Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rsem-1.3.3+dfsg/AlignerRefSeqPolicy.h
Examining data/rsem-1.3.3+dfsg/BamConverter.h
Examining data/rsem-1.3.3+dfsg/BamWriter.h
Examining data/rsem-1.3.3+dfsg/Buffer.h
Examining data/rsem-1.3.3+dfsg/EBSeq/calcClusteringInfo.cpp
Examining data/rsem-1.3.3+dfsg/EM.cpp
Examining data/rsem-1.3.3+dfsg/GTFItem.h
Examining data/rsem-1.3.3+dfsg/Gibbs.cpp
Examining data/rsem-1.3.3+dfsg/GroupInfo.h
Examining data/rsem-1.3.3+dfsg/HitContainer.h
Examining data/rsem-1.3.3+dfsg/HitWrapper.h
Examining data/rsem-1.3.3+dfsg/LenDist.h
Examining data/rsem-1.3.3+dfsg/Model.h
Examining data/rsem-1.3.3+dfsg/ModelParams.h
Examining data/rsem-1.3.3+dfsg/NoiseProfile.h
Examining data/rsem-1.3.3+dfsg/NoiseQProfile.h
Examining data/rsem-1.3.3+dfsg/Orientation.h
Examining data/rsem-1.3.3+dfsg/PairedEndHit.h
Examining data/rsem-1.3.3+dfsg/PairedEndModel.h
Examining data/rsem-1.3.3+dfsg/PairedEndQModel.h
Examining data/rsem-1.3.3+dfsg/PairedEndRead.h
Examining data/rsem-1.3.3+dfsg/PairedEndReadQ.h
Examining data/rsem-1.3.3+dfsg/PolyARules.h
Examining data/rsem-1.3.3+dfsg/Profile.h
Examining data/rsem-1.3.3+dfsg/QProfile.h
Examining data/rsem-1.3.3+dfsg/QualDist.h
Examining data/rsem-1.3.3+dfsg/RSPD.h
Examining data/rsem-1.3.3+dfsg/Read.h
Examining data/rsem-1.3.3+dfsg/ReadIndex.h
Examining data/rsem-1.3.3+dfsg/ReadReader.h
Examining data/rsem-1.3.3+dfsg/RefSeq.h
Examining data/rsem-1.3.3+dfsg/RefSeqPolicy.h
Examining data/rsem-1.3.3+dfsg/Refs.h
Examining data/rsem-1.3.3+dfsg/SamHeader.cpp
Examining data/rsem-1.3.3+dfsg/SamHeader.hpp
Examining data/rsem-1.3.3+dfsg/SamParser.h
Examining data/rsem-1.3.3+dfsg/SingleHit.h
Examining data/rsem-1.3.3+dfsg/SingleModel.h
Examining data/rsem-1.3.3+dfsg/SingleQModel.h
Examining data/rsem-1.3.3+dfsg/SingleRead.h
Examining data/rsem-1.3.3+dfsg/SingleReadQ.h
Examining data/rsem-1.3.3+dfsg/Transcript.h
Examining data/rsem-1.3.3+dfsg/Transcripts.h
Examining data/rsem-1.3.3+dfsg/WriteResults.h
Examining data/rsem-1.3.3+dfsg/bam2readdepth.cpp
Examining data/rsem-1.3.3+dfsg/bam2wig.cpp
Examining data/rsem-1.3.3+dfsg/bc_aux.h
Examining data/rsem-1.3.3+dfsg/buildReadIndex.cpp
Examining data/rsem-1.3.3+dfsg/calcCI.cpp
Examining data/rsem-1.3.3+dfsg/extractRef.cpp
Examining data/rsem-1.3.3+dfsg/getUnique.cpp
Examining data/rsem-1.3.3+dfsg/my_assert.h
Examining data/rsem-1.3.3+dfsg/pRSEM/filterSam2Bed.c
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAux.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamIndex.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamIndex.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamMultiReader.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamMultiReader.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamReader.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamReader.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamReader_p.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamReader_p.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamStandardIndex_p.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamStandardIndex_p.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamToolsIndex_p.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamToolsIndex_p.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamWriter.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamWriter.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamWriter_p.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamWriter_p.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/api_global.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bamread.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bamtools_global.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/cdensum.c
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/const.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/maqmap.c
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/maqmap.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/maqread.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/pc.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/peaks.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/wdl.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAux.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamIndex.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamIndex.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamMultiReader.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamMultiReader.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamReader.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamReader.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamReader_p.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamReader_p.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamStandardIndex_p.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamStandardIndex_p.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamToolsIndex_p.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamToolsIndex_p.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamWriter.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamWriter.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamWriter_p.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamWriter_p.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/api_global.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bamread.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bamtools_global.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/cdensum.c
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/const.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/maqmap.c
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/maqmap.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/maqread.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/pc.h
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/peaks.cpp
Examining data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/wdl.cpp
Examining data/rsem-1.3.3+dfsg/parseIt.cpp
Examining data/rsem-1.3.3+dfsg/preRef.cpp
Examining data/rsem-1.3.3+dfsg/samValidator.cpp
Examining data/rsem-1.3.3+dfsg/sam_utils.h
Examining data/rsem-1.3.3+dfsg/sampling.h
Examining data/rsem-1.3.3+dfsg/scanForPairedEndReads.cpp
Examining data/rsem-1.3.3+dfsg/simul.h
Examining data/rsem-1.3.3+dfsg/simulation.cpp
Examining data/rsem-1.3.3+dfsg/synthesisRef.cpp
Examining data/rsem-1.3.3+dfsg/tbam2gbam.cpp
Examining data/rsem-1.3.3+dfsg/utils.h
Examining data/rsem-1.3.3+dfsg/wiggle.cpp
Examining data/rsem-1.3.3+dfsg/wiggle.h
FINAL RESULTS:
data/rsem-1.3.3+dfsg/EM.cpp:127:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(datF, "%s.dat", imdName);
data/rsem-1.3.3+dfsg/EM.cpp:282:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(modelF, "%s.model", statName);
data/rsem-1.3.3+dfsg/EM.cpp:435:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out_for_gibbs_F, "%s.ofg", imdName);
data/rsem-1.3.3+dfsg/EM.cpp:484:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(thetaF, "%s.theta", statName);
data/rsem-1.3.3+dfsg/EM.cpp:505:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outBamF, "%s.transcript.bam", outName);
data/rsem-1.3.3+dfsg/EM.cpp:563:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(refName, argv[1]);
data/rsem-1.3.3+dfsg/EM.cpp:565:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outName, argv[3]);
data/rsem-1.3.3+dfsg/EM.cpp:566:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imdName, argv[4]);
data/rsem-1.3.3+dfsg/EM.cpp:567:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(statName, argv[5]);
data/rsem-1.3.3+dfsg/EM.cpp:582:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inpSamF, argv[i + 1]);
data/rsem-1.3.3+dfsg/EM.cpp:600:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(refF, "%s.seq", refName);
data/rsem-1.3.3+dfsg/EM.cpp:604:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tiF, "%s.ti", refName);
data/rsem-1.3.3+dfsg/EM.cpp:607:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cntF, "%s.cnt", statName);
data/rsem-1.3.3+dfsg/EM.cpp:619:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(thetaF, "%s.theta", statName);
data/rsem-1.3.3+dfsg/EM.cpp:622:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(modelF, "%s.model", statName);
data/rsem-1.3.3+dfsg/EM.cpp:631:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outBamF, "%s.transcript.bam", outName);
data/rsem-1.3.3+dfsg/EM.cpp:633:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "cp %s %s", inpSamF, outBamF);
data/rsem-1.3.3+dfsg/EM.cpp:635:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/rsem-1.3.3+dfsg/EM.cpp:647:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mparamsF, "%s.mparams", imdName);
data/rsem-1.3.3+dfsg/Gibbs.cpp:107:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(refF, "%s.seq", refName);
data/rsem-1.3.3+dfsg/Gibbs.cpp:112:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ofgF, "%s.ofg", imdName);
data/rsem-1.3.3+dfsg/Gibbs.cpp:141:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(groupF, "%s.grp", refName);
data/rsem-1.3.3+dfsg/Gibbs.cpp:157:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(omitF, "%s.omit", imdName);
data/rsem-1.3.3+dfsg/Gibbs.cpp:214:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cvsF, "%s.countvectors", imdName);
data/rsem-1.3.3+dfsg/Gibbs.cpp:225:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s%d", cvsF, i);
data/rsem-1.3.3+dfsg/Gibbs.cpp:439:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(refName, argv[1]);
data/rsem-1.3.3+dfsg/Gibbs.cpp:440:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imdName, argv[2]);
data/rsem-1.3.3+dfsg/Gibbs.cpp:441:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(statName, argv[3]);
data/rsem-1.3.3+dfsg/Gibbs.cpp:470:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fprior, argv[i+1]);
data/rsem-1.3.3+dfsg/Gibbs.cpp:495:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(modelF, "%s.model", statName);
data/rsem-1.3.3+dfsg/ReadIndex.h:25:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indexF, "%s.ridx", readF);
data/rsem-1.3.3+dfsg/SamHeader.hpp:58:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(h->text, text.c_str());
data/rsem-1.3.3+dfsg/SamParser.h:47:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rtTag, tag);
data/rsem-1.3.3+dfsg/Transcripts.h:137:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(omitF, "%s.omit", imdName);
data/rsem-1.3.3+dfsg/WriteResults.h:110:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gtF, "%s.gt", refName);
data/rsem-1.3.3+dfsg/WriteResults.h:111:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(taF, "%s.ta", refName);
data/rsem-1.3.3+dfsg/WriteResults.h:138:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(groupF, "%s.grp", refName);
data/rsem-1.3.3+dfsg/WriteResults.h:225:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.iso_res", imdName);
data/rsem-1.3.3+dfsg/WriteResults.h:259:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.allele_res", imdName);
data/rsem-1.3.3+dfsg/WriteResults.h:290:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.iso_res", imdName);
data/rsem-1.3.3+dfsg/WriteResults.h:316:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.gene_res", imdName);
data/rsem-1.3.3+dfsg/WriteResults.h:409:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.iso_res", imdName);
data/rsem-1.3.3+dfsg/WriteResults.h:427:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.allele_res", imdName);
data/rsem-1.3.3+dfsg/WriteResults.h:446:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.iso_res", imdName);
data/rsem-1.3.3+dfsg/WriteResults.h:464:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.gene_res", imdName);
data/rsem-1.3.3+dfsg/WriteResults.h:490:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(groupF, "%s.grp", refName);
