Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/parsinsert-1.04/AttrList.cpp
Examining data/parsinsert-1.04/AttrList.h
Examining data/parsinsert-1.04/Attrs.h
Examining data/parsinsert-1.04/Knox_Stddef.cpp
Examining data/parsinsert-1.04/Knox_Stddef.h
Examining data/parsinsert-1.04/PNode.cpp
Examining data/parsinsert-1.04/PNode.h
Examining data/parsinsert-1.04/ParsInsert.h
Examining data/parsinsert-1.04/ParsimonySet.h
Examining data/parsinsert-1.04/SeqList.cpp
Examining data/parsinsert-1.04/SeqList.h
Examining data/parsinsert-1.04/Taxonomy.cpp
Examining data/parsinsert-1.04/Taxonomy.h
Examining data/parsinsert-1.04/ParsInsert.cpp
FINAL RESULTS:
data/parsinsert-1.04/Knox_Stddef.cpp:65:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(msg, format, args);
data/parsinsert-1.04/Knox_Stddef.cpp:77:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(msg, format, args);
data/parsinsert-1.04/Knox_Stddef.cpp:87:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(msg, format, args);
data/parsinsert-1.04/Knox_Stddef.h:61:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TRACE if (DEBUG) printf
data/parsinsert-1.04/PNode.cpp:549:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s_%04d", "I", id);
data/parsinsert-1.04/PNode.cpp:600:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s_%04d", "I", ++(tree->internal));
data/parsinsert-1.04/PNode.cpp:908:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "\'%s:%s\'", boot.c_str(), name.c_str());
data/parsinsert-1.04/PNode.cpp:950:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "{%s=%s}", key.c_str(), value.c_str());
data/parsinsert-1.04/ParsInsert.cpp:1094:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data, common.c_str());
data/parsinsert-1.04/ParsInsert.cpp:2192:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stats, STATS_FORMAT, name.c_str(), 0, buf);
data/parsinsert-1.04/ParsInsert.cpp:2194:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stats, STATS_FORMAT2, "",taxCorrect.c_str());
data/parsinsert-1.04/ParsInsert.cpp:2276:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stats, TSTATS_FORMAT, name.c_str(), iterB->node->title.c_str(), per,
data/parsinsert-1.04/ParsInsert.cpp:2375:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stats, STATS_FORMAT, name.c_str(), per, taxBest.c_str());
data/parsinsert-1.04/ParsInsert.cpp:2378:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stats, STATS_FORMAT2, "",taxCorrect.c_str());
data/parsinsert-1.04/ParsInsert.cpp:2398:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stats, STATS_FORMAT2, "",diffs.c_str());
data/parsinsert-1.04/ParsInsert.cpp:2741:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comment,"Sites:%d, %d%% diffs[%d,%d,%d], Score:%d, [%s]", in->nSites, per, diffs, parts, indel, in->best.list[0].score, tax.c_str());
data/parsinsert-1.04/ParsInsert.cpp:2840:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq->hdr, common.c_str());
data/parsinsert-1.04/ParsimonySet.h:327:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, x);
data/parsinsert-1.04/ParsimonySet.h:357:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, x);
data/parsinsert-1.04/ParsimonySet.h:361:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, x);
data/parsinsert-1.04/SeqList.cpp:111:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data, _data);
data/parsinsert-1.04/SeqList.cpp:209:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hdr, buffer);
data/parsinsert-1.04/SeqList.cpp:236:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hdr, buffer);
data/parsinsert-1.04/SeqList.cpp:258:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, &buffer[i]);
data/parsinsert-1.04/AttrList.cpp:70:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(value);
data/parsinsert-1.04/AttrList.cpp:94:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(value) != 0);
data/parsinsert-1.04/AttrList.cpp:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/parsinsert-1.04/AttrList.cpp:131:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",value); // itoa(value, buf, 10);
data/parsinsert-1.04/AttrList.cpp:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/parsinsert-1.04/AttrList.cpp:143:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%f", value);
data/parsinsert-1.04/AttrList.cpp:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/parsinsert-1.04/AttrList.cpp:173:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%08X", value);
