Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pirs-2.0.2+dfsg/src/pirs/BaseCallingProfile.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/BaseCallingProfile.h
Examining data/pirs-2.0.2+dfsg/src/pirs/CCRspline.h
Examining data/pirs-2.0.2+dfsg/src/pirs/GCBiasProfile.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/GCBiasProfile.h
Examining data/pirs-2.0.2+dfsg/src/pirs/IndelProfile.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/IndelProfile.h
Examining data/pirs-2.0.2+dfsg/src/pirs/InputStream.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/InputStream.h
Examining data/pirs-2.0.2+dfsg/src/pirs/Lock.h
Examining data/pirs-2.0.2+dfsg/src/pirs/MaskQvalsByEamss.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/MaskQvalsByEamss.h
Examining data/pirs-2.0.2+dfsg/src/pirs/OutputStream.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/OutputStream.h
Examining data/pirs-2.0.2+dfsg/src/pirs/Profile.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/Profile.h
Examining data/pirs-2.0.2+dfsg/src/pirs/Random.h
Examining data/pirs-2.0.2+dfsg/src/pirs/Read.h
Examining data/pirs-2.0.2+dfsg/src/pirs/SFMT-src-1.4/SFMT-common.h
Examining data/pirs-2.0.2+dfsg/src/pirs/SFMT-src-1.4/SFMT-params.h
Examining data/pirs-2.0.2+dfsg/src/pirs/SFMT-src-1.4/SFMT-params19937.h
Examining data/pirs-2.0.2+dfsg/src/pirs/SFMT-src-1.4/SFMT.c
Examining data/pirs-2.0.2+dfsg/src/pirs/SFMT-src-1.4/SFMT.h
Examining data/pirs-2.0.2+dfsg/src/pirs/SharedQueue.h
Examining data/pirs-2.0.2+dfsg/src/pirs/SimulationParameters.h
Examining data/pirs-2.0.2+dfsg/src/pirs/main.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/mt19937-64.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/mt19937-64.h
Examining data/pirs-2.0.2+dfsg/src/pirs/pirs.h
Examining data/pirs-2.0.2+dfsg/src/pirs/pirs_diploid.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/util.cpp
Examining data/pirs-2.0.2+dfsg/src/pirs/util.h
Examining data/pirs-2.0.2+dfsg/src/stator/gcContCvgBias/main.cpp
Examining data/pirs-2.0.2+dfsg/src/stator/gcContCvgBias/self_util.cpp
Examining data/pirs-2.0.2+dfsg/src/stator/gcContCvgBias/self_util.h
Examining data/pirs-2.0.2+dfsg/src/stator/gcContCvgBias/stat_soap_coverage.cpp
Examining data/pirs-2.0.2+dfsg/src/stator/gcContCvgBias/stat_soap_coverage.h
FINAL RESULTS:
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.cpp:120:20: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void OutputStream::vprintf(const char *format, va_list va)
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.cpp:124:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (vfprintf(text.s_fp, format, va) < 0)
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.cpp:136:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(gzip.s_aux_buf,
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.cpp:167:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void OutputStream::printf(const char *format, ...)
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.cpp:171:8: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
this->vprintf(format, va);
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.h:75:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void printf(const char *format, ...) __format(printf, 2, 3);
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.h:75:48: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void printf(const char *format, ...) __format(printf, 2, 3);
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.h:76:7: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void vprintf(const char *format, va_list va) __format(printf, 2, 0);
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.h:76:56: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void vprintf(const char *format, va_list va) __format(printf, 2, 0);
data/pirs-2.0.2+dfsg/src/pirs/Profile.cpp:17:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tag, matrix_tag);
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:609:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_%d_%d", params.output_prefix.c_str(),
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:1592:12: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
info_log.vprintf(format, va);
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:29:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, va);
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:44:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, va);
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:57:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(info_messages_fp, format, va);
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:76:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, va);
data/pirs-2.0.2+dfsg/src/pirs/util.h:41:38: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__cold __noreturn __format(printf, 1, 2);
data/pirs-2.0.2+dfsg/src/pirs/util.h:44:38: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__cold __noreturn __format(printf, 1, 2);
data/pirs-2.0.2+dfsg/src/pirs/util.h:47:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__cold __format(printf, 1, 2);
data/pirs-2.0.2+dfsg/src/pirs/util.h:49:63: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
extern void info(const char *msg, va_list va) __cold __format(printf, 1, 0);
data/pirs-2.0.2+dfsg/src/pirs/util.h:52:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__cold __format(printf, 1, 2);
data/pirs-2.0.2+dfsg/src/pirs/pirs_diploid.cpp:234:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, optstr, longopts, NULL)) != -1) {
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:401:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, optstring, longopts, NULL)) != -1) {
data/pirs-2.0.2+dfsg/src/pirs/BaseCallingProfile.cpp:139:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(orig_dist_matrix_row, dist_matrix_row, row_len * sizeof(uint64_t));
data/pirs-2.0.2+dfsg/src/pirs/GCBiasProfile.h:14:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char char_to_gc_count_tab[256];
data/pirs-2.0.2+dfsg/src/pirs/InputStream.cpp:39:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void InputStream::open(const char *filename)
data/pirs-2.0.2+dfsg/src/pirs/InputStream.cpp:58:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
text.s_fp = fopen(s_filename, "rb");
data/pirs-2.0.2+dfsg/src/pirs/InputStream.h:43:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *filename);
data/pirs-2.0.2+dfsg/src/pirs/InputStream.h:45:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const string &string) {
data/pirs-2.0.2+dfsg/src/pirs/InputStream.h:46:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(string.c_str());
