Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/raxml-8.2.12+dfsg/ancestralStates.c Examining data/raxml-8.2.12+dfsg/axml.h Examining data/raxml-8.2.12+dfsg/classify.c Examining data/raxml-8.2.12+dfsg/eigen.c Examining data/raxml-8.2.12+dfsg/fastSearch.c Examining data/raxml-8.2.12+dfsg/globalVariables.h Examining data/raxml-8.2.12+dfsg/leaveDropping.c Examining data/raxml-8.2.12+dfsg/legacyCode.c Examining data/raxml-8.2.12+dfsg/mem_alloc.c Examining data/raxml-8.2.12+dfsg/models.c Examining data/raxml-8.2.12+dfsg/multiple.c Examining data/raxml-8.2.12+dfsg/optimizeModel.c Examining data/raxml-8.2.12+dfsg/parsePartitions.c Examining data/raxml-8.2.12+dfsg/rapidBootstrap.c Examining data/raxml-8.2.12+dfsg/rmq.h Examining data/raxml-8.2.12+dfsg/rmqs.c Examining data/raxml-8.2.12+dfsg/rmqs.h Examining data/raxml-8.2.12+dfsg/rogueEPA.c Examining data/raxml-8.2.12+dfsg/searchAlgo.c Examining data/raxml-8.2.12+dfsg/topologies.c Examining data/raxml-8.2.12+dfsg/treeIO.c Examining data/raxml-8.2.12+dfsg/avxLikelihood.c Examining data/raxml-8.2.12+dfsg/axml.c Examining data/raxml-8.2.12+dfsg/bipartitionList.c Examining data/raxml-8.2.12+dfsg/evaluateGenericSpecial.c Examining data/raxml-8.2.12+dfsg/evaluatePartialGenericSpecial.c Examining data/raxml-8.2.12+dfsg/fastDNAparsimony.c Examining data/raxml-8.2.12+dfsg/makenewzGenericSpecial.c Examining data/raxml-8.2.12+dfsg/newviewGenericSpecial.c FINAL RESULTS: data/raxml-8.2.12+dfsg/ancestralStates.c:1081:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, "%s", tr->nameList[p->number]); data/raxml-8.2.12+dfsg/ancestralStates.c:1140:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ancestralProbsFileName, workdir); data/raxml-8.2.12+dfsg/ancestralStates.c:1141:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ancestralStatesFileName, workdir); data/raxml-8.2.12+dfsg/ancestralStates.c:1142:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(treeFileName, workdir); data/raxml-8.2.12+dfsg/ancestralStates.c:1148:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ancestralProbsFileName, run_id); data/raxml-8.2.12+dfsg/ancestralStates.c:1149:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ancestralStatesFileName, run_id); data/raxml-8.2.12+dfsg/ancestralStates.c:1150:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(treeFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:150:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, format, args ); data/raxml-8.2.12+dfsg/axml.c:154:3: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args ); data/raxml-8.2.12+dfsg/axml.c:169:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, format, args ); data/raxml-8.2.12+dfsg/axml.c:173:7: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args ); data/raxml-8.2.12+dfsg/axml.c:191:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, format, args ); data/raxml-8.2.12+dfsg/axml.c:195:7: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args ); data/raxml-8.2.12+dfsg/axml.c:1255:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->nameList[i], buffer); data/raxml-8.2.12+dfsg/axml.c:1624:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->nameList[taxa], buffer); data/raxml-8.2.12+dfsg/axml.c:1912:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->initialPartitionData[0].proteinSubstitutionFileName, proteinModelFileName); data/raxml-8.2.12+dfsg/axml.c:1932:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->extendedPartitionData[i].partitionName, tr->initialPartitionData[i].partitionName); data/raxml-8.2.12+dfsg/axml.c:1933:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->extendedPartitionData[i].proteinSubstitutionFileName, tr->initialPartitionData[i].proteinSubstitutionFileName); data/raxml-8.2.12+dfsg/axml.c:1934:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->extendedPartitionData[i].ascFileName, tr->initialPartitionData[i].ascFileName); data/raxml-8.2.12+dfsg/axml.c:2804:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(noDupFile, seq_file); data/raxml-8.2.12+dfsg/axml.c:2807:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(noDupModels, modelFileName); data/raxml-8.2.12+dfsg/axml.c:2810:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(noDupSecondary, secondaryStructureFileName); data/raxml-8.2.12+dfsg/axml.c:2886:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(AAmodel, protModels[tr->partitionData[i].protModels]); data/raxml-8.2.12+dfsg/axml.c:2889:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(AAmodel, protModels[tr->partitionData[i].protModels]); data/raxml-8.2.12+dfsg/axml.c:3129:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(AAmodel, protModels[tr->partitionData[i].protModels]); data/raxml-8.2.12+dfsg/axml.c:3132:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(AAmodel, protModels[tr->partitionData[i].protModels]); data/raxml-8.2.12+dfsg/axml.c:3311:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(partName, workdir); data/raxml-8.2.12+dfsg/axml.c:3312:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(partName, modelFileName); data/raxml-8.2.12+dfsg/axml.c:3315:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(partName, buf); data/raxml-8.2.12+dfsg/axml.c:3321:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outName, workdir); data/raxml-8.2.12+dfsg/axml.c:3322:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(outName, seq_file); data/raxml-8.2.12+dfsg/axml.c:3325:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(outName, buf); data/raxml-8.2.12+dfsg/axml.c:3368:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outFileName, seq_file); data/raxml-8.2.12+dfsg/axml.c:3374:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(outFileName, tr->partitionData[i].partitionName); data/raxml-8.2.12+dfsg/axml.c:4448:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4460:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4474:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4489:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4502:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4517:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4536:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4549:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4564:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4588:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4599:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4613:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4627:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4640:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4657:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4671:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4689:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4704:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/axml.c:4787:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->outgroups[count], name); data/raxml-8.2.12+dfsg/axml.c:4800:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->outgroups[count], name); data/raxml-8.2.12+dfsg/axml.c:4821:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(text[0], "\n\nThis is %s version %s released by Alexandros Stamatakis on %s.\n\n", programName, programVersion, programDate); data/raxml-8.2.12+dfsg/axml.c:5894:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(quartetGroupingFileName, optarg); data/raxml-8.2.12+dfsg/axml.c:5934:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(binaryModelParamsInputFileName, optarg); data/raxml-8.2.12+dfsg/axml.c:5942:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(optarg, "%s", multiStateModel); data/raxml-8.2.12+dfsg/axml.c:5963:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(optarg, "%s", secondaryModel); data/raxml-8.2.12+dfsg/axml.c:5996:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(excludeFileName, optarg); data/raxml-8.2.12+dfsg/axml.c:6025:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if((sscanf(optarg,"%s", aut) > 0) && ((strcmp(aut, "autoFC") == 0) || (strcmp(aut, "autoMR") == 0) || data/raxml-8.2.12+dfsg/axml.c:6049:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if((sscanf(optarg,"%s", aut) > 0) && ((strcmp(aut, "MR") == 0) || (strcmp(aut, "MRE") == 0) || (strcmp(aut, "STRICT") == 0) || data/raxml-8.2.12+dfsg/axml.c:6073:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( (sscanf( optarg, "%s", aut) > 0) && optarg[0] == 'T' && optarg[1] == '_') data/raxml-8.2.12+dfsg/axml.c:6101:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if((sscanf(optarg,"%s", aut) > 0) && ((strcmp(aut, "MR") == 0) || (strcmp(aut, "MRE") == 0))) data/raxml-8.2.12+dfsg/axml.c:6111:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if((sscanf( optarg, "%s", aut) > 0) && optarg[0] == 'T' && optarg[1] == '_') data/raxml-8.2.12+dfsg/axml.c:6134:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(proteinModelFileName, optarg); data/raxml-8.2.12+dfsg/axml.c:6140:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(secondaryStructureFileName, optarg); data/raxml-8.2.12+dfsg/axml.c:6157:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outgroups, optarg); data/raxml-8.2.12+dfsg/axml.c:6167:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bootStrapFile, optarg); data/raxml-8.2.12+dfsg/axml.c:6174:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tree_file, optarg); data/raxml-8.2.12+dfsg/axml.c:6180:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tree_file, optarg); data/raxml-8.2.12+dfsg/axml.c:6190:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modelFileName,optarg); data/raxml-8.2.12+dfsg/axml.c:6194:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(optarg,"%" PRId64, &(adef->parsimonySeed)); data/raxml-8.2.12+dfsg/axml.c:6209:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if((sscanf(optarg,"%s", aut) > 0) && ((strcmp(aut, "autoFC") == 0) || (strcmp(aut, "autoMR") == 0) || data/raxml-8.2.12+dfsg/axml.c:6259:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(weightFileName,optarg); data/raxml-8.2.12+dfsg/axml.c:6263:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(optarg,"%" PRId64, &adef->boot); data/raxml-8.2.12+dfsg/axml.c:6272:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(optarg,"%" PRId64, &adef->rapidBoot); data/raxml-8.2.12+dfsg/axml.c:6495:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(run_id,optarg); data/raxml-8.2.12+dfsg/axml.c:6500:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(resultDir, optarg); data/raxml-8.2.12+dfsg/axml.c:6504:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tree_file, optarg); data/raxml-8.2.12+dfsg/axml.c:6509:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(seq_file, optarg); data/raxml-8.2.12+dfsg/axml.c:6516:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(model,optarg); data/raxml-8.2.12+dfsg/axml.c:7201:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dir, separator); data/raxml-8.2.12+dfsg/axml.c:7204:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dir, resultDir); data/raxml-8.2.12+dfsg/axml.c:7207:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dir, separator); data/raxml-8.2.12+dfsg/axml.c:7208:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(workdir, dir); data/raxml-8.2.12+dfsg/axml.c:7219:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dir, separator); data/raxml-8.2.12+dfsg/axml.c:7221:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(workdir, dir); data/raxml-8.2.12+dfsg/axml.c:7248:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(verboseSplitsFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7249:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(permFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7250:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(resultFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7251:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(logFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7252:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(checkpointFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7253:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(infoFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7254:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(randomFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7255:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bootstrapFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7256:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bipartitionsFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7257:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bipartitionsFileNameBranchLabels, workdir); data/raxml-8.2.12+dfsg/axml.c:7258:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(icFileNameBranchLabels, workdir); data/raxml-8.2.12+dfsg/axml.c:7259:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(icFileNameBranchLabelsUniform, workdir); data/raxml-8.2.12+dfsg/axml.c:7260:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(icFileNameBranchLabelsStochastic, workdir); data/raxml-8.2.12+dfsg/axml.c:7261:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ratesFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7262:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lengthFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7263:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lengthFileNameModel, workdir); data/raxml-8.2.12+dfsg/axml.c:7264:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(perSiteLLsFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7265:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(binaryModelParamsOutputFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7266:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rellBootstrapFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:7267:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesquiteModel, workdir); data/raxml-8.2.12+dfsg/axml.c:7268:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesquiteTrees, workdir); data/raxml-8.2.12+dfsg/axml.c:7269:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesquiteMLTrees, workdir); data/raxml-8.2.12+dfsg/axml.c:7270:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mesquiteMLLikes, workdir); data/raxml-8.2.12+dfsg/axml.c:7296:