Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/phyx-1.01+ds/src/aa2cdn.cpp
Examining data/phyx-1.01+ds/src/aa2cdn.h
Examining data/phyx-1.01+ds/src/bd_fit.cpp
Examining data/phyx-1.01+ds/src/bd_fit.h
Examining data/phyx-1.01+ds/src/bd_sim.cpp
Examining data/phyx-1.01+ds/src/bd_sim.h
Examining data/phyx-1.01+ds/src/branch_segment.cpp
Examining data/phyx-1.01+ds/src/branch_segment.h
Examining data/phyx-1.01+ds/src/clean_tree.cpp
Examining data/phyx-1.01+ds/src/clean_tree.h
Examining data/phyx-1.01+ds/src/clsq.cpp
Examining data/phyx-1.01+ds/src/clsq.h
Examining data/phyx-1.01+ds/src/collapse_tree.cpp
Examining data/phyx-1.01+ds/src/collapse_tree.h
Examining data/phyx-1.01+ds/src/comp_test.cpp
Examining data/phyx-1.01+ds/src/comp_test.h
Examining data/phyx-1.01+ds/src/concat.cpp
Examining data/phyx-1.01+ds/src/concat.h
Examining data/phyx-1.01+ds/src/constants.h
Examining data/phyx-1.01+ds/src/cont_models.cpp
Examining data/phyx-1.01+ds/src/cont_models.h
Examining data/phyx-1.01+ds/src/delta.cpp
Examining data/phyx-1.01+ds/src/delta.h
Examining data/phyx-1.01+ds/src/distmatrix.cpp
Examining data/phyx-1.01+ds/src/edlib.cpp
Examining data/phyx-1.01+ds/src/edlib.h
Examining data/phyx-1.01+ds/src/log.cpp
Examining data/phyx-1.01+ds/src/log.h
Examining data/phyx-1.01+ds/src/log_manip.cpp
Examining data/phyx-1.01+ds/src/log_manip.h
Examining data/phyx-1.01+ds/src/main.cpp
Examining data/phyx-1.01+ds/src/main_JWB.cpp
Examining data/phyx-1.01+ds/src/main_aa2cdn.cpp
Examining data/phyx-1.01+ds/src/main_bd_fit.cpp
Examining data/phyx-1.01+ds/src/main_bd_sim.cpp
Examining data/phyx-1.01+ds/src/main_boot.cpp
Examining data/phyx-1.01+ds/src/main_bp.cpp
Examining data/phyx-1.01+ds/src/main_bpseq.cpp
Examining data/phyx-1.01+ds/src/main_clsq.cpp
Examining data/phyx-1.01+ds/src/main_cltr.cpp
Examining data/phyx-1.01+ds/src/main_colt.cpp
Examining data/phyx-1.01+ds/src/main_comp.cpp
Examining data/phyx-1.01+ds/src/main_concat.cpp
Examining data/phyx-1.01+ds/src/main_consq.cpp
Examining data/phyx-1.01+ds/src/main_contbl.cpp
Examining data/phyx-1.01+ds/src/main_contrates.cpp
Examining data/phyx-1.01+ds/src/main_delta.cpp
Examining data/phyx-1.01+ds/src/main_fqfilt.cpp
Examining data/phyx-1.01+ds/src/main_kaks.cpp
Examining data/phyx-1.01+ds/src/main_log.cpp
Examining data/phyx-1.01+ds/src/main_lssq.cpp
Examining data/phyx-1.01+ds/src/main_lstr.cpp
Examining data/phyx-1.01+ds/src/main_medusa.cpp
Examining data/phyx-1.01+ds/src/main_mrca.cpp
Examining data/phyx-1.01+ds/src/main_mrca_cut.cpp
Examining data/phyx-1.01+ds/src/main_mrca_name.cpp
Examining data/phyx-1.01+ds/src/main_nj.cpp
Examining data/phyx-1.01+ds/src/main_nni.cpp
Examining data/phyx-1.01+ds/src/main_nw.cpp
Examining data/phyx-1.01+ds/src/main_recode.cpp
Examining data/phyx-1.01+ds/src/main_revcomp.cpp
Examining data/phyx-1.01+ds/src/main_rls.cpp
Examining data/phyx-1.01+ds/src/main_rlt.cpp
Examining data/phyx-1.01+ds/src/main_rmk.cpp
Examining data/phyx-1.01+ds/src/main_rms.cpp
Examining data/phyx-1.01+ds/src/main_rmt.cpp
Examining data/phyx-1.01+ds/src/main_rr.cpp
Examining data/phyx-1.01+ds/src/main_s2fa.cpp
Examining data/phyx-1.01+ds/src/main_s2nex.cpp
Examining data/phyx-1.01+ds/src/main_s2phy.cpp
Examining data/phyx-1.01+ds/src/main_seq_test.cpp
Examining data/phyx-1.01+ds/src/main_seqgen.cpp
Examining data/phyx-1.01+ds/src/main_sm0.cpp
Examining data/phyx-1.01+ds/src/main_sm2a.cpp
Examining data/phyx-1.01+ds/src/main_ssort.cpp
Examining data/phyx-1.01+ds/src/main_sstat.cpp
Examining data/phyx-1.01+ds/src/main_strec.cpp
Examining data/phyx-1.01+ds/src/main_sw.cpp
Examining data/phyx-1.01+ds/src/main_t2new.cpp
Examining data/phyx-1.01+ds/src/main_t2nex.cpp
Examining data/phyx-1.01+ds/src/main_tcol.cpp
Examining data/phyx-1.01+ds/src/main_tcomb.cpp
Examining data/phyx-1.01+ds/src/main_tdist.cpp
Examining data/phyx-1.01+ds/src/main_test.cpp
Examining data/phyx-1.01+ds/src/main_tlate.cpp
Examining data/phyx-1.01+ds/src/main_trt.cpp
Examining data/phyx-1.01+ds/src/main_tscale.cpp
Examining data/phyx-1.01+ds/src/main_upgma.cpp
Examining data/phyx-1.01+ds/src/main_vcf2fa.cpp
Examining data/phyx-1.01+ds/src/mcmc.cpp
Examining data/phyx-1.01+ds/src/mcmc.h
