Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ngmlr-0.2.7+dfsg/lib/intervaltree/IntervalTree.h
Examining data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h
Examining data/ngmlr-0.2.7+dfsg/src/AlignmentMatrix.cpp
Examining data/ngmlr-0.2.7+dfsg/src/AlignmentMatrix.h
Examining data/ngmlr-0.2.7+dfsg/src/AlignmentMatrixFast.cpp
Examining data/ngmlr-0.2.7+dfsg/src/AlignmentMatrixFast.h
Examining data/ngmlr-0.2.7+dfsg/src/ArgParseOutput.h
Examining data/ngmlr-0.2.7+dfsg/src/ArgParser.cpp
Examining data/ngmlr-0.2.7+dfsg/src/ArgParser.h
Examining data/ngmlr-0.2.7+dfsg/src/CS.cpp
Examining data/ngmlr-0.2.7+dfsg/src/CS.h
Examining data/ngmlr-0.2.7+dfsg/src/CSstatic.cpp
Examining data/ngmlr-0.2.7+dfsg/src/ConvexAlign.cpp
Examining data/ngmlr-0.2.7+dfsg/src/ConvexAlign.h
Examining data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp
Examining data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.h
Examining data/ngmlr-0.2.7+dfsg/src/FastxParser.h
Examining data/ngmlr-0.2.7+dfsg/src/FileWriter.h
Examining data/ngmlr-0.2.7+dfsg/src/GZFileWriter.h
Examining data/ngmlr-0.2.7+dfsg/src/GenericReadWriter.h
Examining data/ngmlr-0.2.7+dfsg/src/IAlignment.h
Examining data/ngmlr-0.2.7+dfsg/src/IConfig.h
Examining data/ngmlr-0.2.7+dfsg/src/ILog.h
Examining data/ngmlr-0.2.7+dfsg/src/IParser.h
Examining data/ngmlr-0.2.7+dfsg/src/IReadProvider.h
Examining data/ngmlr-0.2.7+dfsg/src/IRefProvider.h
Examining data/ngmlr-0.2.7+dfsg/src/LinearRegression.cpp
Examining data/ngmlr-0.2.7+dfsg/src/LinearRegression.h
Examining data/ngmlr-0.2.7+dfsg/src/LocationScore.h
Examining data/ngmlr-0.2.7+dfsg/src/Log.h
Examining data/ngmlr-0.2.7+dfsg/src/Logging.cpp
Examining data/ngmlr-0.2.7+dfsg/src/MappedRead.cpp
Examining data/ngmlr-0.2.7+dfsg/src/MappedRead.h
Examining data/ngmlr-0.2.7+dfsg/src/MemCheck.h
Examining data/ngmlr-0.2.7+dfsg/src/NGM.cpp
Examining data/ngmlr-0.2.7+dfsg/src/NGM.h
Examining data/ngmlr-0.2.7+dfsg/src/NGMStats.h
Examining data/ngmlr-0.2.7+dfsg/src/NGMTask.h
Examining data/ngmlr-0.2.7+dfsg/src/NGMThreads.h
Examining data/ngmlr-0.2.7+dfsg/src/OutputReadBuffer.cpp
Examining data/ngmlr-0.2.7+dfsg/src/OutputReadBuffer.h
Examining data/ngmlr-0.2.7+dfsg/src/PlainFileWriter.h
Examining data/ngmlr-0.2.7+dfsg/src/PlatformSpecifics.h
Examining data/ngmlr-0.2.7+dfsg/src/PrefixTable.cpp
Examining data/ngmlr-0.2.7+dfsg/src/PrefixTable.h
Examining data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp
Examining data/ngmlr-0.2.7+dfsg/src/ReadProvider.h
Examining data/ngmlr-0.2.7+dfsg/src/ReadStatus.h
Examining data/ngmlr-0.2.7+dfsg/src/SAMWriter.cpp
Examining data/ngmlr-0.2.7+dfsg/src/SAMWriter.h
Examining data/ngmlr-0.2.7+dfsg/src/SamParser.cpp
Examining data/ngmlr-0.2.7+dfsg/src/SamParser.h
Examining data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp
Examining data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.h
Examining data/ngmlr-0.2.7+dfsg/src/SequenceLocation.h
Examining data/ngmlr-0.2.7+dfsg/src/SequenceProvider.cpp
Examining data/ngmlr-0.2.7+dfsg/src/SequenceProvider.h
Examining data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp
Examining data/ngmlr-0.2.7+dfsg/src/StrippedSW.h
Examining data/ngmlr-0.2.7+dfsg/src/Timing.h
Examining data/ngmlr-0.2.7+dfsg/src/Types.h
Examining data/ngmlr-0.2.7+dfsg/src/Version.h
Examining data/ngmlr-0.2.7+dfsg/src/main.cpp
Examining data/ngmlr-0.2.7+dfsg/src/unix.cpp
Examining data/ngmlr-0.2.7+dfsg/src/unix_threads.cpp
Examining data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp
Examining data/ngmlr-0.2.7+dfsg/src/NGMTask.cpp
FINAL RESULTS:
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2376:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, s, args);
data/ngmlr-0.2.7+dfsg/src/ArgParser.cpp:35:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cstr, str.c_str());
data/ngmlr-0.2.7+dfsg/src/GenericReadWriter.h:51:10: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
done = vsprintf(writeBuffer + bufferPosition, format, arg);
data/ngmlr-0.2.7+dfsg/src/Logging.cpp:57:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
written += sprintf(preBuffer, "%s[%s] ", lvlStr[lvl], title);
data/ngmlr-0.2.7+dfsg/src/Logging.cpp:61:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(preBuffer + written, s, args);
data/ngmlr-0.2.7+dfsg/src/Logging.cpp:98:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, s, args);
data/ngmlr-0.2.7+dfsg/src/PrefixTable.cpp:108:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cacheFile, refFileName.str().c_str());
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:84:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(readPart->name, read->name);
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:114:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(readPart->name, read->name);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:818:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->anchors, tmpA, a->anchorLength * (sizeof(Anchor)));
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:819:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->anchors + a->anchorLength, b->anchors,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2946:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(anchorsTmp, anchorsFwd, anchorFwdIndex * sizeof(Anchor));
data/ngmlr-0.2.7+dfsg/src/CS.cpp:164:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * kmerCount = fopen(ss.str().c_str(), "w");
data/ngmlr-0.2.7+dfsg/src/ConvexAlign.cpp:66:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
offset = sprintf(cigar, "%d%c", length, op);
data/ngmlr-0.2.7+dfsg/src/ConvexAlign.cpp:81:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, result.nmPerPosition, result.nmPerPostionLength * sizeof(PositionNM));
data/ngmlr-0.2.7+dfsg/src/ConvexAlign.cpp:166:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
md_offset += sprintf(result.pQry + md_offset, "%d", md_eq_length);
data/ngmlr-0.2.7+dfsg/src/ConvexAlign.cpp:168:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
md_offset += sprintf(result.pQry + md_offset, "%c",
data/ngmlr-0.2.7+dfsg/src/ConvexAlign.cpp:210:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