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(verboseSplitsFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7297:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(permFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7298:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(resultFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7299:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(logFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7300:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(checkpointFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7301:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(infoFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7302:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(randomFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7303:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bootstrapFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7304:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bipartitionsFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7305:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bipartitionsFileNameBranchLabels, run_id); data/raxml-8.2.12+dfsg/axml.c:7306:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(icFileNameBranchLabels, run_id); data/raxml-8.2.12+dfsg/axml.c:7307:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(icFileNameBranchLabelsUniform, run_id); data/raxml-8.2.12+dfsg/axml.c:7308:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(icFileNameBranchLabelsStochastic, run_id); data/raxml-8.2.12+dfsg/axml.c:7309:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ratesFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7310:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(lengthFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7311:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(lengthFileNameModel, run_id); data/raxml-8.2.12+dfsg/axml.c:7312:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(perSiteLLsFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7313:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(binaryModelParamsOutputFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7314:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rellBootstrapFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:7315:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mesquiteModel, run_id); data/raxml-8.2.12+dfsg/axml.c:7316:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mesquiteTrees, run_id); data/raxml-8.2.12+dfsg/axml.c:7317:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mesquiteMLTrees, run_id); data/raxml-8.2.12+dfsg/axml.c:7318:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mesquiteMLLikes, run_id); data/raxml-8.2.12+dfsg/axml.c:7327:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bootstrapFileNamePID, bootstrapFileName); data/raxml-8.2.12+dfsg/axml.c:7329:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bootstrapFileNamePID, buf); data/raxml-8.2.12+dfsg/axml.c:7331:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rellBootstrapFileNamePID, rellBootstrapFileName); data/raxml-8.2.12+dfsg/axml.c:7333:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rellBootstrapFileNamePID, buf); data/raxml-8.2.12+dfsg/axml.c:7744:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temporaryFileName, resultFileName); data/raxml-8.2.12+dfsg/axml.c:7771:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temporaryFileName, treeID); data/raxml-8.2.12+dfsg/axml.c:7909:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temporaryFileName, logFileName); data/raxml-8.2.12+dfsg/axml.c:7910:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(checkPoints, checkpointFileName); data/raxml-8.2.12+dfsg/axml.c:7934:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temporaryFileName, treeID); data/raxml-8.2.12+dfsg/axml.c:7937:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(checkPoints, treeID); data/raxml-8.2.12+dfsg/axml.c:7966:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temporaryFileName2, resultFileName); data/raxml-8.2.12+dfsg/axml.c:7974:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temporaryFileName2, treeID); data/raxml-8.2.12+dfsg/axml.c:7998:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(checkPoints, treeID); data/raxml-8.2.12+dfsg/axml.c:8034:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temporaryFileName, randomFileName); data/raxml-8.2.12+dfsg/axml.c:8036:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temporaryFileName, permFileName); data/raxml-8.2.12+dfsg/axml.c:8042:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temporaryFileName, treeID); data/raxml-8.2.12+dfsg/axml.c:8195:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]); data/raxml-8.2.12+dfsg/axml.c:8199:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]); data/raxml-8.2.12+dfsg/axml.c:8203:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(typeOfData, secondaryModelList[tr->secondaryStructureModel]); data/raxml-8.2.12+dfsg/axml.c:10968:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(distanceFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:10970:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(distanceFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:11091:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(integerFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:11093:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(integerFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:11175:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nameList[taxaCount], buffer); data/raxml-8.2.12+dfsg/axml.c:12353:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(quartetFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:12355:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(quartetFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:12707:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bestTreeFileName, workdir); data/raxml-8.2.12+dfsg/axml.c:12709:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bestTreeFileName, run_id); data/raxml-8.2.12+dfsg/axml.c:12848:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, workdir); data/raxml-8.2.12+dfsg/axml.c:12850:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fileName, tr->nameList[i]); data/raxml-8.2.12+dfsg/axml.c:12852:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fileName, run_id); data/raxml-8.2.12+dfsg/axml.c:13205:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rootedTreeFile, workdir); data/raxml-8.2.12+dfsg/axml.c:13207:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rootedTreeFile, run_id); data/raxml-8.2.12+dfsg/axml.c:13640:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, workdir); data/raxml-8.2.12+dfsg/axml.c:13642:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fileName, run_id); data/raxml-8.2.12+dfsg/bipartitionList.c:1252:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(n, run_id); data/raxml-8.2.12+dfsg/bipartitionList.c:1476:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, workdir); data/raxml-8.2.12+dfsg/bipartitionList.c:1478:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fileName, run_id); data/raxml-8.2.12+dfsg/bipartitionList.c:1480:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fileName, id); data/raxml-8.2.12+dfsg/bipartitionList.c:1959:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bipFileName, workdir); data/raxml-8.2.12+dfsg/bipartitionList.c:1961:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bipFileName, run_id); data/raxml-8.2.12+dfsg/bipartitionList.c:2205:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rfFileName, workdir); data/raxml-8.2.12+dfsg/bipartitionList.c:2207:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rfFileName, run_id); data/raxml-8.2.12+dfsg/bipartitionList.c:2898:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rfFileName, workdir); data/raxml-8.2.12+dfsg/bipartitionList.c:2900:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rfFileName, run_id); data/raxml-8.2.12+dfsg/bipartitionList.c:4655:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(consensusFileName, workdir); data/raxml-8.2.12+dfsg/bipartitionList.c:4680:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(consensusFileName, someChar); data/raxml-8.2.12+dfsg/bipartitionList.c:4686:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(consensusFileName, run_id); data/raxml-8.2.12+dfsg/classify.c:176:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr,"QUERY___%s:%s", tr->nameList[inserts[i]], branchLength); data/raxml-8.2.12+dfsg/classify.c:179:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr,"QUERY___%s", tr->nameList[inserts[i]]); data/raxml-8.2.12+dfsg/classify.c:223:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, "%s", nameptr); data/raxml-8.2.12+dfsg/classify.c:241:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, ":%8.20f[%s]", 0.5 * p->bInf->epa->originalBranchLength, p->bInf->epa->branchLabel); data/raxml-8.2.12+dfsg/classify.c:283:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, ":%8.20f[%s", p->bInf->epa->originalBranchLength, p->bInf->epa->branchLabel); data/raxml-8.2.12+dfsg/classify.c:288:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, ":%8.20f[%s", 0.5 * p->bInf->epa->originalBranchLength, p->bInf->epa->branchLabel); data/raxml-8.2.12+dfsg/classify.c:290:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, ":%8.20f[%s", p->bInf->epa->originalBranchLength, p->bInf->epa->branchLabel); data/raxml-8.2.12+dfsg/classify.c:2028:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(entropyFileName, workdir); data/raxml-8.2.12+dfsg/classify.c:2029:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(jointFormatTreeFileName, workdir); data/raxml-8.2.12+dfsg/classify.c:2030:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(labelledTreeFileName, workdir); data/raxml-8.2.12+dfsg/classify.c:2031:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(originalLabelledTreeFileName, workdir); data/raxml-8.2.12+dfsg/classify.c:2032:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(classificationFileName, workdir); data/raxml-8.2.12+dfsg/classify.c:2040:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(entropyFileName, run_id); data/raxml-8.2.12+dfsg/classify.c:2041:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(jointFormatTreeFileName, run_id); data/raxml-8.2.12+dfsg/classify.c:2042:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(labelledTreeFileName, run_id); data/raxml-8.2.12+dfsg/classify.c:2043:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(originalLabelledTreeFileName, run_id); data/raxml-8.2.12+dfsg/classify.c:2044:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(classificationFileName, run_id); data/raxml-8.2.12+dfsg/classify.c:2104:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(likelihoodWeightsFileName, workdir); data/raxml-8.2.12+dfsg/classify.c:2106:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(likelihoodWeightsFileName, run_id); data/raxml-8.2.12+dfsg/classify.c:2497:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(subTreeFileName, workdir); data/raxml-8.2.12+dfsg/classify.c:2499:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(subTreeFileName, run_id); data/raxml-8.2.12+dfsg/classify.c:2501:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(subTreeFileName, buf); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2418:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(jointFormatTreeFileName, workdir); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2419:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(originalLabelledTreeFileName, workdir); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2420:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(labelledTreeFileName, workdir); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2421:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(likelihoodWeightsFileName, workdir); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2428:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(jointFormatTreeFileName, run_id); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2429:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(originalLabelledTreeFileName, run_id); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2430:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(labelledTreeFileName, run_id); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2431:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(likelihoodWeightsFileName, run_id); data/raxml-8.2.12+dfsg/fastSearch.c:1307:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bestTreeFileName, workdir); data/raxml-8.2.12+dfsg/fastSearch.c:1309:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bestTreeFileName, run_id); data/raxml-8.2.12+dfsg/fastSearch.c:1419:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bestTreeFileName, workdir); data/raxml-8.2.12+dfsg/fastSearch.c:1421:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bestTreeFileName, run_id); data/raxml-8.2.12+dfsg/fastSearch.c:1430:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(shSupportFileName, workdir); data/raxml-8.2.12+dfsg/fastSearch.c:1432:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(shSupportFileName, run_id); data/raxml-8.2.12+dfsg/fastSearch.c:1449:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(shSupportPerPartitionFileName, workdir); data/raxml-8.2.12+dfsg/fastSearch.c:1451:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(shSupportPerPartitionFileName, run_id); data/raxml-8.2.12+dfsg/leaveDropping.c:1615:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dropFileName, workdir); data/raxml-8.2.12+dfsg/leaveDropping.c:1617:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dropFileName, run_id); data/raxml-8.2.12+dfsg/legacyCode.c:395:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(consensusFileName, workdir); data/raxml-8.2.12+dfsg/legacyCode.c:412:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(consensusFileName, run_id); data/raxml-8.2.12+dfsg/legacyCode.c:662:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rfFileName, workdir); data/raxml-8.2.12+dfsg/legacyCode.c:664:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