data/rsem-1.3.3+dfsg/WriteResults.h:584:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.sim.alleles.results", outFN);
data/rsem-1.3.3+dfsg/WriteResults.h:596:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.sim.isoforms.results", outFN);
data/rsem-1.3.3+dfsg/WriteResults.h:616:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.sim.genes.results", outFN);
data/rsem-1.3.3+dfsg/buildReadIndex.cpp:25:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(idxF, "%s.ridx", readF);
data/rsem-1.3.3+dfsg/calcCI.cpp:183:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(inpF, "%s%d", cvsF, i);
data/rsem-1.3.3+dfsg/calcCI.cpp:446:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
alleleS ? sprintf(outF, "%s.allele_res", imdName) : sprintf(outF, "%s.iso_res", imdName);
data/rsem-1.3.3+dfsg/calcCI.cpp:446:54: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
alleleS ? sprintf(outF, "%s.allele_res", imdName) : sprintf(outF, "%s.iso_res", imdName);
data/rsem-1.3.3+dfsg/calcCI.cpp:464:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.iso_res", imdName);
data/rsem-1.3.3+dfsg/calcCI.cpp:482:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outF, "%s.gene_res", imdName);
data/rsem-1.3.3+dfsg/calcCI.cpp:516:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(refName, argv[1]);
data/rsem-1.3.3+dfsg/calcCI.cpp:517:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(imdName, argv[2]);
data/rsem-1.3.3+dfsg/calcCI.cpp:518:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(statName, argv[3]);
data/rsem-1.3.3+dfsg/calcCI.cpp:542:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(refF, "%s.seq", refName);
data/rsem-1.3.3+dfsg/calcCI.cpp:546:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(groupF, "%s.grp", refName);
data/rsem-1.3.3+dfsg/calcCI.cpp:558:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpF, "%s.tmp", imdName);
data/rsem-1.3.3+dfsg/calcCI.cpp:559:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cvsF, "%s.countvectors", imdName);
data/rsem-1.3.3+dfsg/calcCI.cpp:561:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(modelF, "%s.model", statName);
data/rsem-1.3.3+dfsg/extractRef.cpp:260:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(groupF, "%s.grp", refName);
data/rsem-1.3.3+dfsg/extractRef.cpp:261:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tiF, "%s.ti", refName);
data/rsem-1.3.3+dfsg/extractRef.cpp:262:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(refFastaF, "%s.transcripts.fa", refName);
data/rsem-1.3.3+dfsg/extractRef.cpp:263:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(chromListF, "%s.chrlist", refName);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:130:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(originalTagData + tagDataLength, newTag.data()); // removes original null-term, appends newTag + null-term
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:166:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(originalTagData + tagDataLength, newTag.data());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:207:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(originalTagData + tagDataLength, newTag.data());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:130:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(originalTagData + tagDataLength, newTag.data()); // removes original null-term, appends newTag + null-term
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:166:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(originalTagData + tagDataLength, newTag.data());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:207:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(originalTagData + tagDataLength, newTag.data());
data/rsem-1.3.3+dfsg/parseIt.cpp:185:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(groupF, "%s.grp", argv[1]);
data/rsem-1.3.3+dfsg/parseIt.cpp:187:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tiF, "%s.ti", argv[1]);
data/rsem-1.3.3+dfsg/parseIt.cpp:190:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(datF, "%s.dat", argv[2]);
data/rsem-1.3.3+dfsg/parseIt.cpp:191:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cntF, "%s.cnt", argv[3]);
data/rsem-1.3.3+dfsg/preRef.cpp:58:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!strcmp(argv[i], "-f")) { strcpy(exceptionF, argv[i + 1]); }
data/rsem-1.3.3+dfsg/preRef.cpp:70:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(refF, "%s.seq", argv[3]);
data/rsem-1.3.3+dfsg/preRef.cpp:73:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(idxF, "%s.idx.fa", argv[3]);
data/rsem-1.3.3+dfsg/preRef.cpp:81:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(n2g_idxF, "%s.n2g.idx.fa", argv[3]);
data/rsem-1.3.3+dfsg/simulation.cpp:64:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outReadF[0], "%s.fa", outFN);
data/rsem-1.3.3+dfsg/simulation.cpp:68:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outReadF[0], "%s.fq", outFN);
data/rsem-1.3.3+dfsg/simulation.cpp:73:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outReadF[i], "%s_%d.fa", outFN, i + 1);
data/rsem-1.3.3+dfsg/simulation.cpp:78:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outReadF[i], "%s_%d.fq", outFN, i + 1);
data/rsem-1.3.3+dfsg/simulation.cpp:188:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(refName, argv[1]);
data/rsem-1.3.3+dfsg/simulation.cpp:193:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(refF, "%s.seq", argv[1]);
data/rsem-1.3.3+dfsg/simulation.cpp:196:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tiF, "%s.ti", argv[1]);
data/rsem-1.3.3+dfsg/synthesisRef.cpp:77:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tiF, "%s.ti", refName);
data/rsem-1.3.3+dfsg/synthesisRef.cpp:98:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(groupF, "%s.grp", refName);
data/rsem-1.3.3+dfsg/synthesisRef.cpp:105:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gtF, "%s.gt", refName);
data/rsem-1.3.3+dfsg/synthesisRef.cpp:109:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(taF, "%s.ta", refName);
data/rsem-1.3.3+dfsg/synthesisRef.cpp:116:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(refFastaF, "%s.transcripts.fa", refName);
data/rsem-1.3.3+dfsg/tbam2gbam.cpp:25:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tiF, "%s.ti", argv[1]);
data/rsem-1.3.3+dfsg/tbam2gbam.cpp:26:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(chr_list, "%s.chrlist", argv[1]);
data/rsem-1.3.3+dfsg/utils.h:142:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(readFs[0], "%s_%s.%s", readFN, tags[tagType], suffix);
data/rsem-1.3.3+dfsg/utils.h:146:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(readFs[0], "%s_%s_1.%s", readFN, tags[tagType], suffix);
data/rsem-1.3.3+dfsg/utils.h:147:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(readFs[1], "%s_%s_2.%s", readFN, tags[tagType], suffix);
data/rsem-1.3.3+dfsg/Orientation.h:36:50: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int simulate(simul* sampler) { return (sampler->random() < prob[0] ? 0 : 1); }
data/rsem-1.3.3+dfsg/RSPD.h:197:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return int(sampler->random() * effL);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/maqmap.c:137:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "bN")) >= 0) {
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/maqmap.c:137:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "bN")) >= 0) {
data/rsem-1.3.3+dfsg/sampling.h:13:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::mt19937 engine_type;
data/rsem-1.3.3+dfsg/sampling.h:14:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::uniform_01<> uniform_01_dist;
data/rsem-1.3.3+dfsg/sampling.h:15:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::gamma_distribution<> gamma_dist;
data/rsem-1.3.3+dfsg/sampling.h:16:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::variate_generator<engine_type&, uniform_01_dist> uniform_01_generator;
data/rsem-1.3.3+dfsg/sampling.h:17:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::variate_generator<engine_type&, gamma_dist> gamma_generator;
data/rsem-1.3.3+dfsg/simul.h:11:61: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
simul(unsigned int seed) : engine(seed), rg(engine, boost::random::uniform_01<>()) {
data/rsem-1.3.3+dfsg/simul.h:19:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double prb = random() * arr[len - 1];
data/rsem-1.3.3+dfsg/simul.h:31:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
l = int(random() * len);
data/rsem-1.3.3+dfsg/simul.h:37:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double random() { return rg(); };
data/rsem-1.3.3+dfsg/simul.h:40:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::mt19937 engine;
data/rsem-1.3.3+dfsg/simul.h:41:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::variate_generator<boost::random::mt19937&, boost::random::uniform_01<> > rg;
data/rsem-1.3.3+dfsg/simul.h:41:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::variate_generator<boost::random::mt19937&, boost::random::uniform_01<> > rg;
data/rsem-1.3.3+dfsg/simul.h:41:67: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::variate_generator<boost::random::mt19937&, boost::random::uniform_01<> > rg;
data/rsem-1.3.3+dfsg/BamConverter.h:203:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_aux_get(tmp_b, "ZW") + 1, (uint8_t*)&(prb), bam_aux_type2size('f'));
data/rsem-1.3.3+dfsg/BamConverter.h:210:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (p != NULL) memcpy(bam_aux_get(tmp_b2, "ZW") + 1, (uint8_t*)&(prb), bam_aux_type2size('f'));
data/rsem-1.3.3+dfsg/BamWriter.h:44:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1, (uint8_t*)&(val), bam_aux_type2size('f'));
data/rsem-1.3.3+dfsg/Buffer.h:24:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ftmpOut.open(tmpF, std::ios::binary);
data/rsem-1.3.3+dfsg/Buffer.h:45:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + cpos, vec, FLOATSIZE * vlen);
data/rsem-1.3.3+dfsg/EBSeq/calcClusteringInfo.cpp:98:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(argv[1]);
data/rsem-1.3.3+dfsg/EM.cpp:73:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refName[STRLEN], outName[STRLEN];
data/rsem-1.3.3+dfsg/EM.cpp:74:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imdName[STRLEN], statName[STRLEN];
data/rsem-1.3.3+dfsg/EM.cpp:75:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refF[STRLEN], cntF[STRLEN], tiF[STRLEN];
data/rsem-1.3.3+dfsg/EM.cpp:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mparamsF[STRLEN];
data/rsem-1.3.3+dfsg/EM.cpp:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modelF[STRLEN], thetaF[STRLEN];
data/rsem-1.3.3+dfsg/EM.cpp:79:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inpSamF[STRLEN], outBamF[STRLEN], *aux;
data/rsem-1.3.3+dfsg/EM.cpp:81:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_for_gibbs_F[STRLEN];
data/rsem-1.3.3+dfsg/EM.cpp:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datF[STRLEN];
data/rsem-1.3.3+dfsg/EM.cpp:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readFs[2][STRLEN];
data/rsem-1.3.3+dfsg/EM.cpp:128:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(datF);
data/rsem-1.3.3+dfsg/EM.cpp:485:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(thetaF, "w");
data/rsem-1.3.3+dfsg/EM.cpp:564:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
read_type = atoi(argv[2]);
data/rsem-1.3.3+dfsg/EM.cpp:579:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!strcmp(argv[i], "-p")) { nThreads = atoi(argv[i + 1]); }
data/rsem-1.3.3+dfsg/EM.cpp:583:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(argv[i + 2]) == 1) aux = argv[i + 3];
data/rsem-1.3.3+dfsg/EM.cpp:608:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(cntF);
