsnp.cc:19:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(fp, "%s%d", name, &pos) == 2) {
data/maq-0.7.1/subsnp.cc:20:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s.%d", name, pos);
data/maq-0.7.1/subsnp.cc:34:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(fp, "%s%d", name, &pos) == 2) {
data/maq-0.7.1/subsnp.cc:35:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s.%d", name, pos);
data/maq-0.7.1/subsnp.cc:77:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s.%d", name, i+1);
data/maq-0.7.1/subsnp.cc:115:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s.%d", name, i+1);
data/maq-0.7.1/subsnp.cc:183:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(fp, "%s%d%s%s%s", name, &pos, a, b, c) == 5) {
data/maq-0.7.1/subsnp.cc:186:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s.%d", name, i);
data/maq-0.7.1/subsnp.cc:190:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s.%d", name, pos);
data/maq-0.7.1/subsnp.cc:214:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s.%d", name, i+1);
data/maq-0.7.1/assopt.c:172:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "q:Q:r:t:e:aspm:N:")) >= 0) {
data/maq-0.7.1/aux_utils.c:236:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "w:b:e:c:q:")) >= 0) {
data/maq-0.7.1/aux_utils.c:261:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "Q:d:D:n:c:")) >= 0) {
data/maq-0.7.1/eland2maq.cc:140:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "q:")) >= 0) {
data/maq-0.7.1/eland2maq.cc:664:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "1:2:a:n")) >= 0) {
data/maq-0.7.1/fasta2bfa.c:66:15: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double r = drand48();
data/maq-0.7.1/fasta2bfa.c:69:9: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = drand48();
data/maq-0.7.1/fasta2bfa.c:215:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "r:R:")) >= 0) {
data/maq-0.7.1/fastq2bfq.c:107:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "n:")) >= 0) {
data/maq-0.7.1/genran.h:13:23: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define ran_uniform() drand48()
data/maq-0.7.1/genran.h:17:20: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define ran_seed() srand(time(0))
data/maq-0.7.1/indel_soa.cc:157:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "")) >= 0) {
data/maq-0.7.1/mapcheck.cc:47:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "sQ:q:m:S:cP:")) >= 0) {
data/maq-0.7.1/maqmap.c:137:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "bN")) >= 0) {
data/maq-0.7.1/match.cc:425:20: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
lsh_global_seed = lrand48();
data/maq-0.7.1/match.cc:517:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "1:2:n:m:a:i:d:ctM:u:e:s:NH:C:A:PW")) >= 0) {
data/maq-0.7.1/match.cc:561:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/maq-0.7.1/pileup.cc:35:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "Q:l:q:vsdpm:P")) >= 0) {
data/maq-0.7.1/rbcc.cc:93:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "r:g:b:")) >= 0) {
data/maq-0.7.1/read.cc:277:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "s1:")) >= 0) {
data/maq-0.7.1/simulate.c:340:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "d:s:N:1:2:r:R:h")) >= 0) {
data/maq-0.7.1/submap.c:52:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "q:Q:m:p")) >= 0) {
data/maq-0.7.1/subsnp.cc:148:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "Q:d:D:n:")) >= 0) {
data/maq-0.7.1/altchr.cc:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], str1[16], str2[16];
data/maq-0.7.1/altchr.cc:91:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_alt = fopen(argv[1], "w");
data/maq-0.7.1/altchr.cc:92:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_bfa = fopen(argv[2], "r");
data/maq-0.7.1/altchr.cc:93:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_snp = fopen(argv[3], "r");
data/maq-0.7.1/assopt.c:175:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'm': aa->max_mm = atoi(optarg); break;
data/maq-0.7.1/assopt.c:176:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'q': aa->min_q = atoi(optarg); break;
data/maq-0.7.1/assopt.c:177:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'Q': aa->max_err = atoi(optarg); break;
data/maq-0.7.1/assopt.c:182:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'N': aa->n_hap = atoi(optarg); break;
data/maq-0.7.1/assopt.c:196:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aa->fp_bfa = fopen(argv[optind+1], "r");
data/maq-0.7.1/aux_utils.c:238:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'w': win_size = atoi(optarg); break;
data/maq-0.7.1/aux_utils.c:239:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'b': begin = atoi(optarg); break;
data/maq-0.7.1/aux_utils.c:240:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'e': end = atoi(optarg); break;
data/maq-0.7.1/aux_utils.c:242:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'q': minQ = atoi(optarg); break;