Examining data/phyx-1.01+ds/src/nj.cpp
Examining data/phyx-1.01+ds/src/nj.h
Examining data/phyx-1.01+ds/src/node.cpp
Examining data/phyx-1.01+ds/src/node.h
Examining data/phyx-1.01+ds/src/node_object.h
Examining data/phyx-1.01+ds/src/optimize_cont_models_nlopt.cpp
Examining data/phyx-1.01+ds/src/optimize_cont_models_nlopt.h
Examining data/phyx-1.01+ds/src/optimize_state_reconstructor_gsl.cpp
Examining data/phyx-1.01+ds/src/optimize_state_reconstructor_gsl.h
Examining data/phyx-1.01+ds/src/optimize_state_reconstructor_nlopt.cpp
Examining data/phyx-1.01+ds/src/optimize_state_reconstructor_nlopt.h
Examining data/phyx-1.01+ds/src/optimize_state_reconstructor_periods_nlopt.cpp
Examining data/phyx-1.01+ds/src/optimize_state_reconstructor_periods_nlopt.h
Examining data/phyx-1.01+ds/src/pairwise_alignment.cpp
Examining data/phyx-1.01+ds/src/pairwise_alignment.h
Examining data/phyx-1.01+ds/src/rate_model.cpp
Examining data/phyx-1.01+ds/src/rate_model.h
Examining data/phyx-1.01+ds/src/recode.cpp
Examining data/phyx-1.01+ds/src/recode.h
Examining data/phyx-1.01+ds/src/relabel.cpp
Examining data/phyx-1.01+ds/src/relabel.h
Examining data/phyx-1.01+ds/src/seq_gen.cpp
Examining data/phyx-1.01+ds/src/seq_gen.h
Examining data/phyx-1.01+ds/src/seq_info.cpp
Examining data/phyx-1.01+ds/src/seq_info.h
Examining data/phyx-1.01+ds/src/seq_models.cpp
Examining data/phyx-1.01+ds/src/seq_models.h
Examining data/phyx-1.01+ds/src/seq_reader.cpp
Examining data/phyx-1.01+ds/src/seq_reader.h
Examining data/phyx-1.01+ds/src/seq_sample.cpp
Examining data/phyx-1.01+ds/src/seq_sample.h
Examining data/phyx-1.01+ds/src/seq_utils.cpp
Examining data/phyx-1.01+ds/src/seq_utils.h
Examining data/phyx-1.01+ds/src/sequence.cpp
Examining data/phyx-1.01+ds/src/sequence.h
Examining data/phyx-1.01+ds/src/sstat.cpp
Examining data/phyx-1.01+ds/src/sstat.h
Examining data/phyx-1.01+ds/src/state_reconstructor.cpp
Examining data/phyx-1.01+ds/src/state_reconstructor.h
Examining data/phyx-1.01+ds/src/state_reconstructor_simple.cpp
Examining data/phyx-1.01+ds/src/state_reconstructor_simple.h
Examining data/phyx-1.01+ds/src/string_node_object.h
Examining data/phyx-1.01+ds/src/superdouble.cpp
Examining data/phyx-1.01+ds/src/superdouble.h
Examining data/phyx-1.01+ds/src/tlate.h
Examining data/phyx-1.01+ds/src/tree.cpp
Examining data/phyx-1.01+ds/src/tree.h
Examining data/phyx-1.01+ds/src/tree_info.cpp
Examining data/phyx-1.01+ds/src/tree_info.h
Examining data/phyx-1.01+ds/src/tree_reader.cpp
Examining data/phyx-1.01+ds/src/tree_reader.h
Examining data/phyx-1.01+ds/src/tree_utils.cpp
Examining data/phyx-1.01+ds/src/tree_utils.h
Examining data/phyx-1.01+ds/src/tscale.cpp
Examining data/phyx-1.01+ds/src/tscale.h
Examining data/phyx-1.01+ds/src/upgma.cpp
Examining data/phyx-1.01+ds/src/upgma.h
Examining data/phyx-1.01+ds/src/utils.cpp
Examining data/phyx-1.01+ds/src/utils.h
Examining data/phyx-1.01+ds/src/vcf_reader.cpp
Examining data/phyx-1.01+ds/src/vcf_reader.h
Examining data/phyx-1.01+ds/src/vector_node_object.h
Examining data/phyx-1.01+ds/src/tlate.cpp
FINAL RESULTS:
data/phyx-1.01+ds/src/main_aa2cdn.cpp:74:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "a:o:n:rhV", long_options, &oi);
data/phyx-1.01+ds/src/main_bd_fit.cpp:61:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:m:o:x:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_bd_sim.cpp:79:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "e:t:b:d:n:o:x:shV", long_options, &oi);
data/phyx-1.01+ds/src/main_boot.cpp:69:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:p:f:x:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_bp.cpp:81:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:o:m:c:vseufhV", long_options, &oi);
data/phyx-1.01+ds/src/main_bpseq.cpp:63:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:t:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_clsq.cpp:69:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:p:avhV", long_options, &oi);