md_offset += sprintf(result.pQry + md_offset, "%d", md_eq_length);
data/ngmlr-0.2.7+dfsg/src/ConvexAlign.cpp:260:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
md_offset += sprintf(result.pQry + md_offset, "%d", md_eq_length);
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp:69:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
offset = sprintf(cigar, "%d%c", length, op);
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, result.nmPerPosition, result.nmPerPostionLength * sizeof(PositionNM));
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp:104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, result.pQry, sizeof(char) * (result.maxMdBufferLength / 2));
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp:188:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
md_offset += sprintf(result.pQry + md_offset, "%d", md_eq_length);
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp:190:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
md_offset += sprintf(result.pQry + md_offset, "%c",
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp:233:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
md_offset += sprintf(result.pQry + md_offset, "%d", md_eq_length);
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp:284:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
md_offset += sprintf(result.pQry + md_offset, "%d", md_eq_length);
data/ngmlr-0.2.7+dfsg/src/IParser.h:57:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read->name, kseq->name.s, nameLength);
data/ngmlr-0.2.7+dfsg/src/IParser.h:90:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read->qlty, kseq->qual.s, read->length);
data/ngmlr-0.2.7+dfsg/src/IParser.h:108:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read->name, kseq->name.s, nameLength);
data/ngmlr-0.2.7+dfsg/src/Logging.cpp:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preBuffer[1024];
data/ngmlr-0.2.7+dfsg/src/Logging.cpp:59:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
written += sprintf(preBuffer, "%d\t", lvl);
data/ngmlr-0.2.7+dfsg/src/Logging.cpp:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[20];
data/ngmlr-0.2.7+dfsg/src/Logging.cpp:121:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(timestamp, "%4i-%02i-%02i_%02i-%02i-%02i", tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min,
data/ngmlr-0.2.7+dfsg/src/MappedRead.cpp:128:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Scores, tmp, n * sizeof(LocationScore));
data/ngmlr-0.2.7+dfsg/src/PlainFileWriter.h:28:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(m_Output = fopen(filename, "w"))) {
data/ngmlr-0.2.7+dfsg/src/PrefixTable.cpp:541:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(fileName, "wb"))) {
data/ngmlr-0.2.7+dfsg/src/PrefixTable.cpp:584:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fileName, "rb");
data/ngmlr-0.2.7+dfsg/src/SamParser.cpp:66:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RevSeq, Seq, qryMaxLen);
data/ngmlr-0.2.7+dfsg/src/SamParser.cpp:101:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bool reverse = atoi(lineBuffer) & 0x10;
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:52:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpScores, read->Scores, sizeof(LocationScore) * read->numScores());
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.h:67:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
m_QryBuffer = new char const *[swBatchSize];
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.h:68:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
m_RefBuffer = new char const *[swBatchSize];
data/ngmlr-0.2.7+dfsg/src/SequenceProvider.cpp:218:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fileName, "rb");
data/ngmlr-0.2.7+dfsg/src/SequenceProvider.cpp:257:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(fileName, "wb"))) {
data/ngmlr-0.2.7+dfsg/src/SequenceProvider.h:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[maxRefNameLength];
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:242:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outcigar += sprintf(outcigar, "%d%c", align.QStart, 'S');
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:248:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outcigar += sprintf(outcigar, "%d%c",
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:255:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outcigar += sprintf(outcigar, "%d%c", align.QEnd, 'S');
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:317:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outcigar += sprintf(outcigar, "%d%c", align.QStart, 'S');
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:323:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outcigar += sprintf(outcigar, "%d%c",
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:330:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outcigar += sprintf(outcigar, "%d%c", align.QEnd, 'S');
data/ngmlr-0.2.7+dfsg/src/main.cpp:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/ngmlr-0.2.7+dfsg/src/main.cpp:138:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(filename, "rb");
data/ngmlr-0.2.7+dfsg/src/unix.cpp:84:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(filename, "r");
data/ngmlr-0.2.7+dfsg/src/unix.cpp:93:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:26:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void AlignmentBuffer::debugAlgnFinished(MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:55:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const qryLen = strlen(readSeq);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:71:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const qryLen = strlen(readSeq);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:87:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const qryLen = strlen(readSeq);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:111:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const qryLen = strlen(readSeq);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:112:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const refLen = strlen(refSeq);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:134:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const qryLen = strlen(readSeq);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:135:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const refLen = strlen(refSeq);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:229:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