data/pirs-2.0.2+dfsg/src/pirs/InputStream.h:55:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(filename);
data/pirs-2.0.2+dfsg/src/pirs/InputStream.h:58:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(filename.c_str());
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.cpp:46:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void OutputStream::open(const char *filename, enum OutputType type)
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.cpp:71:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
text.s_fp = fopen(s_filename, "wb");
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.h:59:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(filename, type);
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.h:66:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *filename, enum OutputType type = DEFAULT);
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.h:67:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const string &filename, enum OutputType type = DEFAULT) {
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.h:68:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(filename.c_str(), type);
data/pirs-2.0.2+dfsg/src/pirs/Profile.cpp:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[tag_len + 2];
data/pirs-2.0.2+dfsg/src/pirs/pirs_diploid.cpp:329:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char snp_tab[4][3] = {
data/pirs-2.0.2+dfsg/src/pirs/pirs_diploid.cpp:402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char insert[indel_len];
data/pirs-2.0.2+dfsg/src/pirs/pirs_diploid.cpp:710:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_file.open(ref_filename);
data/pirs-2.0.2+dfsg/src/pirs/pirs_diploid.cpp:728:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file.open(out_filename);
data/pirs-2.0.2+dfsg/src/pirs/pirs_diploid.cpp:732:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
snp_log_file.open(output_prefix + ".snp.lst");
data/pirs-2.0.2+dfsg/src/pirs/pirs_diploid.cpp:740:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
indel_log_file.open(output_prefix + ".indel.lst");
data/pirs-2.0.2+dfsg/src/pirs/pirs_diploid.cpp:748:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inversion_log_file.open(output_prefix + ".inversion.lst");
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:608:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[params.output_prefix.length() + 50];
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:616:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_files[i].open(params.input_refs[i]);
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:618:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file_1.open(prefix_long + "_1" + fasta_suffix);
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:619:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file_2.open(prefix_long + "_2" + fasta_suffix);
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:621:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
insert_distr_log_file.open(prefix_long + ".insert_len.distr");
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:624:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
error_distr_log_file.open(prefix_long + ".error_rate.distr");
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:627:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
info_log_file.open(prefix_long + ".read.info");
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:680:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_quality_vals[2 + read.seq.size() + 1];
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:83:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char dna_char_to_bin_tab[256] = {
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:103:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char dna_bin_to_char_tab[5] = {
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:108:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char dna_char_complement_tab[256] = {
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:174:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return (char*)memcpy(p, s, len + 1);
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, s1, len1);
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:184:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + len1, s2, len2 + 1);
data/pirs-2.0.2+dfsg/src/stator/gcContCvgBias/self_util.cpp:8:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alphabet[128] =
data/pirs-2.0.2+dfsg/src/stator/gcContCvgBias/self_util.cpp:20:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bases[5] =
data/pirs-2.0.2+dfsg/src/stator/gcContCvgBias/self_util.cpp:25:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_bases[5] =
data/pirs-2.0.2+dfsg/src/stator/gcContCvgBias/stat_soap_coverage.cpp:341:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzgcdump.open((str_output_prefix+"_"+toStr(width)+".refgc.gz").c_str());
data/pirs-2.0.2+dfsg/src/stator/gcContCvgBias/stat_soap_coverage.cpp:346:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzdepwindump.open((str_output_prefix+"_"+toStr(width)+".windep.gz").c_str());
data/pirs-2.0.2+dfsg/src/pirs/InputStream.cpp:94:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = strlen(line);
data/pirs-2.0.2+dfsg/src/pirs/InputStream.cpp:112:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int InputStream::getc()
data/pirs-2.0.2+dfsg/src/pirs/InputStream.cpp:117:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(text.s_fp);
data/pirs-2.0.2+dfsg/src/pirs/InputStream.h:66:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int getc();
data/pirs-2.0.2+dfsg/src/pirs/OutputStream.h:78:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
this->write(str, strlen(str));
data/pirs-2.0.2+dfsg/src/pirs/Profile.cpp:15:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tag_len = strlen(matrix_tag);
data/pirs-2.0.2+dfsg/src/pirs/Profile.cpp:18:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tag, "\n");
data/pirs-2.0.2+dfsg/src/pirs/main.cpp:42:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p[strlen(p) - 1] = '\0';
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:670:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void output_read(const Read &read, OutputStream &out_file)
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:673:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read.quality_vals.empty()) ? '>' : '@',
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:674:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.pair.insert_len_mean,
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:675:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.pair.pair_number, read.num_in_pair());