data/phyx-1.01+ds/src/main_cltr.cpp:70:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:rlo:x:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_colt.cpp:64:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:l:s:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_comp.cpp:58:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:p:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_concat.cpp:81:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:f:o:p:uhV", long_options, &oi);
data/phyx-1.01+ds/src/main_consq.cpp:55:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_contbl.cpp:64:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "c:t:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_contrates.cpp:67:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "c:t:o:a:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_fqfilt.cpp:58:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "m:s:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_kaks.cpp:50:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "i:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_log.cpp:93:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "p:t:o:b:n:r:icd:k:x:vhV", long_options, &oi);
data/phyx-1.01+ds/src/main_lssq.cpp:82:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:inclpafmhV", long_options, &oi);
data/phyx-1.01+ds/src/main_lstr.cpp:80:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:vranublio:x:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_medusa.cpp:61:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:m:o:x:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_mrca.cpp:65:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:o:m:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_mrca_cut.cpp:67:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:o:m:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_mrca_name.cpp:77:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:o:m:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_nj.cpp:81:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:n:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_nni.cpp:65:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:o:x:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_nni.cpp:123:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/phyx-1.01+ds/src/main_nni.cpp:125:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(get_clock_seed());
data/phyx-1.01+ds/src/main_nw.cpp:84:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:a:t:m:n:vhV", long_options, &oi);
data/phyx-1.01+ds/src/main_recode.cpp:72:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:r:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_revcomp.cpp:85:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time(NULL));
data/phyx-1.01+ds/src/main_revcomp.cpp:102:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:i:o:mgphV", long_options, &oi);
data/phyx-1.01+ds/src/main_rls.cpp:66:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:c:n:o:vhV", long_options, &oi);
data/phyx-1.01+ds/src/main_rlt.cpp:65:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:c:n:o:vhV", long_options, &oi);
data/phyx-1.01+ds/src/main_rmk.cpp:57:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:vranublio:x:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_rms.cpp:75:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:n:f:co:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_rmt.cpp:74:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:n:f:co:shV", long_options, &oi);
data/phyx-1.01+ds/src/main_rr.cpp:71:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:g:ruo:shV", long_options, &oi);
data/phyx-1.01+ds/src/main_s2fa.cpp:58:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:uhV", long_options, &oi);
data/phyx-1.01+ds/src/main_s2nex.cpp:59:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:uhV", long_options, &oi);
data/phyx-1.01+ds/src/main_s2phy.cpp:59:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:uhV", long_options, &oi);
data/phyx-1.01+ds/src/main_seqgen.cpp:141:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:o:l:b:g:i:r:w:q:n:x:apcm:k:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_sm0.cpp:65:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:t:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_sm2a.cpp:65:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:t:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_ssort.cpp:83:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:b:o:hgV", long_options, &oi);