MappedRead const * const read, bool realign, bool const fullAlignment,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:392:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Log.Message("%d/%d bp: %f - %f", strlen(refSeq), strlen(readSeq), time1, time2);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:392:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Log.Message("%d/%d bp: %f - %f", strlen(refSeq), strlen(readSeq), time1, time2);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:876:188: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Interval * * AlignmentBuffer::getIntervalsFromAnchors(int & intervalsIndex, Anchor * allFwdAnchors, int allFwdAnchorsLength, Anchor * allRevAnchors, int allRevAnchorsLength, MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1158:218: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int AlignmentBuffer::checkForSV(Align const * const align, Interval const * interval, char const * const fullReadSeq, uloc inversionMidpointOnRef, uloc inversionMidpointOnRead, int const inversionLength, MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1182:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const fullReadSeqLength = strlen(fullReadSeq);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1202:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(readSeq, fullReadSeq + inversionMidpointOnRead - readCheckLength, readCheckLength * 2);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1205:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(readSeq) > 0) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1269:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Interval * leftOfInv, Interval * rightOfInv, MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1377:129: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = checkForSV(align, alignedInterval, readPartSeq, inversionMidpointOnRef, inversionMidpointOnRead, inversionLength, read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1469:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Align * AlignmentBuffer::alignInterval(MappedRead const * const read,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1505:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QStart, QEnd, read->length, read, realign, fullAlignment,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1516:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int const onReadStart, bool const isReverse, MappedRead* read,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1530:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(readSeq.get(), read->Seq + onReadStart, readSeqLen);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1546:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Interval const * interval, MappedRead* read,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1548:80: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return extractReadSeq(readSeqLen, interval->onReadStart, interval->isReverse, read, revComp);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1553:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
MappedRead * read, Align * tmpAling, int & alignIxndex,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1570:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
alignLeft = alignInterval(read, leftOfInv, extractReadSeq(readSeqLen, leftOfInv, read).get(), readSeqLen, true, false);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1570:83: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
alignLeft = alignInterval(read, leftOfInv, extractReadSeq(readSeqLen, leftOfInv, read).get(), readSeqLen, true, false);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1608:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
alignRight = alignInterval(read, rightOfInv, extractReadSeq(readSeqLen, rightOfInv, read).get(), readSeqLen, true, false);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1608:87: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
alignRight = alignInterval(read, rightOfInv, extractReadSeq(readSeqLen, rightOfInv, read).get(), readSeqLen, true, false);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1646:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
alignInv = alignInterval(read, inv, extractReadSeq(readSeqLen, inv, read).get(), readSeqLen, true, true);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1646:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
alignInv = alignInterval(read, inv, extractReadSeq(readSeqLen, inv, read).get(), readSeqLen, true, true);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1653:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
alignInvRev = alignInterval(read, inv, extractReadSeq(readSeqLen, inv, read, true).get(), readSeqLen, true, true);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1653:76: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
alignInvRev = alignInterval(read, inv, extractReadSeq(readSeqLen, inv, read, true).get(), readSeqLen, true, true);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1790:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void AlignmentBuffer::alignSingleOrMultipleIntervals(MappedRead * read, Interval const * const interval, LocationScore * tmp, Align * tmpAling, int & alignIndex) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1793:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto readPartSeq = extractReadSeq(readSeqLen, interval, read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1796:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Align * align = alignInterval(read, interval, readPartSeq.get(), readSeqLen, false, false);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1806:93: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
svType = detectMisalignment(align, interval, readPartSeq.get(), leftOfInv, rightOfInv, read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:1811:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
