Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/defines.h Examining data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/helpers.cpp Examining data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/helpers.h Examining data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/output.cpp Examining data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/output.h Examining data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp Examining data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/structures.h FINAL RESULTS: data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:92:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ref.file, argv[optind]); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:112:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sim.outfile_fq, "%s_%04ld.fastq", sim.prefix, ref.num); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:118:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sim.outfile_maf, "%s_%04ld.maf", sim.prefix, ref.num); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:264:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fastq.file, optarg); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:364:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp_buf, optarg); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:399:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sim->model_qc_file, optarg); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:407:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sim->prefix, optarg); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:415:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sim->profile_id, optarg); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:491:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sim->outfile_ref, "%s_%04ld.ref", sim->prefix, ref->num_seq); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:553:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sim->outfile_ref, "%s_%04ld.ref", sim->prefix, ref->num); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:685:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(qc_tmp, line); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:724:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(qc_tmp, line); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:908:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sim->profile_fq, "sample_profile_%s.fastq", sim->profile_id); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:909:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sim->profile_stats, "sample_profile_%s.stats", sim->profile_id); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:253:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "", long_options, &option_index)) != -1) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:439:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned int)seed); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:88:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ((ref.file = (char *)malloc(strlen(argv[optind]) + 1)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:113:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp_fq = fopen(sim.outfile_fq, "w")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:119:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp_maf = fopen(sim.outfile_maf, "w")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:172:25: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if ((fp_filtered = tmpfile()) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:178:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp_filtered = fopen(sim->profile_fq, "w+")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:182:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp_stats = fopen(sim->profile_stats, "w+")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:188:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp_filtered = fopen(sim->profile_fq, "r")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:192:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp_stats = fopen(sim->profile_stats, "r")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:308:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sim->len_min = atoi(optarg); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:320:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sim->len_max = atoi(optarg); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:376:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ratio = atoi(tp); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:419:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seed = (unsigned int)atoi(optarg); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:448:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUF_SIZE]; data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:456:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(ref->file, "r")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:492:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp_ref = fopen(sim->outfile_ref, "w")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:548:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUF_SIZE]; data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:555:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(sim->outfile_ref, "r")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:564:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ref->id, &line[1], strlen(line)-1); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:574:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ref->seq + offset, line, copy_size); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:593:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUF_SIZE]; data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:594:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qc_tmp[FASTQ_LEN_MAX]; data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:628:30: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fastq.num_filtered = atol(tp); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:630:36: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fastq.len_total_filtered = atol(tp); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:632:34: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fastq.len_min_filtered = atol(tp); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:634:34: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fastq.len_max_filtered = atol(tp); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:646:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(fastq.file, "r")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:878:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sim->prefix, "sd"); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:948:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(sim->profile_fq, "r")) != NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:953:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(sim->profile_stats, "r")) != NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:961:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(sim->profile_fq, "r")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:966:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(sim->profile_stats, "r")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:990:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[128]; data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:1072:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(id, "S%ld_%ld", ref->num, sim->res_num); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:1174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[128]; data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:1368:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(id, "S%ld_%ld", ref->num, sim->res_num); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:1647:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUF_SIZE]; data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:1653:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(sim->model_qc_file, "r")) == NULL) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:1668:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). accuracy = atoi(tp); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/structures.h:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[REF_ID_LEN_MAX + 1]; data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/helpers.cpp:10:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int end_pos = strlen(line) - 1; data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/helpers.cpp:65:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:88:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ref.file = (char *)malloc(strlen(argv[optind]) + 1)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:260:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((fastq.file = (char *)malloc(strlen(optarg) + 1)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:304:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) >= 8) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:316:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) >= 8) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:360:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tmp_buf = (char *)malloc(strlen(optarg) + 1)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:372:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tp) >= 5) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:395:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((sim->model_qc_file = (char *)malloc(strlen(optarg) + 1)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:403:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((sim->prefix = (char *)malloc(strlen(optarg) + 1)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:411:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((sim->profile_id = (char *)malloc(strlen(optarg) + 1)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:488:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ref->id, &line[1], REF_ID_LEN_MAX); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:489:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ref->id[std::min(REF_ID_LEN_MAX, (int)strlen(&line[1]))] = '\0'; data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:509:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ref->len += strlen(line); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:564:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(ref->id, &line[1], strlen(line)-1); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:565:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ref->id[std::min(REF_ID_LEN_MAX, (int)strlen(&line[1]))] = '\0'; data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:573:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). copy_size = strlen(line); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:581:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ref->len = strlen(ref->seq); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:660:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(line); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:718:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(line); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:881:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((sim->outfile_ref = (char *)malloc(strlen(sim->prefix) + 10)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:886:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((sim->outfile_fq = (char *)malloc(strlen(sim->prefix) + 12)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:891:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((sim->outfile_maf = (char *)malloc(strlen(sim->prefix) + 10)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:898:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((sim->profile_fq = (char *)malloc(strlen(sim->profile_id) + 22)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:903:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((sim->profile_stats = (char *)malloc(strlen(sim->profile_id) + 22)) == 0) { data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:1051:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(mut->new_seq); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:1346:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(mut.new_seq); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:1513:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(mut.qc); data/pbsim-1.0.3+git20180330.e014b1d+dfsg/src/pbsim.cpp:1530:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(mut.tmp_qc); ANALYSIS SUMMARY: Hits = 84 Lines analyzed = 2053 in approximately 0.10 seconds (19917 lines/second) Physical Source Lines of Code (SLOC) = 1648 Hits@level = [0] 215 [1] 29 [2] 39 [3] 2 [4] 14 [5] 0 Hits@level+ = [0+] 299 [1+] 84 [2+] 55 [3+] 16 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 181.432 [1+] 50.9709 [2+] 33.3738 [3+] 9.70874 [4+] 8.49515 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.