data/rsem-1.3.3+dfsg/EM.cpp:620:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(thetaF, "w");
data/rsem-1.3.3+dfsg/EM.cpp:623:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(modelF, "w");
data/rsem-1.3.3+dfsg/EM.cpp:632:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1005];
data/rsem-1.3.3+dfsg/EM.cpp:648:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(mparamsF);
data/rsem-1.3.3+dfsg/GTFItem.h:59:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = atoi(tmp.c_str());
data/rsem-1.3.3+dfsg/GTFItem.h:61:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = atoi(tmp.c_str());
data/rsem-1.3.3+dfsg/Gibbs.cpp:57:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refName[STRLEN], imdName[STRLEN], statName[STRLEN];
data/rsem-1.3.3+dfsg/Gibbs.cpp:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thetaF[STRLEN], ofgF[STRLEN], refF[STRLEN], modelF[STRLEN];
data/rsem-1.3.3+dfsg/Gibbs.cpp:59:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvsF[STRLEN];
data/rsem-1.3.3+dfsg/Gibbs.cpp:86:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupF[STRLEN];
data/rsem-1.3.3+dfsg/Gibbs.cpp:97:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fprior[STRLEN];
data/rsem-1.3.3+dfsg/Gibbs.cpp:113:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(ofgF);
data/rsem-1.3.3+dfsg/Gibbs.cpp:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char omitF[STRLEN];
data/rsem-1.3.3+dfsg/Gibbs.cpp:158:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fi = fopen(omitF, "r");
data/rsem-1.3.3+dfsg/Gibbs.cpp:175:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(fprior);
data/rsem-1.3.3+dfsg/Gibbs.cpp:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mw, model.getMW(), sizeof(double) * (M + 1)); // otherwise, after exiting this procedure, mw becomes undefined
data/rsem-1.3.3+dfsg/Gibbs.cpp:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outF[STRLEN];
data/rsem-1.3.3+dfsg/Gibbs.cpp:226:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
paramsArray[i].fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/Gibbs.cpp:443:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
BURNIN = atoi(argv[4]);
data/rsem-1.3.3+dfsg/Gibbs.cpp:444:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
NSAMPLES = atoi(argv[5]);
data/rsem-1.3.3+dfsg/Gibbs.cpp:445:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GAP = atoi(argv[6]);
data/rsem-1.3.3+dfsg/Gibbs.cpp:457:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!strcmp(argv[i], "-p")) nThreads = atoi(argv[i + 1]);
data/rsem-1.3.3+dfsg/Gibbs.cpp:496:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fi = fopen(modelF, "r");
data/rsem-1.3.3+dfsg/GroupInfo.h:35:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fi = fopen(groupF, "r");
data/rsem-1.3.3+dfsg/LenDist.h:105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdf, rv.pdf, sizeof(double) * (span + 1));
data/rsem-1.3.3+dfsg/LenDist.h:106:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdf, rv.cdf, sizeof(double) * (span + 1));
data/rsem-1.3.3+dfsg/LenDist.h:249:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdf, this->pdf, sizeof(double) * (span + 1));
data/rsem-1.3.3+dfsg/LenDist.h:251:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdf, this->cdf, sizeof(double) * (span + 1));
data/rsem-1.3.3+dfsg/NoiseProfile.h:55:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, rv.c, sizeof(rv.c));
data/rsem-1.3.3+dfsg/NoiseProfile.h:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, rv.p, sizeof(rv.p));
data/rsem-1.3.3+dfsg/NoiseQProfile.h:58:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, rv.c, sizeof(rv.c));
data/rsem-1.3.3+dfsg/NoiseQProfile.h:59:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, rv.p, sizeof(rv.p));
data/rsem-1.3.3+dfsg/Orientation.h:19:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prob, rv.prob, sizeof(rv.prob));
data/rsem-1.3.3+dfsg/PairedEndModel.h:55:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(N, params.N, sizeof(params.N));
data/rsem-1.3.3+dfsg/PairedEndModel.h:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readFs[2][STRLEN];
data/rsem-1.3.3+dfsg/PairedEndModel.h:308:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fi = fopen(inpF, "r");
data/rsem-1.3.3+dfsg/PairedEndModel.h:335:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/PairedEndQModel.h:57:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(N, params.N, sizeof(params.N));
data/rsem-1.3.3+dfsg/PairedEndQModel.h:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readFs[2][STRLEN];
data/rsem-1.3.3+dfsg/PairedEndQModel.h:318:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fi = fopen(inpF, "r");
data/rsem-1.3.3+dfsg/PairedEndQModel.h:347:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/Profile.h:82:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, rv.p, sizeof(double) * rv.size);
data/rsem-1.3.3+dfsg/QProfile.h:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, rv.p, sizeof(rv.p));
data/rsem-1.3.3+dfsg/QualDist.h:48:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p_init, rv.p_init, sizeof(rv.p_init));
data/rsem-1.3.3+dfsg/QualDist.h:49:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p_tran, rv.p_tran, sizeof(rv.p_tran));
data/rsem-1.3.3+dfsg/RSPD.h:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdf, rv.pdf, sizeof(double) * (B + 2));
data/rsem-1.3.3+dfsg/RSPD.h:105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdf, rv.cdf, sizeof(double) * (B + 2));
data/rsem-1.3.3+dfsg/ReadIndex.h:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indexF[STRLEN];
data/rsem-1.3.3+dfsg/ReadIndex.h:26:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(indexF, std::ios::binary);
data/rsem-1.3.3+dfsg/Refs.h:94:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(inpF);
data/rsem-1.3.3+dfsg/Refs.h:122:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(inpF);
data/rsem-1.3.3+dfsg/Refs.h:150:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(outF);
data/rsem-1.3.3+dfsg/SamParser.h:60:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rtTag[STRLEN];
data/rsem-1.3.3+dfsg/SingleModel.h:56:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(N, params.N, sizeof(params.N));
data/rsem-1.3.3+dfsg/SingleModel.h:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readFs[2][STRLEN];
data/rsem-1.3.3+dfsg/SingleModel.h:340:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fi = fopen(inpF, "r");
data/rsem-1.3.3+dfsg/SingleModel.h:371:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/SingleQModel.h:58:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(N, params.N, sizeof(params.N));
data/rsem-1.3.3+dfsg/SingleQModel.h:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readFs[2][STRLEN];
data/rsem-1.3.3+dfsg/SingleQModel.h:352:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fi = fopen(inpF, "r");
data/rsem-1.3.3+dfsg/SingleQModel.h:384:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/Transcripts.h:136:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char omitF[STRLEN];
data/rsem-1.3.3+dfsg/Transcripts.h:138:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fo = fopen(omitF, "w");
data/rsem-1.3.3+dfsg/WriteResults.h:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gtF[STRLEN], taF[STRLEN];
data/rsem-1.3.3+dfsg/WriteResults.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outF[STRLEN];
data/rsem-1.3.3+dfsg/WriteResults.h:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupF[STRLEN];
data/rsem-1.3.3+dfsg/WriteResults.h:226:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/WriteResults.h:260:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/WriteResults.h:291:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/WriteResults.h:317:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/WriteResults.h:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outF[STRLEN];
data/rsem-1.3.3+dfsg/WriteResults.h:410:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "a");
data/rsem-1.3.3+dfsg/WriteResults.h:428:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "a");
data/rsem-1.3.3+dfsg/WriteResults.h:447:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "a");
data/rsem-1.3.3+dfsg/WriteResults.h:465:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "a");
data/rsem-1.3.3+dfsg/WriteResults.h:482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outF[STRLEN];
data/rsem-1.3.3+dfsg/WriteResults.h:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupF[STRLEN];
data/rsem-1.3.3+dfsg/WriteResults.h:585:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/WriteResults.h:597:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/WriteResults.h:617:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "w");
data/rsem-1.3.3+dfsg/buildReadIndex.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idxF[STRLEN];
data/rsem-1.3.3+dfsg/buildReadIndex.cpp:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(nReads) + sizeof(gap) + sizeof(nPos)];
data/rsem-1.3.3+dfsg/buildReadIndex.cpp:78:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gap = atoi(argv[1]);
data/rsem-1.3.3+dfsg/buildReadIndex.cpp:79:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hasQ = atoi(argv[2]);
data/rsem-1.3.3+dfsg/buildReadIndex.cpp:80:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = !atoi(argv[3]);
data/rsem-1.3.3+dfsg/calcCI.cpp:61:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvsF[STRLEN], tmpF[STRLEN], command[STRLEN];
data/rsem-1.3.3+dfsg/calcCI.cpp:70:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refName[STRLEN], imdName[STRLEN], statName[STRLEN];
data/rsem-1.3.3+dfsg/calcCI.cpp:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modelF[STRLEN], groupF[STRLEN], refF[STRLEN];
data/rsem-1.3.3+dfsg/calcCI.cpp:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inpF[STRLEN];
data/rsem-1.3.3+dfsg/calcCI.cpp:184:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
paramsArray[i].fi = fopen(inpF, "r");
data/rsem-1.3.3+dfsg/calcCI.cpp:302:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(tmpF, ios::binary);
data/rsem-1.3.3+dfsg/calcCI.cpp:389:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outF[STRLEN];
data/rsem-1.3.3+dfsg/calcCI.cpp:447:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "a");
data/rsem-1.3.3+dfsg/calcCI.cpp:465:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "a");
data/rsem-1.3.3+dfsg/calcCI.cpp:483:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(outF, "a");
data/rsem-1.3.3+dfsg/calcCI.cpp:521:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nCV = atoi(argv[5]);
data/rsem-1.3.3+dfsg/calcCI.cpp:522:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nSpC = atoi(argv[6]);
data/rsem-1.3.3+dfsg/calcCI.cpp:523:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nMB = atoi(argv[7]);
data/rsem-1.3.3+dfsg/calcCI.cpp:530:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!strcmp(argv[i], "-p")) nThreads = atoi(argv[i + 1]);
data/rsem-1.3.3+dfsg/calcCI.cpp:562:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fi = fopen(modelF, "r");
data/rsem-1.3.3+dfsg/extractRef.cpp:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupF[STRLEN], tiF[STRLEN], refFastaF[STRLEN];
data/rsem-1.3.3+dfsg/extractRef.cpp:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chromListF[STRLEN];
data/rsem-1.3.3+dfsg/extractRef.cpp:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mappingFile[STRLEN];
data/rsem-1.3.3+dfsg/extractRef.cpp:266:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(groupF);
data/rsem-1.3.3+dfsg/extractRef.cpp:275:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(chromListF);
data/rsem-1.3.3+dfsg/extractRef.cpp:283:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(refFastaF);