rfFileName, run_id); data/raxml-8.2.12+dfsg/multiple.c:492:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sourceName, fileName); data/raxml-8.2.12+dfsg/multiple.c:502:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temporary, sourceName); data/raxml-8.2.12+dfsg/multiple.c:503:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temporary, buf); data/raxml-8.2.12+dfsg/multiple.c:526:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sourceName, fileName); data/raxml-8.2.12+dfsg/multiple.c:536:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temporary, sourceName); data/raxml-8.2.12+dfsg/multiple.c:537:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temporary, buf); data/raxml-8.2.12+dfsg/multiple.c:1168:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bestTreeFileName, workdir); data/raxml-8.2.12+dfsg/multiple.c:1170:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bestTreeFileName, run_id); data/raxml-8.2.12+dfsg/multiple.c:1829:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bestTreeFileName, workdir); data/raxml-8.2.12+dfsg/multiple.c:1831:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bestTreeFileName, run_id); data/raxml-8.2.12+dfsg/optimizeModel.c:2955:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gtrFileName, workdir); data/raxml-8.2.12+dfsg/optimizeModel.c:2957:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(gtrFileName, run_id); data/raxml-8.2.12+dfsg/optimizeModel.c:2965:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(gtrFileName, tr->partitionData[model].partitionName); data/raxml-8.2.12+dfsg/parsePartitions.c:260:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->initialPartitionData[modelNumber].proteinSubstitutionFileName, fileName); data/raxml-8.2.12+dfsg/parsePartitions.c:273:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->initialPartitionData[modelNumber].ascFileName, fileName); data/raxml-8.2.12+dfsg/parsePartitions.c:312:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/parsePartitions.c:326:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/parsePartitions.c:350:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/parsePartitions.c:383:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/parsePartitions.c:397:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/parsePartitions.c:413:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thisModel, protModels[i]); data/raxml-8.2.12+dfsg/parsePartitions.c:714:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&(p_names[i][0]), cc); data/raxml-8.2.12+dfsg/parsePartitions.c:1162:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mfn, secondaryStructureFileName); data/raxml-8.2.12+dfsg/parsePartitions.c:1164:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mfn, excludeFileName); data/raxml-8.2.12+dfsg/parsePartitions.c:1191:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mfn, modelFileName); data/raxml-8.2.12+dfsg/parsePartitions.c:1193:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mfn, excludeFileName); data/raxml-8.2.12+dfsg/parsePartitions.c:1224:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(AAmodel, protModels[tr->partitionData[i].protModels]); data/raxml-8.2.12+dfsg/parsePartitions.c:1227:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(AAmodel, protModels[tr->partitionData[i].protModels]); data/raxml-8.2.12+dfsg/parsePartitions.c:1347:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mfn, seq_file); data/raxml-8.2.12+dfsg/parsePartitions.c:1349:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mfn, excludeFileName); data/raxml-8.2.12+dfsg/parsePartitions.c:1651:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(partBuffer[i].partitionName, tr->extendedPartitionData[i].partitionName); data/raxml-8.2.12+dfsg/parsePartitions.c:1652:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(partBuffer[i].proteinSubstitutionFileName, tr->extendedPartitionData[i].proteinSubstitutionFileName); data/raxml-8.2.12+dfsg/parsePartitions.c:1653:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(partBuffer[i].ascFileName, tr->extendedPartitionData[i].ascFileName); data/raxml-8.2.12+dfsg/parsePartitions.c:1669:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->extendedPartitionData[i].partitionName, partBuffer[i].partitionName); data/raxml-8.2.12+dfsg/parsePartitions.c:1670:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->extendedPartitionData[i].proteinSubstitutionFileName, partBuffer[i].proteinSubstitutionFileName); data/raxml-8.2.12+dfsg/parsePartitions.c:1671:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tr->extendedPartitionData[i].ascFileName, partBuffer[i].ascFileName); data/raxml-8.2.12+dfsg/rogueEPA.c:251:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, workdir); data/raxml-8.2.12+dfsg/rogueEPA.c:253:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fileName, run_id); data/raxml-8.2.12+dfsg/searchAlgo.c:1308:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(terraceFileName, workdir); data/raxml-8.2.12+dfsg/searchAlgo.c:1310:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(terraceFileName, run_id); data/raxml-8.2.12+dfsg/searchAlgo.c:1312:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(terraceFileName, buf); data/raxml-8.2.12+dfsg/treeIO.c:136:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p->word, s); data/raxml-8.2.12+dfsg/treeIO.c:248:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, "%s", nameptr); data/raxml-8.2.12+dfsg/treeIO.c:342:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, "%s", "\0"); data/raxml-8.2.12+dfsg/treeIO.c:406:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, "%s", nameptr); data/raxml-8.2.12+dfsg/treeIO.c:452:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(treestr, "%s", "\0"); data/raxml-8.2.12+dfsg/treeIO.c:680:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(extendedTreeFileName, fileName); data/raxml-8.2.12+dfsg/treeIO.c:683:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(extendedTreeFileName, buf); data/raxml-8.2.12+dfsg/axml.c:5666:11: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc,argv, "R:T:E:N:B:L:P:S:Y:A:G:I:J:K:W:l:x:z:g:r:e:a:b:c:f:i:m:t:w:s:n:o:q:#:p:vudyjhHkMDFQUOVCX", long_options, &option_index/*&optind, &optarg*/); data/raxml-8.2.12+dfsg/ancestralStates.c:48:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workdir[1024]; data/raxml-8.2.12+dfsg/ancestralStates.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char run_id[128]; data/raxml-8.2.12+dfsg/ancestralStates.c:51:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char binaryStateNames[2]; data/raxml-8.2.12+dfsg/ancestralStates.c:52:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char dnaStateNames[4]; data/raxml-8.2.12+dfsg/ancestralStates.c:53:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char protStateNames[20]; data/raxml-8.2.12+dfsg/ancestralStates.c:54:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char genericStateNames[32]; data/raxml-8.2.12+dfsg/ancestralStates.c:1046:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(unsortedA[unsorted].probs, a[sorted].probs, sizeof(double) * (size_t)a[sorted].states); data/raxml-8.2.12+dfsg/ancestralStates.c:1093:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, "%d", p->number); data/raxml-8.2.12+dfsg/ancestralStates.c:1110:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, "ROOT"); data/raxml-8.2.12+dfsg/ancestralStates.c:1126:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/ancestralStates.c:1144:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(ancestralProbsFileName, "RAxML_marginalAncestralProbabilities."); data/raxml-8.2.12+dfsg/ancestralStates.c:1145:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(ancestralStatesFileName, "RAxML_marginalAncestralStates."); data/raxml-8.2.12+dfsg/ancestralStates.c:1146:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(treeFileName, "RAxML_nodeLabelledRootedTree."); data/raxml-8.2.12+dfsg/axml.c:469:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename,"rb"); data/raxml-8.2.12+dfsg/axml.c:485:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(path, mode); data/raxml-8.2.12+dfsg/axml.c:1119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:1122:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/axml.c:1454:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:1457:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/axml.c:1866:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tr->initialPartitionData[0].partitionName, "No Name Provided"); data/raxml-8.2.12+dfsg/axml.c:1925:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->extendedDataVector, tr->initialDataVector, (rdta->sites + 1) * sizeof(int)); data/raxml-8.2.12+dfsg/axml.c:2019:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char data/raxml-8.2.12+dfsg/axml.c:2022:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char data/raxml-8.2.12+dfsg/axml.c:2025:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/axml.c:2102:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char data/raxml-8.2.12+dfsg/axml.c:2105:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char data/raxml-8.2.12+dfsg/axml.c:2108:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/axml.c:2545:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(yBUF, y, ((size_t)rdta->numsp) * ((size_t)cdta->endsite) * sizeof(unsigned char)); data/raxml-8.2.12+dfsg/axml.c:2619:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->originalModel, tr->model, cdta->endsite * sizeof(int)); data/raxml-8.2.12+dfsg/axml.c:2620:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->originalDataVector, tr->dataVector, cdta->endsite * sizeof(int)); data/raxml-8.2.12+dfsg/axml.c:2621:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->originalWeights, tr->cdta->aliaswgt, cdta->endsite * sizeof(int)); data/raxml-8.2.12+dfsg/axml.c:2781:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char noDupFile[2048]; data/raxml-8.2.12+dfsg/axml.c:2782:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char noDupModels[2048]; data/raxml-8.2.12+dfsg/axml.c:2783:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char noDupSecondary[2048]; data/raxml-8.2.12+dfsg/axml.c:2805:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(noDupFile, ".reduced"); data/raxml-8.2.12+dfsg/axml.c:2808:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(noDupModels, ".reduced"); data/raxml-8.2.12+dfsg/axml.c:2811:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(noDupSecondary, ".reduced"); data/raxml-8.2.12+dfsg/axml.c:2878:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:2885:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(AAmodel, "ASC_"); data/raxml-8.2.12+dfsg/axml.c:3121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:3128:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(AAmodel, "ASC_"); data/raxml-8.2.12+dfsg/axml.c:3275:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outName[1024], partName[1024], buf[16]; data/raxml-8.2.12+dfsg/axml.c:3313:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(partName, ".BS"); data/raxml-8.2.12+dfsg/axml.c:3314:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", i); data/raxml-8.2.12+dfsg/axml.c:3323:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(outName, ".BS"); data/raxml-8.2.12+dfsg/axml.c:3324:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", i); data/raxml-8.2.12+dfsg/axml.c:3362:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outFileName[2048]; data/raxml-8.2.12+dfsg/axml.c:3375:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(outFileName, ".phy"); data/raxml-8.2.12+dfsg/axml.c:3754:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:4447:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTCAT"); data/raxml-8.2.12+dfsg/axml.c:4459:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTCAT"); data/raxml-8.2.12+dfsg/axml.c:4473:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTCAT"); data/raxml-8.2.12+dfsg/axml.c:4488:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTCATI"); data/raxml-8.2.12+dfsg/axml.c:4501:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTCATI"); data/raxml-8.2.12+dfsg/axml.c:4516:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTCATI"); data/raxml-8.2.12+dfsg/axml.c:4535:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "ASC_PROTCAT"); data/raxml-8.2.12+dfsg/axml.c:4548:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "ASC_PROTCAT"); data/raxml-8.2.12+dfsg/axml.c:4563:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "ASC_PROTCAT"); data/raxml-8.2.12+dfsg/axml.c:4587:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTGAMMA"); data/raxml-8.2.12+dfsg/axml.c:4598:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "ASC_PROTGAMMA"); data/raxml-8.2.12+dfsg/axml.c:4612:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTGAMMAI"); data/raxml-8.2.12+dfsg/axml.c:4626:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTGAMMA"); data/raxml-8.2.12+dfsg/axml.c:4639:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "ASC_PROTGAMMA"); data/raxml-8.2.12+dfsg/axml.c:4656:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTGAMMA"); data/raxml-8.2.12+dfsg/axml.c:4670:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "ASC_PROTGAMMA"); data/raxml-8.2.12+dfsg/axml.c:4688:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTGAMMAI"); data/raxml-8.2.12+dfsg/axml.c:4703:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "PROTGAMMAI"); data/raxml-8.2.12+dfsg/axml.c:4760:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[nmlngth]; data/raxml-8.2.12+dfsg/axml.c:4815:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:4822:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text[1], "With greatly appreciated code contributions by:\n"); data/raxml-8.2.12+dfsg/axml.c:4823:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text[2], "Andre Aberer (HITS)\n"); data/raxml-8.2.12+dfsg/axml.c:4824:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text[3], "Simon Berger (HITS)\n"); data/raxml-8.2.12+dfsg/axml.c:4825:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text[4], "Alexey Kozlov (HITS)\n"); data/raxml-8.2.12+dfsg/axml.c:4826:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text[5], "Kassian