data/maq-0.7.1/aux_utils.c:263:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'Q': min_mapq = atoi(optarg); break;
data/maq-0.7.1/aux_utils.c:264:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'd': min_depth = atoi(optarg); break;
data/maq-0.7.1/aux_utils.c:265:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'D': max_depth = atoi(optarg); break;
data/maq-0.7.1/aux_utils.c:266:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': min_nQ = atoi(optarg); break;
data/maq-0.7.1/break_pair.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/maq-0.7.1/break_pair.c:15:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(str, prefix); strcat(str, ".map");
data/maq-0.7.1/break_pair.c:17:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(str, prefix); strcat(str, ".0.map");
data/maq-0.7.1/break_pair.c:19:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(str, prefix); strcat(str, ".1.map");
data/maq-0.7.1/break_pair.c:21:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(str, prefix); strcat(str, ".2.map");
data/maq-0.7.1/const.c:24:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nst_nt16_table[256] = {
data/maq-0.7.1/csmap2ntmap.cc:114:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq, t2array+1, size-1); // t2array[0] and t2array[size] are not copied
data/maq-0.7.1/csmap2ntmap.cc:161:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_bfa = fopen(argv[2], "r");
data/maq-0.7.1/eland2maq.cc:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/maq-0.7.1/eland2maq.cc:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024], str2[1024];
data/maq-0.7.1/eland2maq.cc:104:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m1->seq, tmp_seq, m1->size);
data/maq-0.7.1/eland2maq.cc:142:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'q': DEFAULT_QUAL = atoi(optarg); break;
data/maq-0.7.1/eland2maq.cc:146:57: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_eland = (strcmp(argv[optind+2], "-") == 0)? stdin : fopen(argv[optind+2], "r");
data/maq-0.7.1/eland2maq.cc:147:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_list = fopen(argv[optind+1], "r");
data/maq-0.7.1/eland2maq.cc:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * novo[n_poly + 1];
data/maq-0.7.1/eland2maq.cc:296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * novo2[n_poly + 1];
data/maq-0.7.1/eland2maq.cc:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[4096], str2[4096];
data/maq-0.7.1/eland2maq.cc:308:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtstr[1] = "";
data/maq-0.7.1/eland2maq.cc:352:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n_mis = (atoi(novo[n_score]) + 15)/30;
data/maq-0.7.1/eland2maq.cc:359:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m1->seq, tmp_seq, m1->size);
data/maq-0.7.1/eland2maq.cc:371:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m1->pos = (atoi(novo[n_offset])-1)<<1 | (novo[n_strand][0] == 'F'? 0 : 1);
data/maq-0.7.1/eland2maq.cc:373:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m1->info2 = atoi(novo[n_score])/3;
data/maq-0.7.1/eland2maq.cc:374:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m1->map_qual = m1->seq[MAX_READLEN-1] = min(60, atoi(novo[n_quality]));
data/maq-0.7.1/eland2maq.cc:383:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m1->alt_qual = min(60, atoi(novo2[n_quality]));
data/maq-0.7.1/eland2maq.cc:387:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m1->alt_qual = min((int)m1->map_qual, atoi(novo2[n_quality]));
data/maq-0.7.1/eland2maq.cc:391:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
&& (dist = abs( atoi(novo[n_offset]) - atoi(novo[n_offset2]))) < 2000) {
data/maq-0.7.1/eland2maq.cc:391:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
&& (dist = abs( atoi(novo[n_offset]) - atoi(novo[n_offset2]))) < 2000) {
data/maq-0.7.1/eland2maq.cc:434:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n_mis = (atoi(novo2[n_score]) + 15)/30;
data/maq-0.7.1/eland2maq.cc:444:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m1->seq, tmp_seq, m1->size);
data/maq-0.7.1/eland2maq.cc:456:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m1->pos = (atoi(novo2[n_offset])-1)<<1 | (novo2[n_strand][0] == 'F'? 0 : 1);
data/maq-0.7.1/eland2maq.cc:458:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m1->info2 = atoi(novo2[n_score])/3;
data/maq-0.7.1/eland2maq.cc:459:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m1->map_qual = m1->seq[MAX_READLEN-1] = min(60, atoi(novo2[n_quality]));
data/maq-0.7.1/eland2maq.cc:461:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m1->alt_qual = min(60,min((int)m1->map_qual, atoi(novo[n_quality])));
data/maq-0.7.1/eland2maq.cc:514:56: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_novo = (strcmp(argv[optind+2], "-") == 0)? stdin : fopen(argv[optind+2], "r");
data/maq-0.7.1/eland2maq.cc:515:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_list = fopen(argv[optind+1], "r");