data/rsem-1.3.3+dfsg/extractRef.cpp:306:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc < 7 || ((hasMappingFile = atoi(argv[5])) && argc < 8)) {
data/rsem-1.3.3+dfsg/extractRef.cpp:311:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = !atoi(argv[2]);
data/rsem-1.3.3+dfsg/extractRef.cpp:332:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(argv[i]);
data/rsem-1.3.3+dfsg/getUnique.cpp:38:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nThreads = atoi(argv[1]);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.cpp:162:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(UncompressedBlock, UncompressedBlock + inputLength, remaining);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.cpp:243:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Stream = fopen(filename.c_str(), mode);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.cpp:282:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, buffer + BlockOffset, copyLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.cpp:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[BLOCK_HEADER_LENGTH];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.cpp:322:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(compressedBlock, header, BLOCK_HEADER_LENGTH);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.cpp:387:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + BlockOffset, input, copyLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:185:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { double value; unsigned char valueBuffer[sizeof(double)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:200:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { double value; unsigned char valueBuffer[sizeof(double)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:216:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { float value; unsigned char valueBuffer[sizeof(float)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:227:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { float value; unsigned char valueBuffer[sizeof(float)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:239:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed int value; unsigned char valueBuffer[sizeof(signed int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:250:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed int value; unsigned char valueBuffer[sizeof(signed int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:262:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed short value; unsigned char valueBuffer[sizeof(signed short)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:271:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed short value; unsigned char valueBuffer[sizeof(signed short)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:281:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned int value; unsigned char valueBuffer[sizeof(unsigned int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:292:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned int value; unsigned char valueBuffer[sizeof(unsigned int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:304:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned short value; unsigned char valueBuffer[sizeof(unsigned short)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BGZF.h:313:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned short value; unsigned char valueBuffer[sizeof(unsigned short)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char originalTagData[newTagDataLength];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalTagData, TagData.c_str(), tagDataLength + 1); // '+1' for TagData null-term
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:156:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned int value; char valueBuffer[sizeof(unsigned int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char originalTagData[newTagDataLength];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:163:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalTagData, TagData.c_str(), tagDataLength + 1); // '+1' for TagData null-term
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:167:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalTagData + tagDataLength + newTag.size(), un.valueBuffer, sizeof(unsigned int));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:197:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { float value; char valueBuffer[sizeof(float)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char originalTagData[newTagDataLength];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:204:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalTagData, TagData.c_str(), tagDataLength + 1); // '+1' for TagData null-term
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalTagData + tagDataLength + newTag.size(), un.valueBuffer, sizeof(float));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:236:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newTagData[originalTagDataLength + value.size()];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:241:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData, pOriginalTagData, numBytesParsed);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:245:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + beginningTagDataLength, (char*)value.c_str(), dataLength+1 );
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:255:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + endTagOffset, pTagData, endTagDataLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:287:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newTagData[originalTagDataLength + sizeof(value)];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:292:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData, pOriginalTagData, numBytesParsed);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:295:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned int value; char valueBuffer[sizeof(unsigned int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:297:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + beginningTagDataLength, un.valueBuffer, sizeof(unsigned int));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:307:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + endTagOffset, pTagData, endTagDataLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:343:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newTagData[originalTagDataLength + sizeof(value)];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:348:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData, pOriginalTagData, numBytesParsed);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:351:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { float value; char valueBuffer[sizeof(float)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:353:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + beginningTagDataLength, un.valueBuffer, sizeof(float));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:363:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + endTagOffset, pTagData, endTagDataLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:405:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (char*)destination.data(), pTagData, dataLength );
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:466:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&destination, pTagData, destinationLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:531:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&destination, pTagData, destinationLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:597:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newTagData[originalTagDataLength];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:604:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData, pOriginalTagData, numBytesParsed);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:615:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + beginningTagDataLength, pTagData, endTagDataLength );
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamIndex.cpp:143:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_indexStream = fopen(filename.c_str(), mode.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamReader_p.cpp:218:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)bAlignment.TagData.data(), tagData, tagDataLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamReader_p.cpp:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamReader_p.cpp:504:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamReader_p.cpp:511:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[BAM_CORE_SIZE];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamReader_p.cpp:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamStandardIndex_p.cpp:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamToolsIndex_p.cpp:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamWriter_p.cpp:300:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cigarData, packedCigar.data(), packedCigarLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamWriter_p.cpp:328:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tagData, al.TagData.data(), tagDataLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:143:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fstart=atoi(str_start.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:145:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fend=atoi(str_end.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:278:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm=atoi((str_nm.c_str()+1));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:284:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len=atoi(str_len.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:287:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:397:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[1024];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:434:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:458:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm=atoi((str_nm.c_str()+1));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:464:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len=atoi(str_len.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:467:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:626:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:649:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm=atoi((str_nm.c_str()+1));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:661:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:676:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm1=atoi(nms.substr(0,nms.size()-1).c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:681:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm2=atoi(nms.substr(0,nms.size()-1).c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:819:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:847:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm=atoi((str_nm.c_str()+1));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:854:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1006:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1057:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1217:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1255:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm0=atoi(str_nm0.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1264:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm1=atoi(str_nm1.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1273:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm2=atoi(str_nm2.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1304:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(&lc)==nm) {