Kobert (HITS)\n"); data/raxml-8.2.12+dfsg/axml.c:4827:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text[6], "David Dao (KIT and HITS)\n"); data/raxml-8.2.12+dfsg/axml.c:4828:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text[7], "Sarah Lutteropp (KIT and HITS)\n"); data/raxml-8.2.12+dfsg/axml.c:4829:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text[8], "Nick Pattengale (Sandia)\n"); data/raxml-8.2.12+dfsg/axml.c:4830:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text[9], "Wayne Pfeiffer (SDSC)\n"); data/raxml-8.2.12+dfsg/axml.c:4831:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text[10], "Akifumi S. Tanabe (NRIFS)\n"); data/raxml-8.2.12+dfsg/axml.c:4832:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text[11], "Charlie Taylor (UF)\n\n"); data/raxml-8.2.12+dfsg/axml.c:5497:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void analyzeRunId(char id[128]) data/raxml-8.2.12+dfsg/axml.c:5534:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:5696:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:5746:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:5938:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *modelList[3] = { "ORDERED", "MK", "GTR"}; data/raxml-8.2.12+dfsg/axml.c:5959:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *modelList[21] = { "S6A", "S6B", "S6C", "S6D", "S6E", "S7A", "S7B", "S7C", "S7D", "S7E", "S7F", "S16", "S16A", "S16B", "S16C", data/raxml-8.2.12+dfsg/axml.c:7193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:7212:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:7272:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(verboseSplitsFileName, "RAxML_verboseSplits."); data/raxml-8.2.12+dfsg/axml.c:7273:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(permFileName, "RAxML_parsimonyTree."); data/raxml-8.2.12+dfsg/axml.c:7274:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(resultFileName, "RAxML_result."); data/raxml-8.2.12+dfsg/axml.c:7275:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(logFileName, "RAxML_log."); data/raxml-8.2.12+dfsg/axml.c:7276:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(checkpointFileName, "RAxML_checkpoint."); data/raxml-8.2.12+dfsg/axml.c:7277:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(infoFileName, "RAxML_info."); data/raxml-8.2.12+dfsg/axml.c:7278:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(randomFileName, "RAxML_randomTree."); data/raxml-8.2.12+dfsg/axml.c:7279:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bootstrapFileName, "RAxML_bootstrap."); data/raxml-8.2.12+dfsg/axml.c:7280:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bipartitionsFileName, "RAxML_bipartitions."); data/raxml-8.2.12+dfsg/axml.c:7281:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bipartitionsFileNameBranchLabels, "RAxML_bipartitionsBranchLabels."); data/raxml-8.2.12+dfsg/axml.c:7282:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(icFileNameBranchLabels, "RAxML_IC_Score_BranchLabels."); data/raxml-8.2.12+dfsg/axml.c:7283:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(icFileNameBranchLabelsStochastic, "RAxML_Corrected_Probabilistic_IC_Score_BranchLabels."); data/raxml-8.2.12+dfsg/axml.c:7284:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(icFileNameBranchLabelsUniform, "RAxML_Corrected_Lossless_IC_Score_BranchLabels."); data/raxml-8.2.12+dfsg/axml.c:7285:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(ratesFileName, "RAxML_perSiteRates."); data/raxml-8.2.12+dfsg/axml.c:7286:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lengthFileName, "RAxML_treeLength."); data/raxml-8.2.12+dfsg/axml.c:7287:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lengthFileNameModel, "RAxML_treeLengthModel."); data/raxml-8.2.12+dfsg/axml.c:7288:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(perSiteLLsFileName, "RAxML_perSiteLLs."); data/raxml-8.2.12+dfsg/axml.c:7289:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(binaryModelParamsOutputFileName, "RAxML_binaryModelParameters."); data/raxml-8.2.12+dfsg/axml.c:7290:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(rellBootstrapFileName, "RAxML_rellBootstrap."); data/raxml-8.2.12+dfsg/axml.c:7291:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mesquiteModel, "RAxML_mesquiteModel."); data/raxml-8.2.12+dfsg/axml.c:7292:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mesquiteTrees, "RAxML_mesquiteTrees."); data/raxml-8.2.12+dfsg/axml.c:7293:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mesquiteMLTrees, "RAxML_mesquite_ML_Trees."); data/raxml-8.2.12+dfsg/axml.c:7294:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mesquiteMLLikes, "RAxML_mesquite_ML_Likes."); data/raxml-8.2.12+dfsg/axml.c:7322:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:7325:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", processID); data/raxml-8.2.12+dfsg/axml.c:7328:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bootstrapFileNamePID, ".PID."); data/raxml-8.2.12+dfsg/axml.c:7332:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(rellBootstrapFileNamePID, ".PID."); data/raxml-8.2.12+dfsg/axml.c:7416:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modelType[128]; data/raxml-8.2.12+dfsg/axml.c:7421:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelType, "GAMMA+P-Invar"); data/raxml-8.2.12+dfsg/axml.c:7423:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelType, "GAMMA"); data/raxml-8.2.12+dfsg/axml.c:7573:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char treeType[1024]; data/raxml-8.2.12+dfsg/axml.c:7576:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(treeType, "user-specified"); data/raxml-8.2.12+dfsg/axml.c:7580:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(treeType, "distinct complete random"); data/raxml-8.2.12+dfsg/axml.c:7582:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(treeType, "distinct randomized MP"); data/raxml-8.2.12+dfsg/axml.c:7621:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:7742:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temporaryFileName[1024] = "", treeID[64] = ""; data/raxml-8.2.12+dfsg/axml.c:7769:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treeID, "%d", tr->treeID); data/raxml-8.2.12+dfsg/axml.c:7770:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(temporaryFileName, ".RUN."); data/raxml-8.2.12+dfsg/axml.c:7903:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temporaryFileName[1024] = "", checkPoints[1024] = "", treeID[64] = ""; data/raxml-8.2.12+dfsg/axml.c:7932:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treeID, "%d", tr->treeID); data/raxml-8.2.12+dfsg/axml.c:7933:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(temporaryFileName, ".RUN."); data/raxml-8.2.12+dfsg/axml.c:7936:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(checkPoints, ".RUN."); data/raxml-8.2.12+dfsg/axml.c:7953:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:7970:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:7972:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treeID, "%d", tr->treeID); data/raxml-8.2.12+dfsg/axml.c:7973:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(temporaryFileName2, ".RUN."); data/raxml-8.2.12+dfsg/axml.c:7997:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treeID, "%d", tr->checkPointCounter); data/raxml-8.2.12+dfsg/axml.c:8029:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temporaryFileName[1024] = "", treeID[64] = ""; data/raxml-8.2.12+dfsg/axml.c:8040:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treeID, "%d", tr->treeID); data/raxml-8.2.12+dfsg/axml.c:8041:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(temporaryFileName, ".RUN."); data/raxml-8.2.12+dfsg/axml.c:8070:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modelType[128]; data/raxml-8.2.12+dfsg/axml.c:8075:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelType, "GAMMA+P-Invar"); data/raxml-8.2.12+dfsg/axml.c:8078:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelType, "GAMMA"); data/raxml-8.2.12+dfsg/axml.c:8081:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modelType, "CAT"); data/raxml-8.2.12+dfsg/axml.c:8180:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void getDataTypeString(tree *tr, int model, char typeOfData[1024]) data/raxml-8.2.12+dfsg/axml.c:8185:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"AA"); data/raxml-8.2.12+dfsg/axml.c:8188:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"DNA"); data/raxml-8.2.12+dfsg/axml.c:8191:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"BINARY/MORPHOLOGICAL"); data/raxml-8.2.12+dfsg/axml.c:8194:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"SECONDARY 16 STATE MODEL USING "); data/raxml-8.2.12+dfsg/axml.c:8198:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"SECONDARY 6 STATE MODEL USING "); data/raxml-8.2.12+dfsg/axml.c:8202:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"SECONDARY 7 STATE MODEL USING "); data/raxml-8.2.12+dfsg/axml.c:8206:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"Multi-State"); data/raxml-8.2.12+dfsg/axml.c:8209:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typeOfData,"Codon"); data/raxml-8.2.12+dfsg/axml.c:8230:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char typeOfData[1024]; data/raxml-8.2.12+dfsg/axml.c:8258:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *freqNames[20] = {"A", "R", "N","D", "C", "Q", "E", "G", data/raxml-8.2.12+dfsg/axml.c:8295:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *freqNames[32] = {"0", "1", "2", "3", "4", "5", "6", "7", data/raxml-8.2.12+dfsg/axml.c:8310:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *freqNames[4] = {"A", "C", "G", "T"}; data/raxml-8.2.12+dfsg/axml.c:8319:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *freqNames[6] = {"AU", "CG", "GC", "GU", "UA", "UG"}; data/raxml-8.2.12+dfsg/axml.c:8328:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *freqNames[7] = {"AU", "CG", "GC", "GU", "UA", "UG", "REST"}; data/raxml-8.2.12+dfsg/axml.c:8337:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *freqNames[16] = {"AA", "AC", "AG", "AU", "CA", "CC", "CG", "CU", data/raxml-8.2.12+dfsg/axml.c:8347:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *freqNames[2] = {"0", "1"}; data/raxml-8.2.12+dfsg/axml.c:9051:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EIGN_LG4[k], tr->partitionData[model].EIGN_LG4[k], pl->eignLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9052:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].rawEIGN_LG4[k], tr->partitionData[model].rawEIGN_LG4[k], pl->eignLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9053:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EV_LG4[k], tr->partitionData[model].EV_LG4[k], pl->evLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9054:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EI_LG4[k], tr->partitionData[model].EI_LG4[k], pl->eiLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9055:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].substRates_LG4[k], tr->partitionData[model].substRates_LG4[k], pl->substRatesLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9056:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].frequencies_LG4[k], tr->partitionData[model].frequencies_LG4[k], pl->frequenciesLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9057:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].tipVector_LG4[k], tr->partitionData[model].tipVector_LG4[k], pl->tipVectorLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9110:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->executeModel, tr->executeModel, sizeof(boolean) * localTree->NumberOfModels); data/raxml-8.2.12+dfsg/axml.c:9131:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->coreLZ, tr->coreLZ, sizeof(double) * localTree->numBranches); data/raxml-8.2.12+dfsg/axml.c:9132:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->executeModel, tr->executeModel, sizeof(boolean) * localTree->NumberOfModels); data/raxml-8.2.12+dfsg/axml.c:9167:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->coreLZ, tr->coreLZ, sizeof(double) * localTree->numBranches); data/raxml-8.2.12+dfsg/axml.c:9168:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->executeModel, tr->executeModel, sizeof(boolean) * localTree->NumberOfModels); data/raxml-8.2.12+dfsg/axml.c:9200:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EIGN, tr->partitionData[model].EIGN, pl->eignLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9201:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EV, tr->partitionData[model].EV, pl->evLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9202:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EI, tr->partitionData[model].EI, pl->eiLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9203:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].tipVector, tr->partitionData[model].tipVector, pl->tipVectorLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9212:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->executeModel, tr->executeModel, localTree->NumberOfModels * sizeof(boolean)); data/raxml-8.2.12+dfsg/axml.c:9218:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EIGN, tr->partitionData[model].EIGN, pl->eignLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9219:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EV, tr->partitionData[model].EV, pl->evLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9220:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EI, tr->partitionData[model].EI, pl->eiLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9221:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].tipVector, tr->partitionData[model].tipVector, pl->tipVectorLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9251:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4); data/raxml-8.2.12+dfsg/axml.c:9258:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->executeModel, tr->executeModel, localTree->NumberOfModels * sizeof(boolean)); data/raxml-8.2.12+dfsg/axml.c:9262:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4); data/raxml-8.2.12+dfsg/axml.c:9287:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4); data/raxml-8.2.12+dfsg/axml.c:9295:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->executeModel, tr->executeModel, localTree->NumberOfModels * sizeof(boolean)); data/raxml-8.2.12+dfsg/axml.c:9297:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4); data/raxml-8.2.12+dfsg/axml.c:9324:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EIGN, tr->partitionData[model].EIGN, pl->eignLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9325:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EV, tr->partitionData[model].EV, pl->evLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9326:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EI, tr->partitionData[model].EI, pl->eiLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9327:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].substRates, tr->partitionData[model].substRates, pl->substRatesLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9328:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].frequencies, tr->partitionData[model].frequencies, pl->frequenciesLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9329:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].tipVector, tr->partitionData[model].tipVector, pl->tipVectorLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9333:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4); data/raxml-8.2.12+dfsg/axml.c:9349:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EIGN, tr->partitionData[model].EIGN, pl->eignLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9350:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EV, tr->partitionData[model].EV, pl->evLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9351:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EI, tr->partitionData[model].EI, pl->eiLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9352:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].substRates, tr->partitionData[model].substRates, pl->substRatesLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9353:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].frequencies, tr->partitionData[model].frequencies, pl->frequenciesLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9354:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].tipVector, tr->partitionData[model].tipVector, pl->tipVectorLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9358:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].weights, tr->partitionData[model].weights, sizeof(double) * 4); data/raxml-8.2.12+dfsg/axml.c:9359:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4); data/raxml-8.2.12+dfsg/axml.c:9369:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].invariableFrequencies, tr->partitionData[model].invariableFrequencies, pl->states * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9466:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EIGN, tr->partitionData[model].EIGN, pl->eignLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9467:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EV, tr->partitionData[model].EV, pl->evLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9468:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EI, tr->partitionData[model].EI, pl->eiLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9469:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].substRates, tr->partitionData[model].substRates, pl->substRatesLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9470:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].frequencies, tr->partitionData[model].frequencies, pl->frequenciesLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9471:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].tipVector, tr->partitionData[model].tipVector, pl->tipVectorLength * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:9492:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionContributions, tr->partitionContributions, sizeof(double) * localTree->NumberOfModels); data/raxml-8.2.12+dfsg/axml.c:9500:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->readPartition, tr->readPartition, sizeof(int) * (size_t)localTree->numberOfTipsForInsertion); data/raxml-8.2.12+dfsg/axml.c:9515:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->contiguousWgt , tr->cdta->aliaswgt, sizeof(int) * localTree->contiguousScalingLength); data/raxml-8.2.12+dfsg/axml.c:9516:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->contiguousInvariant , tr->invariant, sizeof(int) * localTree->contiguousScalingLength); data/raxml-8.2.12+dfsg/axml.c:9525:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->contiguousRateCategory, tr->cdta->rateCategory, sizeof(int) * localTree->contiguousScalingLength); data/raxml-8.2.12+dfsg/axml.c:9647:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&leftContigousVector[globalCount], &leftStridedVector[localCount], sizeof(double) * blockRequirements); data/raxml-8.2.12+dfsg/axml.c:9653:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rightContigousVector[globalCount], &rightStridedVector[localCount], sizeof(double) * blockRequirements); data/raxml-8.2.12+dfsg/axml.c:9997:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&contigousVector[globalCount], &stridedVector[localCount], sizeof(double) * blockRequirements); data/raxml-8.2.12+dfsg/axml.c:10014:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->executeModel, tr->executeModel, localTree->NumberOfModels * sizeof(boolean)); data/raxml-8.2.12+dfsg/axml.c:10041:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].weights, tr->partitionData[model].weights, sizeof(double) * 4); data/raxml-8.2.12+dfsg/axml.c:10042:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4); data/raxml-8.2.12+dfsg/axml.c:10049:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->executeModel, tr->executeModel, localTree->NumberOfModels * sizeof(boolean)); data/raxml-8.2.12+dfsg/axml.c:10053:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].weights, tr->partitionData[model].weights, sizeof(double) * 4); data/raxml-8.2.12+dfsg/axml.c:10054:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].gammaRates, tr->partitionData[model].gammaRates, sizeof(double) * 4); data/raxml-8.2.12+dfsg/axml.c:10082:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EIGN_LG4[0], tr->partitionData[model].EIGN_LG4[0], sizeof(double) * 19); data/raxml-8.2.12+dfsg/axml.c:10083:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EIGN_LG4[1], tr->partitionData[model].EIGN_LG4[1], sizeof(double) * 19); data/raxml-8.2.12+dfsg/axml.c:10084:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EIGN_LG4[2], tr->partitionData[model].EIGN_LG4[2], sizeof(double) * 19); data/raxml-8.2.12+dfsg/axml.c:10085:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localTree->partitionData[model].EIGN_LG4[3], tr->partitionData[model].EIGN_LG4[3], sizeof(double) * 19); data/raxml-8.2.12+dfsg/axml.c:10395:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bestVector, tr->perSiteLL, tr->cdta->endsite * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:10750:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(originalRateCategories, tr->cdta->rateCategory, sizeof(int) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/axml.c:10751:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(originalInvariant, tr->invariant, sizeof(int) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/axml.c:10963:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char distanceFileName[1024]; data/raxml-8.2.12+dfsg/axml.c:10969:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(distanceFileName, "RAxML_distances."); data/raxml-8.2.12+dfsg/axml.c:11047:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:11067:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reference, tr->perSiteLL, tr->cdta->endsite * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:11092:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(integerFileName, "RAxML_weights."); data/raxml-8.2.12+dfsg/axml.c:11129:82: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void extractTaxaFromTopology(tree *tr, rawdata *rdta, cruncheddata *cdta, char fileName[1024]) data/raxml-8.2.12+dfsg/axml.c:11134:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:11394:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(binaryModelParamsInputFileName, "r"); data/raxml-8.2.12+dfsg/axml.c:11424:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:11539:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bits_in_16bits [0x1u << 16]; data/raxml-8.2.12+dfsg/axml.c:11755:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void groupingParser(char *quartetGroupFileName, int *groups[4], int groupSize[4], tree *tr) data/raxml-8.2.12+dfsg/axml.c:12340:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:12354:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(quartetFileName, "RAxML_quartets."); data/raxml-8.2.12+dfsg/axml.c:12681:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:12708:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bestTreeFileName, "RAxML_bestTree."); data/raxml-8.2.12+dfsg/axml.c:12797:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bestVector, tr->perSiteLL, tr->cdta->endsite * sizeof(double)); data/raxml-8.2.12+dfsg/axml.c:12845:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:12849:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fileName, "RAxML_ancestralTest."); data/raxml-8.2.12+dfsg/axml.c:12863:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attachmentBranch, p->z, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12864:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(leftBranch, l->z, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12865:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rightBranch, r->z, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12875:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->z, attachmentBranch, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12876:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->back->z, attachmentBranch, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12891:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->z, attachmentBranch, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12892:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->back->z, attachmentBranch, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12893:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l->z, leftBranch, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12894:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l->back->z, leftBranch, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12909:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->z, attachmentBranch, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12910:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->back->z, attachmentBranch, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12911:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->z, rightBranch, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:12912:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->back->z, rightBranch, sizeof(double) * NUM_BRANCHES); data/raxml-8.2.12+dfsg/axml.c:13190:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:13206:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(rootedTreeFile, "RAxML_rootedTree."); data/raxml-8.2.12+dfsg/axml.c:13564:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/axml.c:13641:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fileName, "RAxML_stolenBranchLengths."); data/raxml-8.2.12+dfsg/axml.h:473:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char branchLabel[64]; data/raxml-8.2.12+dfsg/axml.h:614:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proteinSubstitutionFileName[2048]; data/raxml-8.2.12+dfsg/axml.h:615:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascFileName[2048]; data/raxml-8.2.12+dfsg/axml.h:1214:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern void ascertainmentBiasSequence(unsigned char tip[32], int numStates, int dataType, int nodeNumber); data/raxml-8.2.12+dfsg/axml.h:1220:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern void getDataTypeString(tree *tr, int model, char typeOfData[1024]); data/raxml-8.2.12+dfsg/bipartitionList.c:63:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char run_id[128]; data/raxml-8.2.12+dfsg/bipartitionList.c:64:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workdir[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:65:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char bootStrapFile[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:66:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char tree_file[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:67:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char infoFileName[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:68:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char resultFileName[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:69:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char verboseSplitsFileName[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:70:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char bipartitionsFileNameBranchLabels[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:71:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char icFileNameBranchLabelsStochastic[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:72:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char icFileNameBranchLabelsUniform[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:73:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char icFileNameBranchLabels[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:450:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:525:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:544:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:595:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:614:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:672:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:701:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:984:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:998:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:1248:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/bipartitionList.c:1251:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(n, "trace."); data/raxml-8.2.12+dfsg/bipartitionList.c:1255:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *f = fopen(n, "a"); data/raxml-8.2.12+dfsg/bipartitionList.c:1471:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/bipartitionList.c:1475:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(id, "%d", counter); data/raxml-8.2.12+dfsg/bipartitionList.c:1477:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fileName, "RAxML_verboseIC."); data/raxml-8.2.12+dfsg/bipartitionList.c:1647:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/bipartitionList.c:1896:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bipFileName[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:1960:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bipFileName, "RAxML_bipartitionFrequencies."); data/raxml-8.2.12+dfsg/bipartitionList.c:2050:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rfFileName[1024]; data/raxml-8.2.12+dfsg/bipartitionList.c:2206:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(rfFileName, "RAxML_RF-Distances."); data/raxml-8.2.12+dfsg/bipartitionList.c:2345:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:2356:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:2885:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/bipartitionList.c:2899:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(rfFileName, "RAxML_RF-Distances."); data/raxml-8.2.12+dfsg/bipartitionList.c:4561:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/bipartitionList.c:4661:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(consensusFileName, "RAxML_MajorityRuleConsensusTree_IC."); data/raxml-8.2.12+dfsg/bipartitionList.c:4663:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(consensusFileName, "RAxML_MajorityRuleConsensusTree."); data/raxml-8.2.12+dfsg/bipartitionList.c:4667:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(consensusFileName, "RAxML_MajorityRuleExtendedConsensusTree_IC."); data/raxml-8.2.12+dfsg/bipartitionList.c:4669:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(consensusFileName, "RAxML_MajorityRuleExtendedConsensusTree."); data/raxml-8.2.12+dfsg/bipartitionList.c:4673:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(consensusFileName, "RAxML_StrictConsensusTree."); data/raxml-8.2.12+dfsg/bipartitionList.c:4677:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(someChar, "RAxML_Threshold-%d-ConsensusTree_IC.", tr->consensusUserThreshold); data/raxml-8.2.12+dfsg/bipartitionList.c:4679:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(someChar, "RAxML_Threshold-%d-ConsensusTree.", tr->consensusUserThreshold); data/raxml-8.2.12+dfsg/bipartitionList.c:4862:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b->bitMasks[b->entries], mask, sizeof(unsigned int) * (size_t)vLength); data/raxml-8.2.12+dfsg/bipartitionList.c:4879:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b->bitMasks[b->entries], mask, sizeof(unsigned int) * (size_t)vLength); data/raxml-8.2.12+dfsg/bipartitionList.c:4989:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * (size_t)vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:4990:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->taxonMask, mask, sizeof(unsigned int) * (size_t)vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:5013:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->bitVector, bitVector, sizeof(unsigned int) * (size_t)vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:5014:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e->taxonMask, mask, sizeof(unsigned int) * (size_t)vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:5075:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(correctedVector, toInsert, sizeof(unsigned int) * (size_t)vectorLength); data/raxml-8.2.12+dfsg/bipartitionList.c:5700:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bipCopy, refBip, sizeof(unsigned int) * (size_t)vLength); data/raxml-8.2.12+dfsg/classify.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workdir[1024]; data/raxml-8.2.12+dfsg/classify.c:51:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char run_id[128]; data/raxml-8.2.12+dfsg/classify.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char bootStrapFile[1024]; data/raxml-8.2.12+dfsg/classify.c:172:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/classify.c:175:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(branchLength, "%f", bInf->epa->branches[i]); data/raxml-8.2.12+dfsg/classify.c:190:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr,"):0.0,"); data/raxml-8.2.12+dfsg/classify.c:255:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f{%d", p->bInf->epa->originalBranchLength * 0.5, p->bInf->epa->jointLabel); data/raxml-8.2.12+dfsg/classify.c:262:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f{%d", p->bInf->epa->originalBranchLength * 0.5, tr->numberOfBranches); data/raxml-8.2.12+dfsg/classify.c:266:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f{%d", p->bInf->epa->originalBranchLength, p->bInf->epa->jointLabel); data/raxml-8.2.12+dfsg/classify.c:275:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f{%d,%d", p->bInf->epa->originalBranchLength, data/raxml-8.2.12+dfsg/classify.c:278:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f{%d", p->bInf->epa->originalBranchLength, data/raxml-8.2.12+dfsg/classify.c:1880:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/classify.c:1966:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tr->bInf[i].epa->branchLabel, "I%d", i); data/raxml-8.2.12+dfsg/classify.c:2034:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(entropyFileName, "RAxML_entropy."); data/raxml-8.2.12+dfsg/classify.c:2035:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(jointFormatTreeFileName, "RAxML_portableTree."); data/raxml-8.2.12+dfsg/classify.c:2036:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(labelledTreeFileName, "RAxML_labelledTree."); data/raxml-8.2.12+dfsg/classify.c:2037:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(originalLabelledTreeFileName, "RAxML_originalLabelledTree."); data/raxml-8.2.12+dfsg/classify.c:2038:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(classificationFileName, "RAxML_classification."); data/raxml-8.2.12+dfsg/classify.c:2046:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(jointFormatTreeFileName, ".jplace"); data/raxml-8.2.12+dfsg/classify.c:2101:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/classify.c:2105:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(likelihoodWeightsFileName, "RAxML_classificationLikelihoodWeights."); data/raxml-8.2.12+dfsg/classify.c:2490:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/classify.c:2495:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", subTreeIndex); data/raxml-8.2.12+dfsg/classify.c:2498:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(subTreeFileName, "RAxML_subtreePlacement."); data/raxml-8.2.12+dfsg/classify.c:2502:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(subTreeFileName, ".jplace"); data/raxml-8.2.12+dfsg/classify.c:2636:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tr->bInf[i].epa->branchLabel, "I%d", i); data/raxml-8.2.12+dfsg/classify.c:2698:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/evaluateGenericSpecial.c:57:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ascertainmentBiasSequence(unsigned char tip[32], int numStates, int dataType, int nodeNumber) data/raxml-8.2.12+dfsg/evaluateGenericSpecial.c:285:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/evaluateGenericSpecial.c:397:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/fastDNAparsimony.c:103:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workdir[1024]; data/raxml-8.2.12+dfsg/fastDNAparsimony.c:104:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char run_id[128]; data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2328:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2398:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tr->bInf[i].epa->branchLabel, "I%d", i); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2423:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(jointFormatTreeFileName, "RAxML_portableTree."); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2424:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(originalLabelledTreeFileName, "RAxML_originalLabelledTree."); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2425:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(labelledTreeFileName, "RAxML_labelledTree."); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2426:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(likelihoodWeightsFileName, "RAxML_equallyParsimoniousPlacements."); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2433:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(jointFormatTreeFileName, ".jplace"); data/raxml-8.2.12+dfsg/fastDNAparsimony.c:2572:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). treeFile = fopen(labelledTreeFileName, "wb"); data/raxml-8.2.12+dfsg/fastSearch.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char permFileName[1024], resultFileName[1024], data/raxml-8.2.12+dfsg/fastSearch.c:918:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lhVectors[0], tr->perSiteLL, sizeof(double) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/fastSearch.c:948:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lhVectors[1], tr->perSiteLL, sizeof(double) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/fastSearch.c:981:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lhVectors[2], tr->perSiteLL, sizeof(double) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/fastSearch.c:1205:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/fastSearch.c:1308:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bestTreeFileName, "RAxML_fastTree."); data/raxml-8.2.12+dfsg/fastSearch.c:1337:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/fastSearch.c:1420:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bestTreeFileName, "RAxML_fastTree."); data/raxml-8.2.12+dfsg/fastSearch.c:1431:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(shSupportFileName, "RAxML_fastTreeSH_Support."); data/raxml-8.2.12+dfsg/fastSearch.c:1446:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/fastSearch.c:1450:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(shSupportPerPartitionFileName, "RAxML_fastTree_perPartition_SH_Support."); data/raxml-8.2.12+dfsg/globalVariables.h:44:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char run_id[128] = "", data/raxml-8.2.12+dfsg/globalVariables.h:86:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *protModels[NUM_PROT_MODELS] = {"DAYHOFF", "DCMUT", "JTT", "MTREV", "WAG", "RTREV", "CPREV", "VT", data/raxml-8.2.12+dfsg/globalVariables.h:90:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char binaryStateNames[2] = {'0', '1'}; data/raxml-8.2.12+dfsg/globalVariables.h:91:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char dnaStateNames[4] = {'A', 'C', 'G', 'T'}; data/raxml-8.2.12+dfsg/globalVariables.h:92:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char protStateNames[20] = {'A','R', 'N', 'D', 'C', 'Q', 'E', 'G', 'H', data/raxml-8.2.12+dfsg/globalVariables.h:95:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char genericStateNames[32] = {'0', '1', '2', '3', '4', '5', '6', '7', data/raxml-8.2.12+dfsg/globalVariables.h:100:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningBINARY[4] = {'_', '0', '1', '-'}; data/raxml-8.2.12+dfsg/globalVariables.h:101:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningDNA[16] = {'_', 'A', 'C', 'M', 'G', 'R', 'S', 'V', 'T', 'W', 'Y', 'H', 'K', 'D', 'B', '-'}; data/raxml-8.2.12+dfsg/globalVariables.h:102:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningPROT[23] = {'A','R', 'N', 'D', 'C', 'Q', 'E', 'G', 'H', 'I', 'L', 'K', 'M', 'F', 'P', 'S', data/raxml-8.2.12+dfsg/globalVariables.h:104:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningGeneric32[33] = {'0', '1', '2', '3', '4', '5', '6', '7', data/raxml-8.2.12+dfsg/globalVariables.h:109:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char inverseMeaningGeneric64[33] = {'0', '1', '2', '3', '4', '5', '6', '7', data/raxml-8.2.12+dfsg/globalVariables.h:165:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *secondaryModelList[21] = { "S6A (GTR)", "S6B", "S6C", "S6D", "S6E", "S7A (GTR)", "S7B", "S7C", "S7D", "S7E", "S7F", "S16 (GTR)", "S16A", "S16B", "S16C", data/raxml-8.2.12+dfsg/leaveDropping.c:26:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char run_id[128]; data/raxml-8.2.12+dfsg/leaveDropping.c:27:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workdir[1024]; data/raxml-8.2.12+dfsg/leaveDropping.c:545:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. result->commonAttributes = memcpy(result->commonAttributes, profile->commonAttributes, sizeof(ProfileElemAttr)); data/raxml-8.2.12+dfsg/leaveDropping.c:686:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(array->commonAttributes, oldArray->commonAttributes, sizeof(ProfileElemAttr)); data/raxml-8.2.12+dfsg/leaveDropping.c:1181:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. profileElemAttr = memcpy(profileElemAttr, infrequentBipartitions->commonAttributes, sizeof(ProfileElemAttr)); data/raxml-8.2.12+dfsg/leaveDropping.c:1203:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. tmpArray->commonAttributes = memcpy(tmpArray->commonAttributes, infrequentBipartitions->commonAttributes, sizeof(ProfileElemAttr)); data/raxml-8.2.12+dfsg/leaveDropping.c:1538:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/leaveDropping.c:1616:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(dropFileName, "RAxML_prunedTrees."); data/raxml-8.2.12+dfsg/legacyCode.c:289:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/legacyCode.c:400:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(consensusFileName, "RAxML_MajorityRuleConsensusTree."); data/raxml-8.2.12+dfsg/legacyCode.c:403:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(consensusFileName, "RAxML_MajorityRuleExtendedConsensusTree."); data/raxml-8.2.12+dfsg/legacyCode.c:406:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(consensusFileName, "RAxML_StrictConsensusTree."); data/raxml-8.2.12+dfsg/legacyCode.c:638:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/legacyCode.c:663:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(rfFileName, "RAxML_RF-Distances."); data/raxml-8.2.12+dfsg/makenewzGenericSpecial.c:2734:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/makenewzGenericSpecial.c:2755:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/makenewzGenericSpecial.c:2805:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/makenewzGenericSpecial.c:2828:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/models.c:66:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *protModels[NUM_PROT_MODELS]; data/raxml-8.2.12+dfsg/models.c:292:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/models.c:564:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(daa, tr->partitionData[model].externalAAMatrix, 400 * sizeof(double)); data/raxml-8.2.12+dfsg/models.c:565:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(f, &(tr->partitionData[model].externalAAMatrix[400]), 20 * sizeof(double)); data/raxml-8.2.12+dfsg/models.c:3767:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->partitionData[model].frequencies_LG4[i], frequencies, 20 * sizeof(double)); data/raxml-8.2.12+dfsg/models.c:4310:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->partitionData[model].symmetryVector, s, sizeof(int) * 6); data/raxml-8.2.12+dfsg/multiple.