data/phyx-1.01+ds/src/main_sstat.cpp:56:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_strec.cpp:129:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "d:t:c:o:n:m:a:l:p:hVwz", long_options, &oi);
data/phyx-1.01+ds/src/main_sw.cpp:83:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:a:t:m:n:vhV", long_options, &oi);
data/phyx-1.01+ds/src/main_t2new.cpp:55:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_t2nex.cpp:55:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_tcol.cpp:64:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:m:d:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_tcomb.cpp:73:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:a:o:x:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_tdist.cpp:79:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:a:d:o:x:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_tlate.cpp:71:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:t:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_trt.cpp:70:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:n:f:o:shV", long_options, &oi);
data/phyx-1.01+ds/src/main_tscale.cpp:63:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "t:s:r:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_upgma.cpp:65:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:hV", long_options, &oi);
data/phyx-1.01+ds/src/main_vcf2fa.cpp:55:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "s:o:uhV", long_options, &oi);
data/phyx-1.01+ds/src/seq_sample.cpp:21:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(get_clock_seed());
data/phyx-1.01+ds/src/seq_sample.cpp:23:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/phyx-1.01+ds/src/distmatrix.cpp:91:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
readline.open(fasta.c_str());
data/phyx-1.01+ds/src/edlib.cpp:269:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cigar_, &(*cigar)[0], cigar->size() * sizeof(char));
data/phyx-1.01+ds/src/edlib.cpp:1324:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*alignment, ulAlignment, ulAlignmentLength);
data/phyx-1.01+ds/src/edlib.cpp:1325:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*alignment + ulAlignmentLength, lrAlignment, lrAlignmentLength);
data/phyx-1.01+ds/src/edlib.cpp:1362:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char letterIdx[256]; //!< letterIdx[c] is index of letter c in alphabet
data/phyx-1.01+ds/src/log.cpp:11:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
phyxlog.open ("phyx.logfile", ios::out | ios::app);
data/phyx-1.01+ds/src/log_manip.cpp:68:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infilestr_.open(curfile.c_str());
data/phyx-1.01+ds/src/log_manip.cpp:121:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infilestr_.open(curfile.c_str());
data/phyx-1.01+ds/src/log_manip.cpp:175:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infilestr_.open(curfile.c_str());
data/phyx-1.01+ds/src/log_manip.cpp:207:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infilestr_.open(curfile.c_str());
data/phyx-1.01+ds/src/log_manip.cpp:274:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infilestr_.open(curfile.c_str());
data/phyx-1.01+ds/src/log_manip.cpp:336:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infilestr_.open(curfile.c_str());
data/phyx-1.01+ds/src/log_manip.cpp:418:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infilestr_.open(curfile.c_str());
data/phyx-1.01+ds/src/main_bd_sim.cpp:85:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ext = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_bd_sim.cpp:107:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nreps = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_bd_sim.cpp:114:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_boot.cpp:95:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_delta.cpp:39:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vector<double> nums = delta.delta(atoi(argv[1]),atoi(argv[2]),atoi(argv[3]));