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1329:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pos=strand*atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1503:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1542:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1717:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1767:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len=atoi(str_tend.c_str())-atoi(str_tstart.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1767:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len=atoi(str_tend.c_str())-atoi(str_tstart.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1777:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=-1*atoi(str_endpos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1779:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=atoi(str_startpos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1783:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm=atoi(str_ndel.c_str())+atoi(str_nins.c_str())+atoi(str_nsub.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1783:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm=atoi(str_ndel.c_str())+atoi(str_nins.c_str())+atoi(str_nsub.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1783:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm=atoi(str_ndel.c_str())+atoi(str_nins.c_str())+atoi(str_nsub.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1943:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1964:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1970:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm=atoi(str_nm.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:1971:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len=atoi(str_len.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2121:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2148:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=atoi(str_spos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2150:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=-1*atoi(str_epos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2152:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm=atoi(str_qual.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2275:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2316:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm=atoi(str_mm.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2319:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_spos.c_str());;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2446:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2492:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=-1*atoi(str_endpos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2494:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=atoi(str_startpos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2501:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nblocks=atoi(str_nblocks.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2509:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int sgs=atoi(str_sgs.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2511:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int slen=atoi(str_slen.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:2513:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int snm=atoi(str_snm.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/maqmap.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAMELEN];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.cpp:162:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(UncompressedBlock, UncompressedBlock + inputLength, remaining);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.cpp:243:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Stream = fopen(filename.c_str(), mode);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.cpp:282:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, buffer + BlockOffset, copyLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.cpp:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[BLOCK_HEADER_LENGTH];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.cpp:322:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(compressedBlock, header, BLOCK_HEADER_LENGTH);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.cpp:387:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + BlockOffset, input, copyLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:185:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { double value; unsigned char valueBuffer[sizeof(double)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:200:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { double value; unsigned char valueBuffer[sizeof(double)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:216:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { float value; unsigned char valueBuffer[sizeof(float)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:227:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { float value; unsigned char valueBuffer[sizeof(float)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:239:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed int value; unsigned char valueBuffer[sizeof(signed int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:250:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed int value; unsigned char valueBuffer[sizeof(signed int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:262:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed short value; unsigned char valueBuffer[sizeof(signed short)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:271:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { signed short value; unsigned char valueBuffer[sizeof(signed short)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:281:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned int value; unsigned char valueBuffer[sizeof(unsigned int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:292:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned int value; unsigned char valueBuffer[sizeof(unsigned int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:304:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned short value; unsigned char valueBuffer[sizeof(unsigned short)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BGZF.h:313:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned short value; unsigned char valueBuffer[sizeof(unsigned short)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char originalTagData[newTagDataLength];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalTagData, TagData.c_str(), tagDataLength + 1); // '+1' for TagData null-term
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:156:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned int value; char valueBuffer[sizeof(unsigned int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char originalTagData[newTagDataLength];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:163:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalTagData, TagData.c_str(), tagDataLength + 1); // '+1' for TagData null-term
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:167:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalTagData + tagDataLength + newTag.size(), un.valueBuffer, sizeof(unsigned int));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:197:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { float value; char valueBuffer[sizeof(float)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char originalTagData[newTagDataLength];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:204:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalTagData, TagData.c_str(), tagDataLength + 1); // '+1' for TagData null-term
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(originalTagData + tagDataLength + newTag.size(), un.valueBuffer, sizeof(float));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:236:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newTagData[originalTagDataLength + value.size()];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:241:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData, pOriginalTagData, numBytesParsed);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:245:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + beginningTagDataLength, (char*)value.c_str(), dataLength+1 );
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:255:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + endTagOffset, pTagData, endTagDataLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:287:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newTagData[originalTagDataLength + sizeof(value)];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:292:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData, pOriginalTagData, numBytesParsed);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:295:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned int value; char valueBuffer[sizeof(unsigned int)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:297:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + beginningTagDataLength, un.valueBuffer, sizeof(unsigned int));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:307:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + endTagOffset, pTagData, endTagDataLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:343:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newTagData[originalTagDataLength + sizeof(value)];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:348:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData, pOriginalTagData, numBytesParsed);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:351:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { float value; char valueBuffer[sizeof(float)]; } un;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:353:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + beginningTagDataLength, un.valueBuffer, sizeof(float));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:363:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + endTagOffset, pTagData, endTagDataLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:405:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (char*)destination.data(), pTagData, dataLength );
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:466:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&destination, pTagData, destinationLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:531:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&destination, pTagData, destinationLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:597:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newTagData[originalTagDataLength];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:604:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData, pOriginalTagData, numBytesParsed);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:615:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newTagData + beginningTagDataLength, pTagData, endTagDataLength );