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char tree_file[1024]; data/raxml-8.2.12+dfsg/multiple.c:57:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char rellBootstrapFileName[1024]; data/raxml-8.2.12+dfsg/multiple.c:63:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char seq_file[1024]; data/raxml-8.2.12+dfsg/multiple.c:64:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char permFileName[1024], resultFileName[1024], data/raxml-8.2.12+dfsg/multiple.c:245:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->cdta->aliaswgt, tr->originalWeights, sizeof(int) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/multiple.c:246:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->model, tr->originalModel, sizeof(int) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/multiple.c:247:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->dataVector, tr->originalDataVector, sizeof(int) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/multiple.c:249:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->cdta->rateCategory, originalRateCategories, sizeof(int) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/multiple.c:250:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->invariant, originalInvariant, sizeof(int) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/multiple.c:254:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->rdta->y0, tr->rdta->yBUF, ((size_t)tr->rdta->numsp) * ((size_t)tr->cdta->endsite) * sizeof(char)); data/raxml-8.2.12+dfsg/multiple.c:438:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst[i].EIGN, src[i].EIGN, pl->eignLength * sizeof(double)); data/raxml-8.2.12+dfsg/multiple.c:439:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst[i].EV, src[i].EV, pl->evLength * sizeof(double)); data/raxml-8.2.12+dfsg/multiple.c:440:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst[i].EI, src[i].EI, pl->eiLength * sizeof(double)); data/raxml-8.2.12+dfsg/multiple.c:441:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst[i].substRates, src[i].substRates, pl->substRatesLength * sizeof(double)); data/raxml-8.2.12+dfsg/multiple.c:442:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst[i].frequencies, src[i].frequencies, pl->frequenciesLength * sizeof(double)); data/raxml-8.2.12+dfsg/multiple.c:443:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst[i].tipVector, src[i].tipVector, pl->tipVectorLength * sizeof(double)); data/raxml-8.2.12+dfsg/multiple.c:461:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/multiple.c:479:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void concatenateBSFiles(int processes, char fileName[1024]) data/raxml-8.2.12+dfsg/multiple.c:489:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/multiple.c:493:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(sourceName, ".PID."); data/raxml-8.2.12+dfsg/multiple.c:497:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/multiple.c:501:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", i); data/raxml-8.2.12+dfsg/multiple.c:516:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void removeBSFiles(int processes, char fileName[1024]) data/raxml-8.2.12+dfsg/multiple.c:523:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/multiple.c:527:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(sourceName, ".PID."); data/raxml-8.2.12+dfsg/multiple.c:531:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/multiple.c:535:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", i); data/raxml-8.2.12+dfsg/multiple.c:571:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bestTreeFileName[1024]; data/raxml-8.2.12+dfsg/multiple.c:686:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(originalRateCategories, tr->cdta->rateCategory, sizeof(int) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/multiple.c:687:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(originalInvariant, tr->invariant, sizeof(int) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/multiple.c:1169:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bestTreeFileName, "RAxML_bestTree."); data/raxml-8.2.12+dfsg/multiple.c:1471:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bestTreeFileName[1024]; data/raxml-8.2.12+dfsg/multiple.c:1830:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bestTreeFileName, "RAxML_bestTree."); data/raxml-8.2.12+dfsg/newviewGenericSpecial.c:537:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/newviewGenericSpecial.c:579:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/newviewGenericSpecial.c:705:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/newviewGenericSpecial.c:745:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data/raxml-8.2.12+dfsg/optimizeModel.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char ratesFileName[1024]; data/raxml-8.2.12+dfsg/optimizeModel.c:57:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workdir[1024]; data/raxml-8.2.12+dfsg/optimizeModel.c:58:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char run_id[128]; data/raxml-8.2.12+dfsg/optimizeModel.c:59:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char lengthFileName[1024]; data/raxml-8.2.12+dfsg/optimizeModel.c:60:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char lengthFileNameModel[1024]; data/raxml-8.2.12+dfsg/optimizeModel.c:61:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *protModels[NUM_PROT_MODELS]; data/raxml-8.2.12+dfsg/optimizeModel.c:1391:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&startRates[pos * 4], tr->partitionData[index].gammaRates, 4 * sizeof(double)); data/raxml-8.2.12+dfsg/optimizeModel.c:1392:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&startExponents[pos * 4], tr->partitionData[index].weightExponents, 4 * sizeof(double)); data/raxml-8.2.12+dfsg/optimizeModel.c:1393:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&startWeights[pos * 4], tr->partitionData[index].weights, 4 * sizeof(double)); data/raxml-8.2.12+dfsg/optimizeModel.c:2632:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oldCategory, tr->cdta->rateCategory, sizeof(int) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/optimizeModel.c:2633:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ratStored, tr->cdta->patratStored, sizeof(double) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/optimizeModel.c:2642:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oldCategorizedRates[model], tr->partitionData[model].perSiteRates, tr->maxCategories * sizeof(double)); data/raxml-8.2.12+dfsg/optimizeModel.c:2643:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oldUnscaledCategorizedRates[model], tr->partitionData[model].unscaled_perSiteRates, tr->maxCategories * sizeof(double)); data/raxml-8.2.12+dfsg/optimizeModel.c:2727:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->partitionData[model].perSiteRates, oldCategorizedRates[model], tr->maxCategories * sizeof(double)); data/raxml-8.2.12+dfsg/optimizeModel.c:2728:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->partitionData[model].unscaled_perSiteRates, oldUnscaledCategorizedRates[model], tr->maxCategories * sizeof(double)); data/raxml-8.2.12+dfsg/optimizeModel.c:2731:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->cdta->patratStored, ratStored, sizeof(double) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/optimizeModel.c:2732:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->cdta->rateCategory, oldCategory, sizeof(int) * tr->cdta->endsite); data/raxml-8.2.12+dfsg/optimizeModel.c:2934:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/optimizeModel.c:2956:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(gtrFileName, "RAxML_proteinGTRmodel."); data/raxml-8.2.12+dfsg/optimizeModel.c:2964:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(gtrFileName, "_Partition_"); data/raxml-8.2.12+dfsg/optimizeModel.c:3102:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/optimizeModel.c:4205:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rateBuffer, tr->partitionData[0].substRates, sizeof(double) * 6); data/raxml-8.2.12+dfsg/optimizeModel.c:4231:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->partitionData[0].substRates, &guessGTR[1], sizeof(double) * 5); data/raxml-8.2.12+dfsg/optimizeModel.c:4247:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tr->partitionData[0].substRates, rateBuffer, sizeof(double) * 6); data/raxml-8.2.12+dfsg/parsePartitions.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char modelFileName[1024]; data/raxml-8.2.12+dfsg/parsePartitions.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char excludeFileName[1024]; data/raxml-8.2.12+dfsg/parsePartitions.c:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char secondaryStructureFileName[1024]; data/raxml-8.2.12+dfsg/parsePartitions.c:57:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char seq_file[1024]; data/raxml-8.2.12+dfsg/parsePartitions.c:59:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *protModels[NUM_PROT_MODELS]; data/raxml-8.2.12+dfsg/parsePartitions.c:187:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/parsePartitions.c:382:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thisModel, "ASC_"); data/raxml-8.2.12+dfsg/parsePartitions.c:666:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/raxml-8.2.12+dfsg/parsePartitions.c:763:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lower = atoi(buf); data/raxml-8.2.12+dfsg/parsePartitions.c:811:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). upper = atoi(buf); data/raxml-8.2.12+dfsg/parsePartitions.c:856:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). modulo = atoi(buf); data/raxml-8.2.12+dfsg/parsePartitions.c:977:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/raxml-8.2.12+dfsg/parsePartitions.c:1042:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi(buf); data/raxml-8.2.12+dfsg/parsePartitions.c:1070:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi(buf); data/raxml-8.2.12+dfsg/parsePartitions.c:1084:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi(buf); data/raxml-8.2.12+dfsg/parsePartitions.c:1156:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfn[2048]; data/raxml-8.2.12+dfsg/parsePartitions.c:1188:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfn[2048]; data/raxml-8.2.12+dfsg/parsePartitions.c:1219:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char AAmodel[1024]; data/raxml-8.2.12+dfsg/parsePartitions.c:1223:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(AAmodel, "ASC_"); data/raxml-8.2.12+dfsg/parsePartitions.c:1344:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfn[2048]; data/raxml-8.2.12+dfsg/parsePartitions.c:1469:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bracketTypes[4][2] = {{'(', ')'}, {'<', '>'}, {'[', ']'}, {'{', '}'}}; data/raxml-8.2.12+dfsg/parsePartitions.c:1694:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tr->extendedPartitionData[i].partitionName, "SECONDARY STRUCTURE 16 STATE MODEL"); data/raxml-8.2.12+dfsg/parsePartitions.c:1702:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tr->extendedPartitionData[i].partitionName, "SECONDARY STRUCTURE 6 STATE MODEL"); data/raxml-8.2.12+dfsg/parsePartitions.c:1711:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tr->extendedPartitionData[i].partitionName, "SECONDARY STRUCTURE 7 STATE MODEL"); data/raxml-8.2.12+dfsg/rapidBootstrap.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char seq_file[1024]; data/raxml-8.2.12+dfsg/rmqs.c:27:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char LSBTable256[256] = data/raxml-8.2.12+dfsg/rmqs.c:51:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char LogTable256[256] = data/raxml-8.2.12+dfsg/rmqs.h:78:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char LSBTable256[256]; data/raxml-8.2.12+dfsg/rmqs.h:85:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char LogTable256[256]; data/raxml-8.2.12+dfsg/rogueEPA.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char run_id[128]; data/raxml-8.2.12+dfsg/rogueEPA.c:45:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workdir[1024]; data/raxml-8.2.12+dfsg/rogueEPA.c:236:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/rogueEPA.c:252:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fileName, "RAxML_SiteSpecificPlacementBias."); data/raxml-8.2.12+dfsg/searchAlgo.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char seq_file[1024]; data/raxml-8.2.12+dfsg/searchAlgo.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char resultFileName[1024]; data/raxml-8.2.12+dfsg/searchAlgo.c:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char tree_file[1024]; data/raxml-8.2.12+dfsg/searchAlgo.c:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char workdir[1024]; data/raxml-8.2.12+dfsg/searchAlgo.