data/parsinsert-1.04/Knox_Stddef.cpp:45:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
appLog = fopen(filename, mode);
data/parsinsert-1.04/Knox_Stddef.cpp:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64*1024];
data/parsinsert-1.04/Knox_Stddef.cpp:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64*1024];
data/parsinsert-1.04/Knox_Stddef.cpp:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64*1024];
data/parsinsert-1.04/PNode.cpp:117:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "wb+");
data/parsinsert-1.04/PNode.cpp:533:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2048];
data/parsinsert-1.04/PNode.cpp:868:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2048];
data/parsinsert-1.04/PNode.h:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorReason[2048];
data/parsinsert-1.04/ParsInsert.cpp:98:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *files[64] = {NULL};
data/parsinsert-1.04/ParsInsert.cpp:130:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[MAX_SEQ_SIZE];
data/parsinsert-1.04/ParsInsert.cpp:261:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = atoi(&argv[i][2]);
data/parsinsert-1.04/ParsInsert.cpp:263:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = atoi(argv[++i]);
data/parsinsert-1.04/ParsInsert.cpp:272:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = atoi(&argv[i][2]);
data/parsinsert-1.04/ParsInsert.cpp:274:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = atoi(argv[++i]);
data/parsinsert-1.04/ParsInsert.cpp:283:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = atoi(&argv[i][2]);
data/parsinsert-1.04/ParsInsert.cpp:285:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = atoi(argv[++i]);
data/parsinsert-1.04/ParsInsert.cpp:296:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int v = atoi(&argv[i][2]);
data/parsinsert-1.04/ParsInsert.cpp:323:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int v = atoi(&argv[i][2]);
data/parsinsert-1.04/ParsInsert.cpp:529:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stats = fopen(statsName, "w");
data/parsinsert-1.04/ParsInsert.cpp:737:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100*1024];
data/parsinsert-1.04/ParsInsert.cpp:818:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "r");
data/parsinsert-1.04/ParsInsert.cpp:824:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_SEQ_SIZE];
data/parsinsert-1.04/ParsInsert.cpp:858:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "r");
data/parsinsert-1.04/ParsInsert.cpp:865:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newick[50*1024*1024]; // should get the file size for the buffer
data/parsinsert-1.04/ParsInsert.cpp:874:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32*1024];
data/parsinsert-1.04/ParsInsert.cpp:890:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&newick[len], buf, blen-skip);
data/parsinsert-1.04/ParsInsert.cpp:2190:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/parsinsert-1.04/ParsInsert.cpp:2191:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "NO MATCHES found (%d sites in sequence)", inserts[i]->nSites);
data/parsinsert-1.04/ParsInsert.cpp:2740:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[2*1024];
data/parsinsert-1.04/ParsimonySet.h:73:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, other->data, len);
data/parsinsert-1.04/ParsimonySet.h:226:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, other->data, other->len);
data/parsinsert-1.04/ParsimonySet.h:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[10];
data/parsinsert-1.04/ParsimonySet.h:326:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x,"%X", data[i]);
data/parsinsert-1.04/ParsimonySet.h:335:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[10];
data/parsinsert-1.04/SeqList.cpp:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[96*1024];
data/parsinsert-1.04/SeqList.cpp:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_SEQ_SIZE];
data/parsinsert-1.04/SeqList.cpp:376:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname.c_str(), mode);
data/parsinsert-1.04/SeqList.cpp:424:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "r");
data/parsinsert-1.04/SeqList.cpp:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_SEQ_SIZE];
data/parsinsert-1.04/SeqList.cpp:444:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long offset = atol(buffer);
data/parsinsert-1.04/SeqList.cpp:446:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len = atoi(sep);