data/maq-0.7.1/eland2maq.cc:555:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024], str2[1024];
data/maq-0.7.1/eland2maq.cc:573:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int cur_read = atoi(str) - 1;
data/maq-0.7.1/eland2maq.cc:590:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m1->pos = bit32_t(atoi(str) - 1)<<1 | (str2[0] == 'F'? 0 : 1);
data/maq-0.7.1/eland2maq.cc:594:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m1->seq, tmp_seq, m1->size);
data/maq-0.7.1/eland2maq.cc:607:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c = atoi(str);
data/maq-0.7.1/eland2maq.cc:611:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c = atoi(str);
data/maq-0.7.1/eland2maq.cc:619:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dist = atoi(str);
data/maq-0.7.1/eland2maq.cc:666:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case '1': read_len[0] = atoi(optarg); break;
data/maq-0.7.1/eland2maq.cc:667:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case '2': read_len[1] = atoi(optarg); break;
data/maq-0.7.1/eland2maq.cc:668:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'a': max_dist = atoi(optarg); break;
data/maq-0.7.1/eland2maq.cc:673:58: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_export = (strcmp(argv[optind+2], "-") == 0)? stdin : fopen(argv[optind+2], "r");
data/maq-0.7.1/eland2maq.cc:674:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_list = fopen(argv[optind+1], "r");
data/maq-0.7.1/fasta2bfa.c:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], comment[4096];
data/maq-0.7.1/fasta2bfa.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], comment[4096];
data/maq-0.7.1/fasta2bfa.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/maq-0.7.1/fasta2bfa.c:176:47: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_fa = (strcmp(argv[1], "-") == 0)? stdin : fopen(argv[1], "r");
data/maq-0.7.1/fasta2bfa.c:177:48: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_bfa = (strcmp(argv[2], "-") == 0)? stdin : fopen(argv[2], "w");
data/maq-0.7.1/fasta2bfa.c:194:47: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_fa = (strcmp(argv[1], "-") == 0)? stdin : fopen(argv[1], "r");
data/maq-0.7.1/fasta2bfa.c:222:52: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_fa = (strcmp(argv[optind], "-") == 0)? stdin : fopen(argv[optind], "r");
data/maq-0.7.1/fastq2bfq.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], str[1024];
data/maq-0.7.1/fastq2bfq.c:28:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + l_prefix, "@1.bfq");
data/maq-0.7.1/fastq2bfq.c:35:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + l_prefix, "@%lld.bfq", n+1);
data/maq-0.7.1/fastq2bfq.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/maq-0.7.1/fastq2bfq.c:97:46: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpin = (strcmp(argv[1], "-") == 0)? stdin : fopen(argv[1], "r");
data/maq-0.7.1/fastq2bfq.c:98:48: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpout = (strcmp(argv[2], "-") == 0)? stdout : fopen(argv[2], "w");
data/maq-0.7.1/fastq2bfq.c:109:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': n_reads = atoi(optarg); break;
data/maq-0.7.1/fastq2bfq.c:117:52: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_fq = (strcmp(argv[optind], "-") == 0)? stdin : fopen(argv[optind], "r");
data/maq-0.7.1/glf.h:7:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lk[10]; /** log likelihood ratio, capped at 255 */
data/maq-0.7.1/indel_call.cc:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indel_bases[MAX_READLEN];
data/maq-0.7.1/indel_call.cc:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s0[33], s1[33];
data/maq-0.7.1/indel_call.cc:79:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_bfa = fopen(argv[1], "r");
data/maq-0.7.1/indel_call.cc:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&last, &curr, sizeof(indel_info_t));
data/maq-0.7.1/indel_soa.cc:160:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_bfa = fopen(argv[optind], "r");
data/maq-0.7.1/mapcheck.cc:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/maq-0.7.1/mapcheck.cc:50:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'Q': max_err = atoi(optarg); break;
data/maq-0.7.1/mapcheck.cc:51:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'm': max_mm = atoi(optarg); break;
data/maq-0.7.1/mapcheck.cc:52:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'q': min_mapQ = atoi(optarg); break;
data/maq-0.7.1/mapcheck.cc:53:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'S': qscale = atoi(optarg); break;
data/maq-0.7.1/mapcheck.cc:70:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_bfa = fopen(argv[optind], "r");
data/maq-0.7.1/mapcheck.cc:85:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(f = fopen(poly_file, "r"));
data/maq-0.7.1/maqmap.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAMELEN];
data/maq-0.7.1/maqmap_conv.c:44:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m1, mo1, sizeof(maqmap1_oldaux_t));
