Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/piler-0~20140707/annot.cpp
Examining data/piler-0~20140707/annotedge.cpp
Examining data/piler-0~20140707/cons.cpp
Examining data/piler-0~20140707/contigs.cpp
Examining data/piler-0~20140707/crisp.cpp
Examining data/piler-0~20140707/findcc.cpp
Examining data/piler-0~20140707/gff.cpp
Examining data/piler-0~20140707/gff2.cpp
Examining data/piler-0~20140707/gffset.cpp
Examining data/piler-0~20140707/glix.cpp
Examining data/piler-0~20140707/hash.cpp
Examining data/piler-0~20140707/iix.cpp
Examining data/piler-0~20140707/log.cpp
Examining data/piler-0~20140707/main.cpp
Examining data/piler-0~20140707/makeannot.cpp
Examining data/piler-0~20140707/mem.cpp
Examining data/piler-0~20140707/options.cpp
Examining data/piler-0~20140707/progress.cpp
Examining data/piler-0~20140707/quit.cpp
Examining data/piler-0~20140707/readafa.cpp
Examining data/piler-0~20140707/readhits.cpp
Examining data/piler-0~20140707/readmfa.cpp
Examining data/piler-0~20140707/readmotif.cpp
Examining data/piler-0~20140707/readreps.cpp
Examining data/piler-0~20140707/readtrs.cpp
Examining data/piler-0~20140707/tan.cpp
Examining data/piler-0~20140707/tanmotif2fasta.cpp
Examining data/piler-0~20140707/tr.cpp
Examining data/piler-0~20140707/trs.cpp
Examining data/piler-0~20140707/trs2fasta.cpp
Examining data/piler-0~20140707/usage.cpp
Examining data/piler-0~20140707/utils.cpp
Examining data/piler-0~20140707/utils_linux.cpp
Examining data/piler-0~20140707/utils_unix.cpp
Examining data/piler-0~20140707/utils_win32.cpp
Examining data/piler-0~20140707/writecrisp.cpp
Examining data/piler-0~20140707/writefasta.cpp
Examining data/piler-0~20140707/writeimages.cpp
Examining data/piler-0~20140707/writepiles.cpp
Examining data/piler-0~20140707/writetrs.cpp
Examining data/piler-0~20140707/bitfuncs.h
Examining data/piler-0~20140707/gffset.h
Examining data/piler-0~20140707/glix.h
Examining data/piler-0~20140707/iix.h
Examining data/piler-0~20140707/params.h
Examining data/piler-0~20140707/piler2.h
Examining data/piler-0~20140707/types.h
FINAL RESULTS:
data/piler-0~20140707/gff.cpp:80:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Rec.SeqName, SeqName);
data/piler-0~20140707/gff.cpp:81:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Rec.Source, Source);
data/piler-0~20140707/gff.cpp:82:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Rec.Feature, Feature);
data/piler-0~20140707/gff.cpp:88:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Rec.Attrs, Attrs);
data/piler-0~20140707/gff2.cpp:251:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(AnnotBuffer, "Target %s %d %d", TargetLabel, SeqTargetFrom + 1, SeqTargetTo + 1);
data/piler-0~20140707/log.cpp:34:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(Str, Format, ArgList);
data/piler-0~20140707/log.cpp:44:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(Str, Format, ArgList);
data/piler-0~20140707/main.cpp:82:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, PILER_LONG_VERSION "\n");
data/piler-0~20140707/options.cpp:76:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(Str, Format, ArgList);
data/piler-0~20140707/progress.cpp:33:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(Str, Format, ArgList);
data/piler-0~20140707/progress.cpp:62:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(Str, Format, ArgList);
data/piler-0~20140707/quit.cpp:20:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(szStr, szFormat, ArgList);
data/piler-0~20140707/tan.cpp:217:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Target %s %d %d ; Pyramid %d",
data/piler-0~20140707/tan.cpp:241:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Target %s %d %d ; Pyramid %d",
data/piler-0~20140707/tan.cpp:368:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Target %s %d %d ; Pile %d ; Pyramid %d",
data/piler-0~20140707/tanmotif2fasta.cpp:33:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FileName, Path);
data/piler-0~20140707/tanmotif2fasta.cpp:34:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(FileName, s);
data/piler-0~20140707/tanmotif2fasta.cpp:44:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s.%d %s:%d",
data/piler-0~20140707/tanmotif2fasta.cpp:50:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%d %s:%d",
data/piler-0~20140707/tr.cpp:256:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s ; Cand %d", Rec.Attrs, CandIndex);
data/piler-0~20140707/trs2fasta.cpp:38:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FileName, Path);
data/piler-0~20140707/trs2fasta.cpp:39:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(FileName, s);
data/piler-0~20140707/trs2fasta.cpp:50:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s.%d %s:%d%c",
data/piler-0~20140707/trs2fasta.cpp:57:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%d.%s:%d%c",
data/piler-0~20140707/trs2fasta.cpp:66:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s.%d.%d %s:%d%c",
data/piler-0~20140707/trs2fasta.cpp:74:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%d.%d %s:%d%c",
data/piler-0~20140707/cons.cpp:3:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char Letter[5] = { 'A', 'C', 'G', 'T', '-'};
data/piler-0~20140707/cons.cpp:5:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void GetCounts(const char *Seqs, int ColCount, int SeqCount,
data/piler-0~20140707/crisp.cpp:522:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_paramMinFamSize = atoi(strMinFamSize);
data/piler-0~20140707/gff.cpp:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Line[MAX_GFF_LINE+1];
data/piler-0~20140707/gff.cpp:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *Fields[9];