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char run_id[128]; data/raxml-8.2.12+dfsg/searchAlgo.c:1275:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data/raxml-8.2.12+dfsg/searchAlgo.c:1306:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", bCount); data/raxml-8.2.12+dfsg/searchAlgo.c:1309:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(terraceFileName, "RAxML_terrace."); data/raxml-8.2.12+dfsg/searchAlgo.c:1311:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(terraceFileName, ".BS."); data/raxml-8.2.12+dfsg/treeIO.c:48:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char infoFileName[1024]; data/raxml-8.2.12+dfsg/treeIO.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char tree_file[1024]; data/raxml-8.2.12+dfsg/treeIO.c:251:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, "%d", p->number); data/raxml-8.2.12+dfsg/treeIO.c:275:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":0.0;\n"); data/raxml-8.2.12+dfsg/treeIO.c:277:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ";\n"); data/raxml-8.2.12+dfsg/treeIO.c:293:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, "%1.3f:%8.20f", p->bInf->ic, p->z[0]); data/raxml-8.2.12+dfsg/treeIO.c:295:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, "%d:%8.20f", p->bInf->support, p->z[0]); data/raxml-8.2.12+dfsg/treeIO.c:301:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f[%1.3f,%1.3f]", p->z[0], p->bInf->ic, p->bInf->icAll); data/raxml-8.2.12+dfsg/treeIO.c:303:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f[%d]", p->z[0], p->bInf->support); data/raxml-8.2.12+dfsg/treeIO.c:307:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f[%d]", getBranchLength(tr, perGene, p), p->bInf->support); data/raxml-8.2.12+dfsg/treeIO.c:314:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f[", getBranchLength(tr, perGene, p)); data/raxml-8.2.12+dfsg/treeIO.c:320:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, "%d,", p->bInf->supports[model]); data/raxml-8.2.12+dfsg/treeIO.c:325:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, "%d]", p->bInf->supports[model]); data/raxml-8.2.12+dfsg/treeIO.c:332:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f", p->z[0]); data/raxml-8.2.12+dfsg/treeIO.c:334:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f", getBranchLength(tr, perGene, p)); data/raxml-8.2.12+dfsg/treeIO.c:340:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f", getBranchLength(tr, perGene, p)); data/raxml-8.2.12+dfsg/treeIO.c:409:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, "%d", p->number); data/raxml-8.2.12+dfsg/treeIO.c:433:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, "%d:%8.20f", p->bInf->support, p->z[0]); data/raxml-8.2.12+dfsg/treeIO.c:435:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f[%d]", p->z[0], p->bInf->support); data/raxml-8.2.12+dfsg/treeIO.c:437:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f[%d]", getBranchLength(tr, perGene, p), p->bInf->support); data/raxml-8.2.12+dfsg/treeIO.c:442:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f", p->z[0]); data/raxml-8.2.12+dfsg/treeIO.c:444:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f", getBranchLength(tr, perGene, p)); data/raxml-8.2.12+dfsg/treeIO.c:450:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ":%8.20f", getBranchLength(tr, perGene, p)); data/raxml-8.2.12+dfsg/treeIO.c:522:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(treestr, ");\n"); data/raxml-8.2.12+dfsg/treeIO.c:672:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extendedTreeFileName[1024]; data/raxml-8.2.12+dfsg/treeIO.c:673:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/raxml-8.2.12+dfsg/treeIO.c:681:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%d", i); data/raxml-8.2.12+dfsg/treeIO.c:682:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extendedTreeFileName, ".PARTITION."); data/raxml-8.2.12+dfsg/treeIO.c:850:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[nmlngth+2]; data/raxml-8.2.12+dfsg/treeIO.c:1085:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[64]; data/raxml-8.2.12+dfsg/treeIO.c:2093:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(smallTree->nodep[i], tr->nodep[i], sizeof(node)); data/raxml-8.2.12+dfsg/axml.c:106:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(f)) != EOF) data/raxml-8.2.12+dfsg/axml.c:627:6: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(h); data/raxml-8.2.12+dfsg/axml.c:681:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read; data/raxml-8.2.12+dfsg/axml.c:1090:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(f); data/raxml-8.2.12+dfsg/axml.c:1227:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(INFILE); data/raxml-8.2.12+dfsg/axml.c:1230:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(INFILE); data/raxml-8.2.12+dfsg/axml.c:1237:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(INFILE); data/raxml-8.2.12+dfsg/axml.c:1252:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buffer) + 1; data/raxml-8.2.12+dfsg/axml.c:1258:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(INFILE); data/raxml-8.2.12+dfsg/axml.c:1265:38: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((j < rdta->sites) && ((ch = getc(INFILE)) != EOF) && (ch != '\n') && (ch != '\r')) data/raxml-8.2.12+dfsg/axml.c:1346:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(INFILE); /* flush line *//* PC-LINEBREAK*/ data/raxml-8.2.12+dfsg/axml.c:1374:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = getc(INFILE)) != EOF); data/raxml-8.2.12+dfsg/axml.c:1559:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read; data/raxml-8.2.12+dfsg/axml.c:1621:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLength = strlen(buffer) + 1; data/raxml-8.2.12+dfsg/axml.c:1931:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tr->extendedPartitionData[i].partitionName = (char*)rax_malloc((strlen(tr->initialPartitionData[i].partitionName) + 1) * sizeof(char)); data/raxml-8.2.12+dfsg/axml.c:2891:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(AAmodel, "F"); data/raxml-8.2.12+dfsg/axml.c:2894:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(AAmodel, "X"); data/raxml-8.2.12+dfsg/axml.c:3134:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(AAmodel, "F"); data/raxml-8.2.12+dfsg/axml.c:3137:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(AAmodel, "X"); data/raxml-8.2.12+dfsg/axml.c:3373:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(outFileName, "."); data/raxml-8.2.12+dfsg/axml.c:3431:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = fgetc(f)) != EOF) data/raxml-8.2.12+dfsg/axml.c:3435:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(f); data/raxml-8.2.12+dfsg/axml.c:3442:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(f); data/raxml-8.2.12+dfsg/axml.c:4461:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "F"); data/raxml-8.2.12+dfsg/axml.c:4475:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "X"); data/raxml-8.2.12+dfsg/axml.c:4503:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "F"); data/raxml-8.2.12+dfsg/axml.c:4518:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "X"); data/raxml-8.2.12+dfsg/axml.c:4550:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "F"); data/raxml-8.2.12+dfsg/axml.c:4565:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "X"); data/raxml-8.2.12+dfsg/axml.c:4628:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "F"); data/raxml-8.2.12+dfsg/axml.c:4641:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "F"); data/raxml-8.2.12+dfsg/axml.c:4658:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "X"); data/raxml-8.2.12+dfsg/axml.c:4672:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "X"); data/raxml-8.2.12+dfsg/axml.c:4690:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "F"); data/raxml-8.2.12+dfsg/axml.c:4705:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "X"); data/raxml-8.2.12+dfsg/axml.c:6156:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *outgroups = (char*)rax_malloc(sizeof(char) * (strlen(optarg) + 1)); data/raxml-8.2.12+dfsg/axml.c:7206:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(dir[strlen(dir) - 1] != separator[0]) data/raxml-8.2.12+dfsg/axml.c:7218:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(dir[strlen(dir) - 1] != separator[0]) data/raxml-8.2.12+dfsg/axml.c:7995:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(checkPoints, "."); data/raxml-8.2.12+dfsg/axml.c:11146:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = fgetc(f)) != ';') data/raxml-8.2.12+dfsg/axml.c:11151:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(f); data/raxml-8.2.12+dfsg/axml.c:11163:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(f); data/raxml-8.2.12+dfsg/axml.c:11174:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameList[taxaCount] = (char*)rax_malloc(sizeof(char) * (strlen(buffer) + 1)); data/raxml-8.2.12+dfsg/axml.c:11776:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = getc(f)) != EOF) data/raxml-8.2.12+dfsg/axml.c:12801:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = getc(f)) != EOF) data/raxml-8.2.12+dfsg/axml.c:12851:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fileName, "."); data/raxml-8.2.12+dfsg/bipartitionList.c:856:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(f)) != EOF) data/raxml-8.2.12+dfsg/bipartitionList.c:1479:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fileName, "."); data/raxml-8.2.12+dfsg/bipartitionList.c:1659:18: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = fgetc(treeFile)) != ';') data/raxml-8.2.12+dfsg/bipartitionList.c:1663:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(treeFile); data/raxml-8.2.12+dfsg/bipartitionList.c:1675:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(treeFile); data/raxml-8.2.12+dfsg/classify.c:298:5: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(treestr, "}"); data/raxml-8.2.12+dfsg/classify.c:300:5: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(treestr, "]"); data/raxml-8.2.12+dfsg/classify.c:2500:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(subTreeFileName, "."); data/raxml-8.2.12+dfsg/classify.c:2590:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read; data/raxml-8.2.12+dfsg/mem_alloc.c:22:14: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. void *PREFIX(memalign)(size_t align, size_t size); data/raxml-8.2.12+dfsg/mem_alloc.c:35:17: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. return PREFIX(memalign)(align, size); data/raxml-8.2.12+dfsg/parsePartitions.c:63:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i, n = strlen(line); data/raxml-8.2.12+dfsg/parsePartitions.c:327:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "F"); data/raxml-8.2.12+dfsg/parsePartitions.c:351:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "X"); data/raxml-8.2.12+dfsg/parsePartitions.c:398:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "F"); data/raxml-8.2.12+dfsg/parsePartitions.c:414:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(thisModel, "X"); data/raxml-8.2.12+dfsg/parsePartitions.c:613:22: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). register int c = getc(stream); data/raxml-8.2.12+dfsg/parsePartitions.c:712:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(cc); data/raxml-8.2.12+dfsg/parsePartitions.c:996:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = getc(f)) != EOF) data/raxml-8.2.12+dfsg/parsePartitions.c:1012:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = getc(f)) != EOF) data/raxml-8.2.12+dfsg/parsePartitions.c:1163:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mfn, "."); data/raxml-8.2.12+dfsg/parsePartitions.c:1192:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mfn, "."); data/raxml-8.2.12+dfsg/parsePartitions.c:1229:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(AAmodel, "F"); data/raxml-8.2.12+dfsg/parsePartitions.c:1231:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(AAmodel, "X"); data/raxml-8.2.12+dfsg/parsePartitions.c:1348:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mfn, "."); data/raxml-8.2.12+dfsg/parsePartitions.c:1475:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(f)) != EOF) data/raxml-8.2.12+dfsg/parsePartitions.c:1506:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(f)) != EOF) data/raxml-8.2.12+dfsg/parsePartitions.c:1650:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). partBuffer[i].partitionName = (char*)rax_malloc((strlen(tr->extendedPartitionData[i].partitionName) + 1) * sizeof(char)); data/raxml-8.2.12+dfsg/parsePartitions.c:1668:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tr->extendedPartitionData[i].partitionName = (char*)rax_malloc((strlen(partBuffer[i].partitionName) + 1) * sizeof(char)); data/raxml-8.2.12+dfsg/treeIO.c:134:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->word = (char *)rax_malloc((strlen(s) + 1) * sizeof(char)); data/raxml-8.2.12+dfsg/treeIO.c:707:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF && ch != ']') { data/raxml-8.2.12+dfsg/treeIO.c:724:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF) { data/raxml-8.2.12+dfsg/treeIO.c:771:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/raxml-8.2.12+dfsg/treeIO.c:789:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/raxml-8.2.12+dfsg/treeIO.c:799:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/raxml-8.2.12+dfsg/treeIO.c:808:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/raxml-8.2.12+dfsg/treeIO.c:887:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (n > 0 && ((ch = getc(fp1)) != EOF)) data/raxml-8.2.12+dfsg/treeIO.c:953:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if((ch = getc(fp)) != EOF) data/raxml-8.2.12+dfsg/treeIO.c:962:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if((ch = getc(fp)) != ']') ANALYSIS SUMMARY: Hits = 901 Lines analyzed = 76921 in approximately 1.86 seconds (41313 lines/second) Physical Source Lines of Code (SLOC) = 57729 Hits@level = [0] 1441 [1] 85 [2] 541 [3] 1 [4] 274 [5] 0 Hits@level+ = [0+] 2342 [1+] 901 [2+] 816 [3+] 275 [4+] 274 [5+] 0 Hits/KSLOC@level+ = [0+] 40.5689 [1+] 15.6074 [2+] 14.135 [3+] 4.76364 [4+] 4.74631 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.