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamIndex.cpp:143:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_indexStream = fopen(filename.c_str(), mode.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamReader_p.cpp:218:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)bAlignment.TagData.data(), tagData, tagDataLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamReader_p.cpp:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamReader_p.cpp:504:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamReader_p.cpp:511:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[BAM_CORE_SIZE];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamReader_p.cpp:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamStandardIndex_p.cpp:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamToolsIndex_p.cpp:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamWriter_p.cpp:300:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cigarData, packedCigar.data(), packedCigarLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamWriter_p.cpp:328:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tagData, al.TagData.data(), tagDataLength);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:145:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fstart=atoi(str_start.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:147:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fend=atoi(str_end.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:280:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm=atoi((str_nm.c_str()+1));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:286:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len=atoi(str_len.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:289:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:399:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[1024];
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:436:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:460:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm=atoi((str_nm.c_str()+1));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:466:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len=atoi(str_len.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:469:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:628:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:651:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm=atoi((str_nm.c_str()+1));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:663:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:678:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm1=atoi(nms.substr(0,nms.size()-1).c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:683:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm2=atoi(nms.substr(0,nms.size()-1).c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:821:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:849:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm=atoi((str_nm.c_str()+1));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:856:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1008:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1059:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1219:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1257:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm0=atoi(str_nm0.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1266:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm1=atoi(str_nm1.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1275:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm2=atoi(str_nm2.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1306:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(&lc)==nm) {
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1331:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pos=strand*atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1505:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1544:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1719:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1769:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len=atoi(str_tend.c_str())-atoi(str_tstart.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1769:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len=atoi(str_tend.c_str())-atoi(str_tstart.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1779:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=-1*atoi(str_endpos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1781:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=atoi(str_startpos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1785:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm=atoi(str_ndel.c_str())+atoi(str_nins.c_str())+atoi(str_nsub.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1785:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm=atoi(str_ndel.c_str())+atoi(str_nins.c_str())+atoi(str_nsub.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1785:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm=atoi(str_ndel.c_str())+atoi(str_nins.c_str())+atoi(str_nsub.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1945:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1966:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_pos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1972:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm=atoi(str_nm.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:1973:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int len=atoi(str_len.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2123:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2150:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=atoi(str_spos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2152:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=-1*atoi(str_epos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2154:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nm=atoi(str_qual.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2277:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2318:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nm=atoi(str_mm.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2321:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fpos=atoi(str_spos.c_str());;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2448:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fname,"rb");
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2494:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=-1*atoi(str_endpos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2496:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fpos=atoi(str_startpos.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2503:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nblocks=atoi(str_nblocks.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2511:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int sgs=atoi(str_sgs.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2513:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int slen=atoi(str_slen.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:2515:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int snm=atoi(str_snm.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/maqmap.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAMELEN];
data/rsem-1.3.3+dfsg/parseIt.cpp:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupF[STRLEN], tiF[STRLEN];
data/rsem-1.3.3+dfsg/parseIt.cpp:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datF[STRLEN], cntF[STRLEN];
data/rsem-1.3.3+dfsg/parseIt.cpp:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readOutFs[3][2][STRLEN];
data/rsem-1.3.3+dfsg/parseIt.cpp:174:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
read_type = atoi(argv[5]);
data/rsem-1.3.3+dfsg/parseIt.cpp:195:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hit_out.open(datF);
data/rsem-1.3.3+dfsg/preRef.cpp:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refF[STRLEN], idxF[STRLEN], n2g_idxF[STRLEN];
data/rsem-1.3.3+dfsg/preRef.cpp:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exceptionF[STRLEN];
data/rsem-1.3.3+dfsg/preRef.cpp:50:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
polyAChoice = atoi(argv[2]);
data/rsem-1.3.3+dfsg/preRef.cpp:57:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!strcmp(argv[i], "-l")) { polyALen = atoi(argv[i + 1]); }
data/rsem-1.3.3+dfsg/preRef.cpp:74:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(idxF);
data/rsem-1.3.3+dfsg/preRef.cpp:82:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(n2g_idxF);
data/rsem-1.3.3+dfsg/scanForPairedEndReads.cpp:59:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nThreads = atoi(argv[1]);
data/rsem-1.3.3+dfsg/simulation.cpp:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outReadF[2][STRLEN];
data/rsem-1.3.3+dfsg/simulation.cpp:55:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refName[STRLEN];
data/rsem-1.3.3+dfsg/simulation.cpp:56:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refF[STRLEN], tiF[STRLEN];
data/rsem-1.3.3+dfsg/simulation.cpp:200:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fi = fopen(argv[2], "r");
data/rsem-1.3.3+dfsg/simulation.cpp:207:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[5]);
data/rsem-1.3.3+dfsg/synthesisRef.cpp:25:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupF[STRLEN], tiF[STRLEN], refFastaF[STRLEN];
data/rsem-1.3.3+dfsg/synthesisRef.cpp:26:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gtF[STRLEN], taF[STRLEN]; // group info between gene and transcript, transcript and allele
data/rsem-1.3.3+dfsg/synthesisRef.cpp:29:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mappingFile[STRLEN];
data/rsem-1.3.3+dfsg/synthesisRef.cpp:99:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(groupF);
data/rsem-1.3.3+dfsg/synthesisRef.cpp:106:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(gtF);
data/rsem-1.3.3+dfsg/synthesisRef.cpp:110:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(taF);
data/rsem-1.3.3+dfsg/synthesisRef.cpp:117:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(refFastaF);
data/rsem-1.3.3+dfsg/synthesisRef.cpp:146:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc < 5 || ((hasMappingFile = atoi(argv[3])) && argc < 6)) {
data/rsem-1.3.3+dfsg/synthesisRef.cpp:151:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = !atoi(argv[2]);
data/rsem-1.3.3+dfsg/synthesisRef.cpp:170:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(argv[i]);
data/rsem-1.3.3+dfsg/tbam2gbam.cpp:13:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tiF[STRLEN], chr_list[STRLEN];
data/rsem-1.3.3+dfsg/tbam2gbam.cpp:23:73: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc == 6) { assert(strcmp(argv[4], "-p") == 0); nThreads = atoi(argv[5]); }
data/rsem-1.3.3+dfsg/utils.h:130:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char tags[3][STRLEN] = {"un", "alignable", "max"};
data/rsem-1.3.3+dfsg/utils.h:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[STRLEN];
data/rsem-1.3.3+dfsg/utils.h:134:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(suffix, "fa");
data/rsem-1.3.3+dfsg/utils.h:137:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(suffix, "fq");
data/rsem-1.3.3+dfsg/wiggle.cpp:87:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(output_filename.c_str(), "w");
data/rsem-1.3.3+dfsg/BamConverter.h:259:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(mis);
data/rsem-1.3.3+dfsg/BamConverter.h:290:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mis, tmp, len);
data/rsem-1.3.3+dfsg/EM.cpp:147:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(hitvs[i]->read(fin), "Cannot read alignments from .dat file!");
data/rsem-1.3.3+dfsg/EM.cpp:188:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ReadType read;
data/rsem-1.3.3+dfsg/EM.cpp:201:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(reader->next(read), "Can not load a read!");
data/rsem-1.3.3+dfsg/EM.cpp:210:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (needCalcConPrb) { ncpv[i] = model->getNoiseConPrb(read); }
data/rsem-1.3.3+dfsg/EM.cpp:216:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (needCalcConPrb) { hit.setConPrb(model->getConPrb(read, hit)); }
data/rsem-1.3.3+dfsg/EM.cpp:226:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (updateModel) { mhp->updateNoise(read, fracs[0]); }