data/piler-0~20140707/gff.cpp:83:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rec.Start = atoi(Start);
data/piler-0~20140707/gff.cpp:84:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rec.End = atoi(End);
data/piler-0~20140707/gff.cpp:87:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rec.Frame = Frame[0] == '.' ? -1 : atoi(Frame);
data/piler-0~20140707/gff2.cpp:40:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ptrBandClustIndex = atoi(ptrIndex);
data/piler-0~20140707/gff2.cpp:52:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ptrClustIndex = atoi(ptrIndex);
data/piler-0~20140707/gff2.cpp:71:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SeqName, ptrRest, NameLength);
data/piler-0~20140707/gff2.cpp:105:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Line[MAX_GFF_LINE+1];
data/piler-0~20140707/gff2.cpp:106:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *Fields[9];
data/piler-0~20140707/gff2.cpp:154:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rec.Start = atoi(Start);
data/piler-0~20140707/gff2.cpp:155:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rec.End = atoi(End);
data/piler-0~20140707/gff2.cpp:158:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rec.Frame = Frame[0] == '.' ? -1 : atoi(Frame);
data/piler-0~20140707/gff2.cpp:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TargetName[MAX_GFF_FEATURE_LENGTH+1];
data/piler-0~20140707/glix.cpp:151:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TargetName[MAX_GFF_FEATURE_LENGTH+1];
data/piler-0~20140707/log.cpp:17:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_fLog = fopen(FileName, Append ? "a" : "w");
data/piler-0~20140707/log.cpp:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[4096];
data/piler-0~20140707/log.cpp:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[4096];
data/piler-0~20140707/makeannot.cpp:22:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Str[MAX_STR+1];
data/piler-0~20140707/makeannot.cpp:258:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/piler-0~20140707/makeannot.cpp:259:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(%.0f%%)", Pct);
data/piler-0~20140707/makeannot.cpp:366:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/piler-0~20140707/makeannot.cpp:367:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(%.0f%%)", Pct);
data/piler-0~20140707/mem.cpp:51:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newp, p, oldbytes);
data/piler-0~20140707/options.cpp:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[4096];
data/piler-0~20140707/progress.cpp:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[4096];
data/piler-0~20140707/progress.cpp:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[4096];
data/piler-0~20140707/quit.cpp:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szStr[4096];
data/piler-0~20140707/readhits.cpp:27:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ptrStart = atoi(Start);
data/piler-0~20140707/readhits.cpp:28:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ptrEnd = atoi(End);
data/piler-0~20140707/readmfa.cpp:16:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NewLabel, Label, LabelLength); \
data/piler-0~20140707/readmotif.cpp:12:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(Pyr + 8);
data/piler-0~20140707/readreps.cpp:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *Fields[5];
data/piler-0~20140707/readreps.cpp:45:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rep.RepeatFrom = atoi(RepeatFrom) - 1;
data/piler-0~20140707/readreps.cpp:46:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rep.RepeatTo = atoi(RepeatTo) - 1;
data/piler-0~20140707/readreps.cpp:47:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Rep.RepeatLeft = atoi(RepeatLeft);
data/piler-0~20140707/tan.cpp:47:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NewPiles, Piles, PileCount*sizeof(TanPile));
data/piler-0~20140707/tan.cpp:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/piler-0~20140707/tan.cpp:125:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "PyramidIndex %d", PyramidIndex);
data/piler-0~20140707/tan.cpp:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/piler-0~20140707/tan.cpp:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/piler-0~20140707/tan.cpp:367:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/piler-0~20140707/tan.cpp:411:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MIN_HIT_COUNT = atoi(strMinHits);
data/piler-0~20140707/tan.cpp:433:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TargetLabel[128];
data/piler-0~20140707/tan.cpp:475:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TargetLabel[128];
data/piler-0~20140707/tanmotif2fasta.cpp:28:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char FileName[256];
data/piler-0~20140707/tanmotif2fasta.cpp:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/piler-0~20140707/tanmotif2fasta.cpp:30:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "/%d", Fam);
data/piler-0~20140707/tanmotif2fasta.cpp:67:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MaxFam = atoi(strMaxFam);
data/piler-0~20140707/tr.cpp:175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Matches, QueryMatches, QueryMatchCount*sizeof(int));
data/piler-0~20140707/tr.cpp:176:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Matches + QueryMatchCount, TargetMatches, TargetMatchCount*sizeof(int));
data/piler-0~20140707/tr.cpp:236:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Attrs[1024];
data/piler-0~20140707/tr.cpp:237:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Attrs, "Family %d ; Cand %d", FamIndex, CandIndex);