data/maq-0.7.1/maqmap_conv.c:45:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m1->name, "%u", i);
data/maq-0.7.1/match.cc:148:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static inline void methy_ref(char methy_mode, read_t query[4], int size_l, int size_r, bit64_t seqi, int j)
data/maq-0.7.1/match.cc:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adaptor[1024], dump_file[1024], methy_mode, *fn_out;
data/maq-0.7.1/match.cc:519:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case '1': size_l = atoi(optarg); break;
data/maq-0.7.1/match.cc:520:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case '2': size_r = atoi(optarg); break;
data/maq-0.7.1/match.cc:521:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'e': max_err10 = int(atoi(optarg) / 10.0 + 0.5); break;
data/maq-0.7.1/match.cc:523:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfp = fopen(optarg, "r");
data/maq-0.7.1/match.cc:528:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': n_mismatch = atoi(optarg); break;
data/maq-0.7.1/match.cc:530:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'a': max_dist = atoi(optarg); break;
data/maq-0.7.1/match.cc:531:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'A': RF_max_dist = atoi(optarg); break;
data/maq-0.7.1/match.cc:532:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'i': min_dist = atoi(optarg); break;
data/maq-0.7.1/match.cc:534:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'C': max_hits = atoi(optarg); break;
data/maq-0.7.1/match.cc:542:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 's': seed = atoi(optarg); break;
data/maq-0.7.1/match.cc:554:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_bfa = fopen(argv[optind+1], "r");
data/maq-0.7.1/pair_stat.cc:125:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_bfa = fopen(argv[1], "r");
data/maq-0.7.1/pileup.cc:39:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'q': min_q = atoi(optarg); break;
data/maq-0.7.1/pileup.cc:42:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
case 'l': fp_list = fopen(optarg, "r"); assert(fp_list); break;
data/maq-0.7.1/pileup.cc:43:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'Q': max_err = atoi(optarg); break;
data/maq-0.7.1/pileup.cc:45:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'm': max_mm = atoi(optarg); break;
data/maq-0.7.1/pileup.cc:51:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_bfa = fopen(argv[optind], "r");
data/maq-0.7.1/pileup.cc:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256];
data/maq-0.7.1/rbcc.cc:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], str1[256], str2[256];
data/maq-0.7.1/rbcc.cc:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256];
data/maq-0.7.1/rbcc.cc:110:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_dbSNP = fopen(argv[optind+2], "r");
data/maq-0.7.1/read.cc:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/maq-0.7.1/read.cc:50:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lr->seq[j<<1], seq.s, size_l);
data/maq-0.7.1/read.cc:59:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lr->seq[(j<<1) | 1], seq.s, size_r);
data/maq-0.7.1/read.cc:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/maq-0.7.1/read.cc:198:48: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpout = (strcmp(argv[2], "-") == 0)? stdout : fopen(argv[2], "w");
data/maq-0.7.1/read.cc:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/maq-0.7.1/read.cc:279:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case '1': l1 = atoi(optarg); break;
data/maq-0.7.1/read.cc:287:49: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = (strcmp(argv[optind], "-") == 0)? stdin : fopen(argv[optind], "r");
data/maq-0.7.1/rmdup.cc:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_NAMELEN+1];
data/maq-0.7.1/rmdup.cc:93:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &m1, sizeof(maqmap1_t)); // replaced as m1
data/maq-0.7.1/rmdup.cc:97:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &m1, sizeof(maqmap1_t));
data/maq-0.7.1/simulate.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/maq-0.7.1/simulate.c:82:44: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = (strcmp(argv[2], "-") == 0)? stdin : fopen(argv[2], "r");
data/maq-0.7.1/simulate.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], qstr[256], str[1024];
data/maq-0.7.1/simulate.c:342:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'd': dist = atoi(optarg); break;
data/maq-0.7.1/simulate.c:343:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 's': std_dev = atoi(optarg); break;
data/maq-0.7.1/simulate.c:344:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'N': N = atoi(optarg); break;
data/maq-0.7.1/simulate.c:345:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case '1': size_l = atoi(optarg); break;
data/maq-0.7.1/simulate.c:346:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case '2': size_r = atoi(optarg); break;