data/parsinsert-1.04/SeqList.cpp:466:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(name);
data/parsinsert-1.04/SeqList.cpp:510:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_SEQ_SIZE];
data/parsinsert-1.04/SeqList.cpp:547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_SEQ_SIZE];
data/parsinsert-1.04/SeqList.cpp:615:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(name);
data/parsinsert-1.04/Knox_Stddef.cpp:91:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int last = strlen(msg);
data/parsinsert-1.04/Knox_Stddef.cpp:111:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 0) continue;
data/parsinsert-1.04/Knox_Stddef.cpp:116:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i=strlen(line) ; i > 0 ; i--)
data/parsinsert-1.04/PNode.cpp:278:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totalProcess = strlen(str);
data/parsinsert-1.04/PNode.cpp:546:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((v == NULL) || (strlen(v) == 0))
data/parsinsert-1.04/ParsInsert.cpp:827:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i=0 ; (i < strlen(buffer)) && (m < sizeof(mask)) ; ++i)
data/parsinsert-1.04/ParsInsert.cpp:884:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int blen = strlen(buffer);
data/parsinsert-1.04/ParsInsert.cpp:1822:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSequenceItem *seq = new CSequenceItem(name.c_str(), -1, strlen(pars), pars);
data/parsinsert-1.04/ParsInsert.cpp:2428:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string lower = entry.substr(0, strlen(unclassified));
data/parsinsert-1.04/ParsInsert.cpp:2432:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((entry.size() > 0) && (strncmp(lower.c_str(), unclassified, strlen(unclassified)) != 0)) // does NOT begin with "Unclassified"
data/parsinsert-1.04/ParsimonySet.h:109:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Allocate(strlen(seq));
data/parsinsert-1.04/ParsimonySet.h:338:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "[");
data/parsinsert-1.04/ParsimonySet.h:344:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(x, "A");
data/parsinsert-1.04/ParsimonySet.h:346:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(x, "C");
data/parsinsert-1.04/ParsimonySet.h:348:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(x, "G");
data/parsinsert-1.04/ParsimonySet.h:350:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(x, "T");
data/parsinsert-1.04/ParsimonySet.h:352:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(x, ".");
data/parsinsert-1.04/ParsimonySet.h:354:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(x) > 1)
data/parsinsert-1.04/ParsimonySet.h:356:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "{");
data/parsinsert-1.04/ParsimonySet.h:358:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "}");
data/parsinsert-1.04/ParsimonySet.h:364:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "]");
data/parsinsert-1.04/ParsimonySet.h:440:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(str) > 500)
data/parsinsert-1.04/SeqList.cpp:106:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(_data) > len)
data/parsinsert-1.04/SeqList.cpp:107:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(_data);
data/parsinsert-1.04/SeqList.cpp:205:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > 0)
data/parsinsert-1.04/SeqList.cpp:207:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AllocateSeqHeader(strlen(buffer)+1);
data/parsinsert-1.04/SeqList.cpp:232:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > 0)
data/parsinsert-1.04/SeqList.cpp:234:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AllocateSeqHeader(strlen(buffer)+1);
data/parsinsert-1.04/SeqList.cpp:257:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(data)+strlen(&buffer[i]) <= len)
data/parsinsert-1.04/SeqList.cpp:257:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(data)+strlen(&buffer[i]) <= len)
data/parsinsert-1.04/Taxonomy.cpp:59:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tax) == 0)
ANALYSIS SUMMARY:
Hits = 108
Lines analyzed = 6646 in approximately 0.16 seconds (42796 lines/second)
Physical Source Lines of Code (SLOC) = 4361
Hits@level = [0] 34 [1] 31 [2] 53 [3] 0 [4] 24 [5] 0
Hits@level+ = [0+] 142 [1+] 108 [2+] 77 [3+] 24 [4+] 24 [5+] 0
Hits/KSLOC@level+ = [0+] 32.5613 [1+] 24.765 [2+] 17.6565 [3+] 5.50332 [4+] 5.50332 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.