svType = realign(svType, interval, leftOfInv, rightOfInv, read, tmpAling, alignIndex, tmp, mq);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2426:3: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2516:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float AlignmentBuffer::scoreInterval(Interval * interval, MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2524:93: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto readSeq = extractReadSeq(interval->lengthOnRead(), onReadStart, interval->isReverse, read, false);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2551:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void AlignmentBuffer::processShortRead(MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2591:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto readPartSeq = extractReadSeq(read->length, interval, read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2596:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read->length, 0, 0, read->length, read, false, false, true);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2644:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
WriteRead(read, true);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2646:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
WriteRead(read, false);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2649:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
WriteRead(read, false);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2653:153: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool AlignmentBuffer::gapOverlapsWithInterval(Interval * first, Interval * second, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2672:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return gapOverlapsWithInterval(&gap, intervalsTree, read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2676:132: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool AlignmentBuffer::gapOverlapsWithInterval(Interval * gap, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2712:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 0 && gap->lengthOnRead() < maxLengthAlignmentCheck) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2714:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float score1 = scoreInterval(interval, read) / interval->lengthOnRead();
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2715:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float score2 = scoreInterval(gap, read) / gap->lengthOnRead();
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2735:162: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool AlignmentBuffer::gapToEndOverlapsWithInterval(Interval * second, int const readLength, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2748:144: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool AlignmentBuffer::gapFromStartOverlapsWithInterval(Interval * second, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2784:153: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void AlignmentBuffer::extendToReadStart(Interval * interval, int const readLength, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2794:68: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!gapFromStartOverlapsWithInterval(interval, intervalsTree, read)) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2810:152: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void AlignmentBuffer::extendToReadStop(Interval * interval, int const readLength, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:2820:76: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!gapToEndOverlapsWithInterval(interval, readLength, intervalsTree, read)) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3149:79: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(gapOverlapsWithInterval(lastInterval, currentInterval, intervalsTree, read)) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3157:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extendToReadStart(lastInterval, read->length, intervalsTree, read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3188:70: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extendToReadStart(lastInterval, read->length, intervalsTree, read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3206:68: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extendToReadStart(lastInterval, read->length, intervalsTree, read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3228:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extendToReadStart(lastInterval, read->length, intervalsTree, read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3240:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extendToReadStart(lastInterval, read->length, intervalsTree, read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3245:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extendToReadStop(lastInterval, read->length, intervalsTree, read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3389:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
alignSingleOrMultipleIntervals(read, currentInterval, tmpLocationScores, tmpAlingments, nTempAlignments);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3416:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
verbose(0, true, "%s (%d) not mapped", read, read->length);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3420:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
verbose(0, true, "%s (%d) not mapped", read, read->length);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3424:83: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
verbose(0, true, "%s (%d) not mapped. No candidates found for read: unmapped.", read, read->length);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3456:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void AlignmentBuffer::SaveRead(MappedRead * read, bool mapped) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3457:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
WriteRead(read, mapped);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3460:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void AlignmentBuffer::WriteRead(MappedRead* read, bool mapped) {