data/maq-0.7.1/simulate.c:353:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpout1 = fopen(argv[optind+0], "w");
data/maq-0.7.1/simulate.c:354:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpout2 = fopen(argv[optind+1], "w");
data/maq-0.7.1/simulate.c:355:54: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_fa = (strcmp(argv[optind+2], "-") == 0)? stdin : fopen(argv[optind+2], "r");
data/maq-0.7.1/simulate.c:380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/maq-0.7.1/simulate.c:399:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p2 = atoi(str + i + 1);
data/maq-0.7.1/simulate.c:403:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p1 = atoi(str + i + 1);
data/maq-0.7.1/simulate.c:472:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc >= 3) Q = atoi(argv[2]);
data/maq-0.7.1/sort_mapping.cc:332:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_dump = fopen(o->dump_file, "w");
data/maq-0.7.1/sort_mapping.cc:354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_name[1024];
data/maq-0.7.1/sort_mapping.cc:363:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m1->seq, lr->seq[k], m1->size); // copy sequence
data/maq-0.7.1/sort_mapping.cc:364:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m1->c, match->c, 2); // only 0-1 are stored
data/maq-0.7.1/stdaln.c:32:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_nt16_table[256] = {
data/maq-0.7.1/stdaln.c:53:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_nt4_table[256] = {
data/maq-0.7.1/stdaln.c:74:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_aa_table[256] = {
data/maq-0.7.1/stdaln.c:96:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_trans_table_eu[66] = {
data/maq-0.7.1/submap.c:54:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'q': so->min_mapQ = atoi(optarg); break;
data/maq-0.7.1/submap.c:55:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'Q': so->max_sum_err = atoi(optarg); break;
data/maq-0.7.1/submap.c:56:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'm': so->max_mm = atoi(optarg); break;
data/maq-0.7.1/subsnp.cc:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], key[256];
data/maq-0.7.1/subsnp.cc:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], key[256];
data/maq-0.7.1/subsnp.cc:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256], *str;
data/maq-0.7.1/subsnp.cc:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256], *str;
data/maq-0.7.1/subsnp.cc:135:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_snp = fopen(argv[2], "r");
data/maq-0.7.1/subsnp.cc:150:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'Q': min_mapq = atoi(optarg); break;
data/maq-0.7.1/subsnp.cc:151:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'd': min_depth = atoi(optarg); break;
data/maq-0.7.1/subsnp.cc:152:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'D': max_depth = atoi(optarg); break;
data/maq-0.7.1/subsnp.cc:153:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': min_nQ = atoi(optarg); break;
data/maq-0.7.1/subsnp.cc:168:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(fp_snp = fopen(argv[optind+1], "r"));
data/maq-0.7.1/subsnp.cc:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], key[256], a[3], b[3], c[3];
data/maq-0.7.1/subsnp.cc:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256];
data/maq-0.7.1/subsnp.cc:239:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_snp = fopen(argv[2], "r");
data/maq-0.7.1/altchr.cc:33:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != '\n' && c != EOF);
data/maq-0.7.1/altchr.cc:100:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(l->name) + 1;
data/maq-0.7.1/assemble.cc:224:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(l->name) + 1;
data/maq-0.7.1/break_pair.c:32:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(m1.name);
data/maq-0.7.1/eland2maq.cc:37:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != EOF && c != '\n');
data/maq-0.7.1/eland2maq.cc:85:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m1->name, str+1, MAX_NAMELEN-1);
data/maq-0.7.1/eland2maq.cc:90:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m1->size = l = strlen(str);
data/maq-0.7.1/eland2maq.cc:117:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((i = fgetc(fp_eland)) != EOF && i != '\n');
data/maq-0.7.1/eland2maq.cc:229:41: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
sc[posn] = sc[posn-1] - mismatch;
data/maq-0.7.1/eland2maq.cc:338:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m1->name, novo[n_readid]+1, MAX_NAMELEN-1);
data/maq-0.7.1/eland2maq.cc:341:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m1->size = l = strlen(novo[n_seq]);
data/maq-0.7.1/eland2maq.cc:393:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dist = -(dist + strlen(novo[n_seq]));
data/maq-0.7.1/eland2maq.cc:395:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dist += strlen(novo2[n_seq]);