data/piler-0~20140707/tr.cpp:253:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AnnotBuffer[1024];
data/piler-0~20140707/tr.cpp:255:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4096];
data/piler-0~20140707/tr.cpp:281:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MIN_LENGTH_LINE = atoi(strMinTrSpacing);
data/piler-0~20140707/tr.cpp:283:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MAX_LENGTH_LINE = atoi(strMaxTrSpacing);
data/piler-0~20140707/tr.cpp:285:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MIN_LENGTH_LTR = atoi(strMinTrLength);
data/piler-0~20140707/tr.cpp:287:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MAX_LENGTH_LTR = atoi(strMaxTrLength);
data/piler-0~20140707/tr.cpp:289:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MIN_FAM_SIZE = atoi(strMinFam);
data/piler-0~20140707/tr.cpp:291:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MIN_HIT_LENGTH_RATIO = atoi(strMinHitRatio);
data/piler-0~20140707/tr.cpp:293:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MIN_DIST_EDGE = atoi(strMinDistPairs);
data/piler-0~20140707/trs.cpp:589:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_paramMinFamSize = atoi(strMinFamSize);
data/piler-0~20140707/trs.cpp:591:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_paramMaxLengthDiffPct = atoi(strMaxLengthDiffPct);
data/piler-0~20140707/trs2fasta.cpp:30:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char FileName[256];
data/piler-0~20140707/trs2fasta.cpp:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/piler-0~20140707/trs2fasta.cpp:33:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "/%d", Fam);
data/piler-0~20140707/trs2fasta.cpp:35:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "/%d.%d", SuperFam, Fam);
data/piler-0~20140707/trs2fasta.cpp:95:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MaxFam = atoi(strMaxFam);
data/piler-0~20140707/types.h:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SeqName[MAX_GFF_FEATURE_LENGTH+1];
data/piler-0~20140707/types.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Source[MAX_GFF_FEATURE_LENGTH+1];
data/piler-0~20140707/types.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Feature[MAX_GFF_FEATURE_LENGTH+1];
data/piler-0~20140707/types.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Attrs[MAX_GFF_FEATURE_LENGTH+1];
data/piler-0~20140707/utils.cpp:31:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(FileName, strMode);
data/piler-0~20140707/utils_linux.cpp:18:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/proc/meminfo", O_RDONLY);
data/piler-0~20140707/utils_linux.cpp:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buffer[128];
data/piler-0~20140707/utils_linux.cpp:34:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int Bytes = atoi(pMem+4);
data/piler-0~20140707/utils_linux.cpp:47:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char statm[64];
data/piler-0~20140707/utils_linux.cpp:53:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(statm, "/proc/%d/statm", (int) pid);
data/piler-0~20140707/utils_linux.cpp:56:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(statm, O_RDONLY);
data/piler-0~20140707/utils_linux.cpp:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buffer[64];
data/piler-0~20140707/utils_linux.cpp:68:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int Pages = atoi(Buffer);
data/piler-0~20140707/writefasta.cpp:4:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char CompChar[256];
data/piler-0~20140707/gff.cpp:49:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(Line);
data/piler-0~20140707/gff2.cpp:124:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(Line);
data/piler-0~20140707/hash.cpp:79:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register ub4 length = (ub4) strlen(key); /* the length of the key */
data/piler-0~20140707/hash.cpp:124:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register ub4 length = (ub4) strlen(key); /* the length of the key */
data/piler-0~20140707/readafa.cpp:19:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(f);
data/piler-0~20140707/readmfa.cpp:42:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(f);
data/piler-0~20140707/tanmotif2fasta.cpp:31:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Path) + strlen(s) + 3 >= sizeof(FileName))
data/piler-0~20140707/tanmotif2fasta.cpp:31:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Path) + strlen(s) + 3 >= sizeof(FileName))
data/piler-0~20140707/tanmotif2fasta.cpp:41:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int) strlen(Motif.ContigLabel) + 128;
data/piler-0~20140707/trs2fasta.cpp:36:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Path) + strlen(s) + 3 >= sizeof(FileName))
data/piler-0~20140707/trs2fasta.cpp:36:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Path) + strlen(s) + 3 >= sizeof(FileName))
data/piler-0~20140707/trs2fasta.cpp:45:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int) strlen(TRS.ContigLabel) + 128;
data/piler-0~20140707/utils_linux.cpp:23:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = read(fd, Buffer, sizeof(Buffer) - 1);
data/piler-0~20140707/utils_linux.cpp:60:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = read(fd, Buffer, sizeof(Buffer) - 1);
ANALYSIS SUMMARY:
Hits = 126
Lines analyzed = 6578 in approximately 0.19 seconds (35553 lines/second)
Physical Source Lines of Code (SLOC) = 5369
Hits@level = [0] 42 [1] 14 [2] 86 [3] 0 [4] 26 [5] 0
Hits@level+ = [0+] 168 [1+] 126 [2+] 112 [3+] 26 [4+] 26 [5+] 0
Hits/KSLOC@level+ = [0+] 31.2907 [1+] 23.4681 [2+] 20.8605 [3+] 4.84262 [4+] 4.84262 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.