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3471:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_Writer->WriteRead(read, mapped);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.cpp:3473:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
NGM.GetReadProvider()->DisposeRead(read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:46:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
MappedRead * read;
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:83:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void debugAlgnFinished(MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:201:137: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool gapOverlapsWithInterval(Interval * first, Interval * second, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:206:116: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool gapOverlapsWithInterval(Interval * gap, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:211:146: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool gapToEndOverlapsWithInterval(Interval * second, int const readLength, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:216:128: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool gapFromStartOverlapsWithInterval(Interval * second, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:226:137: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void extendToReadStart(Interval * interval, int const readLength, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:231:136: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void extendToReadStop(Interval * interval, int const readLength, IntervalTree::IntervalTree<Interval *> * intervalsTree, MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:243:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Anchor * allRevAnchors, int allRevAnchorsLength, MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:246:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int allRevAnchorsLength, MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:249:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Align computeAlignment(MappedRead* read, int const scoreId,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:254:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int const QEnd, int fullReadLength, MappedRead const * const read,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:260:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Interval const * interval, MappedRead* read, bool const revComp = false);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:263:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int const onReadStart, bool const isReverse, MappedRead* read,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:266:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Align * alignInterval(MappedRead const * const read,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:269:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void alignSingleOrMultipleIntervals(MappedRead * read,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:274:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Interval * leftOfInv, Interval * rightOfInv, MappedRead * read,
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:291:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:293:196: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int checkForSV(Align const * const align, Interval const * interval, char const * const fullReadSeq, uloc inversionMidpointOnRef, uloc inversionMidpointOnRead, int inversionLength, MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:298:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float scoreInterval(Interval * interval, MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:311:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void processShortRead(MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:414:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void SaveRead(MappedRead* read, bool mapped = true);
data/ngmlr-0.2.7+dfsg/src/AlignmentBuffer.h:415:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void WriteRead(MappedRead* read, bool mapped);
data/ngmlr-0.2.7+dfsg/src/CS.cpp:158:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void CS::debugCS(MappedRead * read, int& n, float& mi_Threshhold) {
data/ngmlr-0.2.7+dfsg/src/CS.cpp:217:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int CS::CollectResultsStd(MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/CS.cpp:271:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int CS::CollectResultsFallback(MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/CS.cpp:276:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void CS::SendToBuffer(MappedRead * read, ScoreBuffer * sw,
data/ngmlr-0.2.7+dfsg/src/CS.cpp:304:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sw->addRead(read, count);
data/ngmlr-0.2.7+dfsg/src/CS.cpp:312:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
out->WriteRead(read, false);
data/ngmlr-0.2.7+dfsg/src/CS.cpp:315:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sw->scoreShortRead(read);
data/ngmlr-0.2.7+dfsg/src/CS.h:74:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int CollectResultsStd(MappedRead* read);
data/ngmlr-0.2.7+dfsg/src/CS.h:75:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int CollectResultsFallback(MappedRead* read);
data/ngmlr-0.2.7+dfsg/src/CS.h:81:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void SendToBuffer(MappedRead* read, ScoreBuffer * sw,
data/ngmlr-0.2.7+dfsg/src/CS.h:118:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void debugCS(MappedRead * read, int& n, float& mi_Threshhold);
data/ngmlr-0.2.7+dfsg/src/CS.h:119:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Align computeAlignment(MappedRead* read, int const scoreId,
data/ngmlr-0.2.7+dfsg/src/ConvexAlign.cpp:31:15: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
float const mismatch,
data/ngmlr-0.2.7+dfsg/src/ConvexAlign.cpp:38:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mis = mismatch;