data/rsem-1.3.3+dfsg/EM.cpp:233:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (updateModel) { mhp->update(read, hit, fracs[id]); }
data/rsem-1.3.3+dfsg/EM.cpp:257:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ReadType read;
data/rsem-1.3.3+dfsg/EM.cpp:265:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(reader->next(read), "Can not load a read!");
data/rsem-1.3.3+dfsg/EM.cpp:270:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ncpv[i] = model->getNoiseConPrb(read);
data/rsem-1.3.3+dfsg/EM.cpp:273:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hit.setConPrb(model->getConPrb(read, hit));
data/rsem-1.3.3+dfsg/EM.cpp:590:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(argv[i + 1]);
data/rsem-1.3.3+dfsg/Gibbs.cpp:200:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
model.read(modelF);
data/rsem-1.3.3+dfsg/Gibbs.cpp:460:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(argv[i + 1]);
data/rsem-1.3.3+dfsg/HitContainer.h:27:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream&); // each time a read
data/rsem-1.3.3+dfsg/HitContainer.h:63:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool HitContainer<HitType>::read(std::istream& in) {
data/rsem-1.3.3+dfsg/HitContainer.h:70:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!hit.read(in)) return false;
data/rsem-1.3.3+dfsg/LenDist.h:82:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(FILE*);
data/rsem-1.3.3+dfsg/LenDist.h:218:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void LenDist::read(FILE *fi) {
data/rsem-1.3.3+dfsg/NoiseProfile.h:35:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(FILE*);
data/rsem-1.3.3+dfsg/NoiseProfile.h:119:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void NoiseProfile::read(FILE *fi) {
data/rsem-1.3.3+dfsg/NoiseQProfile.h:35:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(FILE*);
data/rsem-1.3.3+dfsg/NoiseQProfile.h:132:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void NoiseQProfile::read(FILE *fi) {
data/rsem-1.3.3+dfsg/Orientation.h:26:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(FILE* fi) {
data/rsem-1.3.3+dfsg/PairedEndHit.h:20:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream&);
data/rsem-1.3.3+dfsg/PairedEndHit.h:27:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PairedEndHit::read(std::istream& in) {
data/rsem-1.3.3+dfsg/PairedEndModel.h:90:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getConPrb(const PairedEndRead& read, const PairedEndHit& hit) {
data/rsem-1.3.3+dfsg/PairedEndModel.h:91:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality()) return 0.0;
data/rsem-1.3.3+dfsg/PairedEndModel.h:105:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(fpos >= 0, "The alignment of fragment " + read.getName() + " to transcript " + itos(sid) + " starts at " + itos(fpos) + \
data/rsem-1.3.3+dfsg/PairedEndModel.h:108:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(fpos + insertLen <= totLen,"Fragment " + read.getName() + " is hung over the end of transcript " + itos(sid) + "! " \
data/rsem-1.3.3+dfsg/PairedEndModel.h:110:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(insertLen <= totLen, "Fragment " + read.getName() + " has length " + itos(insertLen) + ", but it is aligned to transcript " \
data/rsem-1.3.3+dfsg/PairedEndModel.h:119:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleRead& mate1 = read.getMate1();
data/rsem-1.3.3+dfsg/PairedEndModel.h:123:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleRead& mate2 = read.getMate2();
data/rsem-1.3.3+dfsg/PairedEndModel.h:136:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getNoiseConPrb(const PairedEndRead& read) {
data/rsem-1.3.3+dfsg/PairedEndModel.h:137:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality()) return 0.0;
data/rsem-1.3.3+dfsg/PairedEndModel.h:139:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleRead& mate1 = read.getMate1();
data/rsem-1.3.3+dfsg/PairedEndModel.h:140:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleRead& mate2 = read.getMate2();
data/rsem-1.3.3+dfsg/PairedEndModel.h:156:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void update(const PairedEndRead& read, const PairedEndHit& hit, double frac) {
data/rsem-1.3.3+dfsg/PairedEndModel.h:157:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality() || frac < EPSILON) return;
data/rsem-1.3.3+dfsg/PairedEndModel.h:160:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleRead& mate1 = read.getMate1();
data/rsem-1.3.3+dfsg/PairedEndModel.h:161:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleRead& mate2 = read.getMate2();
data/rsem-1.3.3+dfsg/PairedEndModel.h:175:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void updateNoise(const PairedEndRead& read, double frac) {
data/rsem-1.3.3+dfsg/PairedEndModel.h:176:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality() || frac < EPSILON) return;
data/rsem-1.3.3+dfsg/PairedEndModel.h:178:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleRead& mate1 = read.getMate1();
data/rsem-1.3.3+dfsg/PairedEndModel.h:179:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleRead& mate2 = read.getMate2();
data/rsem-1.3.3+dfsg/PairedEndModel.h:192:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const char*);
data/rsem-1.3.3+dfsg/PairedEndModel.h:238:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
PairedEndRead read;
data/rsem-1.3.3+dfsg/PairedEndModel.h:249:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (reader.next(read)) {
data/rsem-1.3.3+dfsg/PairedEndModel.h:250:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SingleRead mate1 = read.getMate1();
data/rsem-1.3.3+dfsg/PairedEndModel.h:251:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SingleRead mate2 = read.getMate2();
data/rsem-1.3.3+dfsg/PairedEndModel.h:253:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read.isLowQuality()) {
data/rsem-1.3.3+dfsg/PairedEndModel.h:264:120: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fprintf(stderr, "Warning: Read %s is ignored due to at least one of the mates' length < seed length (= %d)!\n", read.getName().c_str(), seedLen);
data/rsem-1.3.3+dfsg/PairedEndModel.h:306:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void PairedEndModel::read(const char* inpF) {
data/rsem-1.3.3+dfsg/PairedEndModel.h:315:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ori->read(fi);
data/rsem-1.3.3+dfsg/PairedEndModel.h:316:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gld->read(fi);
data/rsem-1.3.3+dfsg/PairedEndModel.h:317:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mld->read(fi);
data/rsem-1.3.3+dfsg/PairedEndModel.h:318:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rspd->read(fi);
data/rsem-1.3.3+dfsg/PairedEndModel.h:319:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pro->read(fi);
data/rsem-1.3.3+dfsg/PairedEndModel.h:320:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
npro->read(fi);
data/rsem-1.3.3+dfsg/PairedEndModel.h:372:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PairedEndModel::simulate(READ_INT_TYPE rid, PairedEndRead& read, int& sid) {
data/rsem-1.3.3+dfsg/PairedEndQModel.h:94:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getConPrb(const PairedEndReadQ& read, const PairedEndHit& hit) {
data/rsem-1.3.3+dfsg/PairedEndQModel.h:95:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality()) return 0.0;
data/rsem-1.3.3+dfsg/PairedEndQModel.h:109:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(fpos >= 0, "The alignment of fragment " + read.getName() + " to transcript " + itos(sid) + " starts at " + itos(fpos) + \
data/rsem-1.3.3+dfsg/PairedEndQModel.h:112:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(fpos + insertLen <= totLen,"Fragment " + read.getName() + " is hung over the end of transcript " + itos(sid) + "! " \
data/rsem-1.3.3+dfsg/PairedEndQModel.h:114:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(insertLen <= totLen, "Fragment " + read.getName() + " has length " + itos(insertLen) + ", but it is aligned to transcript " \
data/rsem-1.3.3+dfsg/PairedEndQModel.h:122:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleReadQ& mate1 = read.getMate1();
data/rsem-1.3.3+dfsg/PairedEndQModel.h:126:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleReadQ& mate2 = read.getMate2();
data/rsem-1.3.3+dfsg/PairedEndQModel.h:140:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getNoiseConPrb(const PairedEndReadQ& read) {
data/rsem-1.3.3+dfsg/PairedEndQModel.h:141:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality()) return 0.0;
data/rsem-1.3.3+dfsg/PairedEndQModel.h:144:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleReadQ& mate1 = read.getMate1();
data/rsem-1.3.3+dfsg/PairedEndQModel.h:145:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleReadQ& mate2 = read.getMate2();
data/rsem-1.3.3+dfsg/PairedEndQModel.h:161:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void update(const PairedEndReadQ& read, const PairedEndHit& hit, double frac) {
data/rsem-1.3.3+dfsg/PairedEndQModel.h:162:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality() || frac < EPSILON) return;
data/rsem-1.3.3+dfsg/PairedEndQModel.h:165:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleReadQ& mate1 = read.getMate1();
data/rsem-1.3.3+dfsg/PairedEndQModel.h:166:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleReadQ& mate2 = read.getMate2();
data/rsem-1.3.3+dfsg/PairedEndQModel.h:180:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void updateNoise(const PairedEndReadQ& read, double frac) {
data/rsem-1.3.3+dfsg/PairedEndQModel.h:181:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality() || frac < EPSILON) return;
data/rsem-1.3.3+dfsg/PairedEndQModel.h:183:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleReadQ& mate1 = read.getMate1();
data/rsem-1.3.3+dfsg/PairedEndQModel.h:184:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SingleReadQ& mate2 = read.getMate2();
data/rsem-1.3.3+dfsg/PairedEndQModel.h:197:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const char*);
data/rsem-1.3.3+dfsg/PairedEndQModel.h:244:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
PairedEndReadQ read;
data/rsem-1.3.3+dfsg/PairedEndQModel.h:255:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (reader.next(read)) {
data/rsem-1.3.3+dfsg/PairedEndQModel.h:256:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SingleReadQ mate1 = read.getMate1();
data/rsem-1.3.3+dfsg/PairedEndQModel.h:257:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SingleReadQ mate2 = read.getMate2();
data/rsem-1.3.3+dfsg/PairedEndQModel.h:259:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read.isLowQuality()) {
data/rsem-1.3.3+dfsg/PairedEndQModel.h:273:120: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fprintf(stderr, "Warning: Read %s is ignored due to at least one of the mates' length < seed length (= %d)!\n", read.getName().c_str(), seedLen);
data/rsem-1.3.3+dfsg/PairedEndQModel.h:316:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void PairedEndQModel::read(const char* inpF) {
data/rsem-1.3.3+dfsg/PairedEndQModel.h:325:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ori->read(fi);
data/rsem-1.3.3+dfsg/PairedEndQModel.h:326:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gld->read(fi);
data/rsem-1.3.3+dfsg/PairedEndQModel.h:327:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mld->read(fi);
data/rsem-1.3.3+dfsg/PairedEndQModel.h:328:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rspd->read(fi);
data/rsem-1.3.3+dfsg/PairedEndQModel.h:329:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qd->read(fi);
data/rsem-1.3.3+dfsg/PairedEndQModel.h:330:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qpro->read(fi);
data/rsem-1.3.3+dfsg/PairedEndQModel.h:331:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nqpro->read(fi);