data/maq-0.7.1/eland2maq.cc:420:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m1->name, novo2[n_readid]+1, MAX_NAMELEN-1);
data/maq-0.7.1/eland2maq.cc:423:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m1->size = l = strlen(novo2[n_seq]);
data/maq-0.7.1/eland2maq.cc:531:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != '\n' && c != '\t' && c != EOF)
data/maq-0.7.1/eland2maq.cc:565:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m1->name, str2, MAX_NAMELEN-1);
data/maq-0.7.1/eland2maq.cc:570:3: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp_export); // skip '\t'
data/maq-0.7.1/eland2maq.cc:577:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m1->size = l = strlen(str);
data/maq-0.7.1/eland2maq.cc:599:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(str);
data/maq-0.7.1/eland2maq.cc:636:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else while ((c = fgetc(fp_export)) != EOF && c != '\n');
data/maq-0.7.1/fasta2bfa.c:147:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(bfa1->name) + 1;
data/maq-0.7.1/fastq2bfq.c:25:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(str + strlen(fn_bfq) - 4, ".bfq") == 0) // remove ".bfq" suffix if exist
data/maq-0.7.1/fastq2bfq.c:26:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(fn_bfq) - 4] = '\0';
data/maq-0.7.1/fastq2bfq.c:27:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_prefix = strlen(str);
data/maq-0.7.1/fastq2bfq.c:46:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(name) + 1;
data/maq-0.7.1/glfgen.cc:127:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(l->name) + 1;
data/maq-0.7.1/mapcheck.cc:25:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != EOF && c != '\n');
data/maq-0.7.1/maqmap.c:30:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mm->ref_name[i]) + 1;
data/maq-0.7.1/match_aux.cc:178:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(adaptor);
data/maq-0.7.1/match_aux.cc:183:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(adaptor);
data/maq-0.7.1/read.cc:60:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tl = strlen(name);
data/maq-0.7.1/rmdup.cc:42:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int c1, c2, tl = strlen(name);
data/maq-0.7.1/rmdup.cc:46:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, name, tl-1);
data/maq-0.7.1/seq.c:23:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && fgetc(fp) != '>');
data/maq-0.7.1/seq.c:26:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && (c = fgetc(fp)) != ' ' && c != '\t' && c != '\n')
data/maq-0.7.1/seq.c:32:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && ((c = fgetc(fp)) == ' ' || c == '\t'));
data/maq-0.7.1/seq.c:35:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && (c = fgetc(fp)) != '\n')
data/maq-0.7.1/seq.c:40:44: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (c != '\n') while (!feof(fp) && fgetc(fp) != '\n');
data/maq-0.7.1/seq.c:42:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && (c = fgetc(fp)) != '>') {
data/maq-0.7.1/seq.c:63:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && fgetc(fp) != '@');
data/maq-0.7.1/seq.c:66:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && (c = fgetc(fp)) != ' ' && c != '\t' && c != '\n')
data/maq-0.7.1/seq.c:69:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (c != '\n') while (!feof(fp) && fgetc(fp) != '\n');
data/maq-0.7.1/seq.c:71:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && (c = fgetc(fp)) != '+') {
data/maq-0.7.1/seq.c:84:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && fgetc(fp) != '+');
data/maq-0.7.1/seq.c:86:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(fp) && (c = fgetc(fp)) != ' ' && c != '\t' && c != '\n')
data/maq-0.7.1/seq.c:93:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/maq-0.7.1/seq.c:102:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/maq-0.7.1/simulate.c:393:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0, i = strlen(str) - 1; i >= 0; --i) {
data/maq-0.7.1/sort_mapping.cc:388:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(lr->name[k>>1]);
data/maq-0.7.1/stdaln.c:741:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len1 < 0) len1 = strlen(seq1);
data/maq-0.7.1/stdaln.c:742:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len2 < 0) len2 = strlen(seq2);
data/maq-0.7.1/subsnp.cc:22:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != EOF && c != '\n') buffer[i++] = c;
data/maq-0.7.1/subsnp.cc:36:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != EOF && c != '\n');
ANALYSIS SUMMARY:
Hits = 283
Lines analyzed = 8250 in approximately 0.38 seconds (21462 lines/second)
Physical Source Lines of Code (SLOC) = 7465
Hits@level = [0] 393 [1] 54 [2] 168 [3] 23 [4] 38 [5] 0
Hits@level+ = [0+] 676 [1+] 283 [2+] 229 [3+] 61 [4+] 38 [5+] 0
Hits/KSLOC@level+ = [0+] 90.5559 [1+] 37.9102 [2+] 30.6765 [3+] 8.17147 [4+] 5.09042 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.