data/ngmlr-0.2.7+dfsg/src/ConvexAlign.cpp:431:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const refLen = strlen(refSeq);
data/ngmlr-0.2.7+dfsg/src/ConvexAlign.cpp:432:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const qryLen = strlen(qrySeq);
data/ngmlr-0.2.7+dfsg/src/ConvexAlign.h:20:16: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
float const mismatch,
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp:31:15: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
float const mismatch,
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp:38:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mis = mismatch;
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp:463:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const refLen = strlen(refSeq);
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.cpp:464:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const qryLen = strlen(qrySeq);
data/ngmlr-0.2.7+dfsg/src/ConvexAlignFast.h:23:16: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
float const mismatch,
data/ngmlr-0.2.7+dfsg/src/FastxParser.h:40:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int doParseRead(MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/FastxParser.h:42:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return copyToRead(read, tmp, l);
data/ngmlr-0.2.7+dfsg/src/GenericReadWriter.h:26:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void DoWriteRead(MappedRead const * const read,
data/ngmlr-0.2.7+dfsg/src/GenericReadWriter.h:30:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void DoWriteUnmappedRead(MappedRead const * const read, int flags =
data/ngmlr-0.2.7+dfsg/src/GenericReadWriter.h:80:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void WriteRead(MappedRead const * const read, bool mapped = true) {
data/ngmlr-0.2.7+dfsg/src/GenericReadWriter.h:93:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DoWriteRead(read, i);
data/ngmlr-0.2.7+dfsg/src/GenericReadWriter.h:104:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DoWriteUnmappedRead(read);
data/ngmlr-0.2.7+dfsg/src/IParser.h:51:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int copyToRead(MappedRead * read, kseq_t * kseq, int const l) {
data/ngmlr-0.2.7+dfsg/src/IReadProvider.h:19:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void DisposeRead(MappedRead * read) = 0;
data/ngmlr-0.2.7+dfsg/src/NGM.cpp:130:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void _NGM::AddUnmappedRead(MappedRead const * const read, int reason) {
data/ngmlr-0.2.7+dfsg/src/NGM.h:61:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void AddUnmappedRead(MappedRead const * const read, int reason );
data/ngmlr-0.2.7+dfsg/src/NGM.h:70:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void DisposeRead(MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/OutputReadBuffer.h:55:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void addRead(MappedRead * read, bool mapped) {
data/ngmlr-0.2.7+dfsg/src/OutputReadBuffer.h:64:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
outputBuffer.insert(it, std::pair<MappedRead *, bool>(read, mapped));
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:57:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void ReadProvider::splitRead(MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:64:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nameLength = strlen(read->name);
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:67:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
group->fullRead = read;
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:95:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(readPart->Seq, read->Seq, length);
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:122:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(readPart->Seq, read->Seq + i * readPartLength, length);
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:145:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
l = parser->parseRead(read);
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:153:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
splitRead(read);
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:161:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:174:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
delete read;
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:244:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:257:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void ReadProvider::DisposeRead(MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/ReadProvider.cpp:274:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
delete read;
data/ngmlr-0.2.7+dfsg/src/ReadProvider.h:22:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void DisposeRead(MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/ReadProvider.h:38:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void splitRead(MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/SAMWriter.cpp:83:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void SAMWriter::DoWriteRead(MappedRead const * const read, int const scoreID) {
data/ngmlr-0.2.7+dfsg/src/SAMWriter.cpp:84:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DoWriteReadGeneric(read, scoreID, "*", -1, 0, read->mappingQlty);
data/ngmlr-0.2.7+dfsg/src/SAMWriter.cpp:88:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void SAMWriter::DoWriteReadGeneric(MappedRead const * const read,
data/ngmlr-0.2.7+dfsg/src/SAMWriter.cpp:317:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void SAMWriter::DoWriteUnmappedReadGeneric(MappedRead const * const read,
data/ngmlr-0.2.7+dfsg/src/SAMWriter.cpp:322:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
NGM.AddUnmappedRead(read, 0);
data/ngmlr-0.2.7+dfsg/src/SAMWriter.cpp:368:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void SAMWriter::DoWriteUnmappedRead(MappedRead const * const read, int flags) {
data/ngmlr-0.2.7+dfsg/src/SAMWriter.cpp:369:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DoWriteUnmappedReadGeneric(read, -1, '*', -1, -1, 0, 0, flags | 0x04);
data/ngmlr-0.2.7+dfsg/src/SAMWriter.h:30:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void DoWriteRead(MappedRead const * const read, int const scoreID);