data/phyx-1.01+ds/src/main_delta.cpp:39:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vector<double> nums = delta.delta(atoi(argv[1]),atoi(argv[2]),atoi(argv[3]));
data/phyx-1.01+ds/src/main_delta.cpp:39:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vector<double> nums = delta.delta(atoi(argv[1]),atoi(argv[2]),atoi(argv[3]));
data/phyx-1.01+ds/src/main_delta.cpp:77:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outTreeFile.open(argv[2],ios::app );
data/phyx-1.01+ds/src/main_log.cpp:147:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
burnin = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_log.cpp:150:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nthin = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_log.cpp:153:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nrandom = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_log.cpp:174:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_nj.cpp:96:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threads = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_nni.cpp:83:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_nw.cpp:103:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqtype = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_nw.cpp:115:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_threads = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_seqgen.cpp:169:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqlen = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_seqgen.cpp:252:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nreps = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_seqgen.cpp:255:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_ssort.cpp:94:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sortby = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_strec.cpp:373:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pos = atoi(searchtokens[j].c_str());
data/phyx-1.01+ds/src/main_strec.cpp:396:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ancout.open(outanc,ios::out);
data/phyx-1.01+ds/src/main_strec.cpp:404:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stnumout.open(outnum,ios::out);
data/phyx-1.01+ds/src/main_strec.cpp:416:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sttimeout.open(outtime,ios::out);
data/phyx-1.01+ds/src/main_strec.cpp:424:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sttnumout_any.open(outnumany,ios::out);
data/phyx-1.01+ds/src/main_strec.cpp:454:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pos = atoi(searchtokens[n].c_str());
data/phyx-1.01+ds/src/main_sw.cpp:102:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqtype = atoi(strdup(optarg));
data/phyx-1.01+ds/src/main_sw.cpp:114:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_threads = atoi(strdup(optarg));
data/phyx-1.01+ds/src/seq_models.cpp:42:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sc_mat[tokens[0][0]][order[j]] = atoi(tokens[j+1].c_str()); //#changed from int to float
data/phyx-1.01+ds/src/seq_models.cpp:75:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sc_mat[tokens[0][0]][order[j]] = atoi(tokens[j+1].c_str()); //#changed from int to float
data/phyx-1.01+ds/src/seq_sample.cpp:185:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = atoi(tokens[2].c_str()) - 1;
data/phyx-1.01+ds/src/seq_sample.cpp:189:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stop = atoi(tokens[3].c_str()) - 1;
data/phyx-1.01+ds/src/seq_sample.cpp:193:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
interval = atoi(tokens[4].c_str());
data/phyx-1.01+ds/src/utils.cpp:579:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/phyx-1.01+ds/src/utils.cpp:589:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
ANALYSIS SUMMARY:
Hits = 107
Lines analyzed = 27307 in approximately 0.72 seconds (37997 lines/second)
Physical Source Lines of Code (SLOC) = 21740
Hits@level = [0] 3 [1] 2 [2] 46 [3] 59 [4] 0 [5] 0
Hits@level+ = [0+] 110 [1+] 107 [2+] 105 [3+] 59 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 5.0598 [1+] 4.9218 [2+] 4.82981 [3+] 2.71389 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.