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:675:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.pair.pair_number, read.num_in_pair());
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:676:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
out_file.write(&read.seq[0], read.seq.size());
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:676:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
out_file.write(&read.seq[0], read.seq.size());
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:679:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read.quality_vals.empty()) {
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:680:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ascii_quality_vals[2 + read.seq.size() + 1];
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:684:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (size_t i = 0; i < read.seq.size(); i++)
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:685:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*p++ = read.quality_vals[i] + read.pair.quality_shift;
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:685:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*p++ = read.quality_vals[i] + read.pair.quality_shift;
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:695:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void log_read_info(const Read &read, OutputStream &info_log_file)
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:701:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(int)read.pair.insert_len_mean, read.pair.pair_number,
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:701:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(int)read.pair.insert_len_mean, read.pair.pair_number,
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:702:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.num_in_pair(), read.pair.ref_filename,
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:702:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.num_in_pair(), read.pair.ref_filename,
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:703:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.pair.ref_seq_id, read.pair.ref_seq_pos,
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:703:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.pair.ref_seq_id, read.pair.ref_seq_pos,
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:704:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.orientation(),
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:705:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.pair.insert_len, read.mask_end_len);
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:705:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.pair.insert_len, read.mask_end_len);
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:708:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.error_pos.empty()) {
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:711:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vector<int>::const_iterator it = read.error_pos.begin();
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:715:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.raw_read[*it],
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:716:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.seq[*it]);
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:717:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} while (++it != read.error_pos.end());
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:726:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (it = read.indels.begin(); it != read.indels.end(); it++) {
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:726:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (it = read.indels.begin(); it != read.indels.end(); it++) {
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:731:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
info_log_file.write(&read.seq[it->ref_idx + idx_delta],
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:744:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (it = read.indels.begin(); it != read.indels.end(); it++) {
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:744:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (it = read.indels.begin(); it != read.indels.end(); it++) {
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:749:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
info_log_file.write(&read.ref_read[it->ref_idx], -it->len);
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:845:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void call_read_bases(Read &read,
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:854:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vector<Indel>::const_iterator indel = read.indels.begin();
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:862:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (size_t i = 0; i < read.seq.size(); i++,
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:866:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (indel != read.indels.end() && ref_idx == indel->ref_idx) {
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:874:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
raw_base = read.raw_read[i];
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:886:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.error_pos.push_back(i);
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:890:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.seq[i] = called_base;
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:891:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read.quality_vals.empty())
data/pirs-2.0.2+dfsg/src/pirs/pirs_simulate.cpp:892:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.quality_vals[i] = qscore;
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:154:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = in.getc();
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:172:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:179:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = strlen(s1);
data/pirs-2.0.2+dfsg/src/pirs/util.cpp:180:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = strlen(s2);
ANALYSIS SUMMARY:
Hits = 119
Lines analyzed = 8136 in approximately 0.24 seconds (33754 lines/second)
Physical Source Lines of Code (SLOC) = 5927
Hits@level = [0] 25 [1] 54 [2] 42 [3] 2 [4] 21 [5] 0
Hits@level+ = [0+] 144 [1+] 119 [2+] 65 [3+] 23 [4+] 21 [5+] 0
Hits/KSLOC@level+ = [0+] 24.2956 [1+] 20.0776 [2+] 10.9668 [3+] 3.88055 [4+] 3.54311 [5+] 0
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.