data/ngmlr-0.2.7+dfsg/src/SAMWriter.h:32:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void DoWriteReadGeneric(MappedRead const * const read, int const scoreID, char const * pRefName, int const pLoc, int const pDist, int const mappingQlty, int flags =
data/ngmlr-0.2.7+dfsg/src/SAMWriter.h:34:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void DoWriteUnmappedReadGeneric(MappedRead const * const read, int const refId, char const pRefName, int const loc, int const pLoc, int const pDist, int const mappingQlty, int flags);
data/ngmlr-0.2.7+dfsg/src/SAMWriter.h:35:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void DoWriteUnmappedRead(MappedRead const * const read, int flags = 0x4);
data/ngmlr-0.2.7+dfsg/src/SamParser.cpp:83:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int SamParser::doParseRead(MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/SamParser.cpp:126:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::reverse(tmp->qual.s, &tmp->qual.s[strlen(tmp->qual.s)]);
data/ngmlr-0.2.7+dfsg/src/SamParser.cpp:130:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return copyToRead(read, tmp, tmp->seq.l);
data/ngmlr-0.2.7+dfsg/src/SamParser.cpp:136:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return copyToRead(read, tmp, -2);
data/ngmlr-0.2.7+dfsg/src/SamParser.h:46:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int doParseRead(MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:38:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void ScoreBuffer::computeMQ(MappedRead* read) {
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:47:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void ScoreBuffer::debugScoresFinished(MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:95:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
MappedRead * cur_read = scores[i].read;
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:134:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
MappedRead * cur_read = scores[i].read;
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:170:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void ScoreBuffer::topNSE(MappedRead* read) {
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:188:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
computeMQ(read);
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:195:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void ScoreBuffer::addRead(MappedRead * read, int count) {
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:207:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
scores[iScores].read = read;
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:216:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void ScoreBuffer::scoreShortRead(MappedRead * read) {
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:281:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
computeMQ(read);
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.cpp:283:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
out->processShortRead(read);
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.h:22:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
MappedRead * read;
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.h:28:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void topNSE(MappedRead* read);
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.h:31:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void computeMQ(MappedRead* read);
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.h:34:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void debugScoresFinished(MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.h:101:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void addRead(MappedRead * read, int count);
data/ngmlr-0.2.7+dfsg/src/ScoreBuffer.h:103:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void scoreShortRead(MappedRead * read);
data/ngmlr-0.2.7+dfsg/src/SequenceProvider.cpp:354:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(binRefMap[j].name, seq->name.s, nameLength);
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:130:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int read_len = strlen(read_seq) + 1;
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:131:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ref_len = strlen(ref_seq) + 1;
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:171:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int read_len = strlen(read_seq) + 1;
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:172:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ref_len = strlen(ref_seq) + 1;
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:214:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int read_len = strlen(read_seq) + 1;
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:215:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ref_len = strlen(ref_seq) + 1;
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:289:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int read_len = strlen(read_seq) + 1;
data/ngmlr-0.2.7+dfsg/src/StrippedSW.cpp:290:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ref_len = strlen(ref_seq) + 1;
data/ngmlr-0.2.7+dfsg/src/StrippedSW.h:35:33: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mat[k++] = l == m ? match : mismatch; /* weight_match : -weight_mismatch */
data/ngmlr-0.2.7+dfsg/src/StrippedSW.h:82:17: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int32_t match, mismatch, gap_open, gap_extension;
data/ngmlr-0.2.7+dfsg/src/unix.cpp:178:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getchar();
data/ngmlr-0.2.7+dfsg/src/unix.cpp:193:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
ANALYSIS SUMMARY:
Hits = 249
Lines analyzed = 16238 in approximately 0.39 seconds (41367 lines/second)
Physical Source Lines of Code (SLOC) = 10359
Hits@level = [0] 157 [1] 194 [2] 46 [3] 0 [4] 9 [5] 0
Hits@level+ = [0+] 406 [1+] 249 [2+] 55 [3+] 9 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 39.193 [1+] 24.0371 [2+] 5.30939 [3+] 0.86881 [4+] 0.86881 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.