data/rsem-1.3.3+dfsg/PairedEndQModel.h:386:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PairedEndQModel::simulate(READ_INT_TYPE rid, PairedEndReadQ& read, int& sid) {
data/rsem-1.3.3+dfsg/PairedEndRead.h:20:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(int argc, std::istream* argv[], int flags = 7);
data/rsem-1.3.3+dfsg/PairedEndRead.h:36:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PairedEndRead::read(int argc, std::istream* argv[], int flags) {
data/rsem-1.3.3+dfsg/PairedEndRead.h:42:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
success = mate1.read(1, inpMate1, flags) && mate2.read(1, inpMate2, flags);
data/rsem-1.3.3+dfsg/PairedEndRead.h:42:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
success = mate1.read(1, inpMate1, flags) && mate2.read(1, inpMate2, flags);
data/rsem-1.3.3+dfsg/PairedEndReadQ.h:20:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(int argc, std::istream* argv[], int flags = 7);
data/rsem-1.3.3+dfsg/PairedEndReadQ.h:36:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PairedEndReadQ::read(int argc, std::istream* argv[], int flags) {
data/rsem-1.3.3+dfsg/PairedEndReadQ.h:42:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
success = mate1.read(1, inpMate1, flags) && mate2.read(1, inpMate2, flags);
data/rsem-1.3.3+dfsg/PairedEndReadQ.h:42:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
success = mate1.read(1, inpMate1, flags) && mate2.read(1, inpMate2, flags);
data/rsem-1.3.3+dfsg/Profile.h:30:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(FILE*);
data/rsem-1.3.3+dfsg/Profile.h:133:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Profile::read(FILE *fi) {
data/rsem-1.3.3+dfsg/QProfile.h:26:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(FILE*);
data/rsem-1.3.3+dfsg/QProfile.h:129:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void QProfile::read(FILE *fi) {
data/rsem-1.3.3+dfsg/QualDist.h:26:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(FILE*);
data/rsem-1.3.3+dfsg/QualDist.h:94:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void QualDist::read(FILE *fi) {
data/rsem-1.3.3+dfsg/RSPD.h:79:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(FILE*);
data/rsem-1.3.3+dfsg/RSPD.h:138:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void RSPD::read(FILE *fi) {
data/rsem-1.3.3+dfsg/Read.h:14:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(int argc, std::istream* argv[], int flags = 7) { return false; } //read from file, flags, which entries loaded 1 : readseq, 2 : quality score 4 : name
data/rsem-1.3.3+dfsg/ReadIndex.h:32:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fin.read((char*)&nReads, sizeof(nReads));
data/rsem-1.3.3+dfsg/ReadIndex.h:33:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fin.read((char*)&gap, sizeof(gap));
data/rsem-1.3.3+dfsg/ReadIndex.h:34:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fin.read((char*)&nPos, sizeof(nPos));
data/rsem-1.3.3+dfsg/ReadIndex.h:37:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fin.read((char*)&index[i], sizeof(std::streampos));
data/rsem-1.3.3+dfsg/ReadReader.h:34:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool next(ReadType& read, int flags = 7) {
data/rsem-1.3.3+dfsg/ReadReader.h:35:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool success = read.read(s, (std::istream**)arr, flags);
data/rsem-1.3.3+dfsg/ReadReader.h:35:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool success = read.read(s, (std::istream**)arr, flags);
data/rsem-1.3.3+dfsg/ReadReader.h:36:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (success && seedLen > 0) { read.calc_lq(hasPolyA, seedLen); }
data/rsem-1.3.3+dfsg/ReadReader.h:84:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ReadType read;
data/rsem-1.3.3+dfsg/ReadReader.h:94:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (crid < rid && read.read(s, (std::istream**)arr, 0)) ++crid;
data/rsem-1.3.3+dfsg/ReadReader.h:94:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (crid < rid && read.read(s, (std::istream**)arr, 0)) ++crid;
data/rsem-1.3.3+dfsg/ReadReader.h:101:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read.read(s, (std::istream**)arr, 0)) return false;
data/rsem-1.3.3+dfsg/ReadReader.h:101:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read.read(s, (std::istream**)arr, 0)) return false;
data/rsem-1.3.3+dfsg/RefSeq.h:62:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::ifstream&, int = 0);
data/rsem-1.3.3+dfsg/RefSeq.h:108:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool RefSeq::read(std::ifstream& fin, int option) {
data/rsem-1.3.3+dfsg/Refs.h:132:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
success = seq.read(fin, option);
data/rsem-1.3.3+dfsg/SamParser.h:41:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int parseNext(SingleRead& read, SingleHit& hit);
data/rsem-1.3.3+dfsg/SamParser.h:42:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int parseNext(SingleReadQ& read, SingleHit& hit);
data/rsem-1.3.3+dfsg/SamParser.h:43:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int parseNext(PairedEndRead& read, PairedEndHit& hit);
data/rsem-1.3.3+dfsg/SamParser.h:44:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int parseNext(PairedEndReadQ& read, PairedEndHit& hit);
data/rsem-1.3.3+dfsg/SamParser.h:115:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int SamParser::parseNext(SingleRead& read, SingleHit& hit) {
data/rsem-1.3.3+dfsg/SamParser.h:125:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (readType != 1 || (readType == 1 && read.getName().compare(name) != 0)) {
data/rsem-1.3.3+dfsg/SamParser.h:130:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(read.getReadLength() == b->core.l_qseq, "Read " + name + " has alignments with inconsistent read lengths!");
data/rsem-1.3.3+dfsg/SamParser.h:147:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int SamParser::parseNext(SingleReadQ& read, SingleHit& hit) {
data/rsem-1.3.3+dfsg/SamParser.h:157:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (readType != 1 || (readType == 1 && read.getName().compare(name) != 0)) {
data/rsem-1.3.3+dfsg/SamParser.h:162:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(read.getReadLength() == b->core.l_qseq, "Read " + name + " has alignments with inconsistent read lengths!");
data/rsem-1.3.3+dfsg/SamParser.h:180:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int SamParser::parseNext(PairedEndRead& read, PairedEndHit& hit) {
data/rsem-1.3.3+dfsg/SamParser.h:199:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (readType != 1 || (readType == 1 && read.getName().compare(name) != 0)) {
data/rsem-1.3.3+dfsg/SamParser.h:206:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(read.getMate1().getReadLength() == b->core.l_qseq && read.getMate2().getReadLength() == b2->core.l_qseq, "Paired-end read " + name + " has alignments with inconsistent mate lengths!");
data/rsem-1.3.3+dfsg/SamParser.h:206:71: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(read.getMate1().getReadLength() == b->core.l_qseq && read.getMate2().getReadLength() == b2->core.l_qseq, "Paired-end read " + name + " has alignments with inconsistent mate lengths!");
data/rsem-1.3.3+dfsg/SamParser.h:224:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int SamParser::parseNext(PairedEndReadQ& read, PairedEndHit& hit) {
data/rsem-1.3.3+dfsg/SamParser.h:243:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (readType != 1 || (readType == 1 && read.getName().compare(name) != 0)) {
data/rsem-1.3.3+dfsg/SamParser.h:250:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(read.getMate1().getReadLength() == b->core.l_qseq && read.getMate2().getReadLength() == b2->core.l_qseq, "Paired-end read " + name + " has alignments with inconsistent mate lengths!");
data/rsem-1.3.3+dfsg/SamParser.h:250:71: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(read.getMate1().getReadLength() == b->core.l_qseq && read.getMate2().getReadLength() == b2->core.l_qseq, "Paired-end read " + name + " has alignments with inconsistent mate lengths!");
data/rsem-1.3.3+dfsg/SingleHit.h:36:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream&);
data/rsem-1.3.3+dfsg/SingleHit.h:44:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool SingleHit::read(std::istream& in) {
data/rsem-1.3.3+dfsg/SingleModel.h:95:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getConPrb(const SingleRead& read, const SingleHit& hit) {
data/rsem-1.3.3+dfsg/SingleModel.h:96:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality()) return 0.0;
data/rsem-1.3.3+dfsg/SingleModel.h:105:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int readLen = read.getReadLength();
data/rsem-1.3.3+dfsg/SingleModel.h:108:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(fpos >= 0, "The alignment of read " + read.getName() + " to transcript " + itos(sid) + " starts at " + itos(fpos) + \
data/rsem-1.3.3+dfsg/SingleModel.h:111:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(fpos + readLen <= totLen,"Read " + read.getName() + " is hung over the end of transcript " + itos(sid) + "! " \
data/rsem-1.3.3+dfsg/SingleModel.h:113:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(readLen <= totLen, "Read " + read.getName() + " has length " + itos(readLen) + ", but it is aligned to transcript " \
data/rsem-1.3.3+dfsg/SingleModel.h:138:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
prob = ori->getProb(dir) * value * pro->getProb(read.getReadSeq(), ref, pos, dir);
data/rsem-1.3.3+dfsg/SingleModel.h:148:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getNoiseConPrb(const SingleRead& read) {
data/rsem-1.3.3+dfsg/SingleModel.h:149:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality()) return 0.0;
data/rsem-1.3.3+dfsg/SingleModel.h:150:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double prob = mld != NULL ? mld->getProb(read.getReadLength()) : gld->getProb(read.getReadLength());
data/rsem-1.3.3+dfsg/SingleModel.h:150:81: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double prob = mld != NULL ? mld->getProb(read.getReadLength()) : gld->getProb(read.getReadLength());
data/rsem-1.3.3+dfsg/SingleModel.h:151:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
prob *= npro->getProb(read.getReadSeq());
data/rsem-1.3.3+dfsg/SingleModel.h:163:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void update(const SingleRead& read, const SingleHit& hit, double frac) {
data/rsem-1.3.3+dfsg/SingleModel.h:164:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality() || frac < EPSILON) return;
data/rsem-1.3.3+dfsg/SingleModel.h:180:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int readLen = read.getReadLength();
data/rsem-1.3.3+dfsg/SingleModel.h:208:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pro->update(read.getReadSeq(), ref, pos, dir, frac);
data/rsem-1.3.3+dfsg/SingleModel.h:211:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void updateNoise(const SingleRead& read, double frac) {
data/rsem-1.3.3+dfsg/SingleModel.h:212:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality() || frac < EPSILON) return;
data/rsem-1.3.3+dfsg/SingleModel.h:214:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
npro->update(read.getReadSeq(), frac);
data/rsem-1.3.3+dfsg/SingleModel.h:229:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const char*);
data/rsem-1.3.3+dfsg/SingleModel.h:276:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SingleRead read;
data/rsem-1.3.3+dfsg/SingleModel.h:288:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (reader.next(read)) {
data/rsem-1.3.3+dfsg/SingleModel.h:289:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read.isLowQuality()) {
data/rsem-1.3.3+dfsg/SingleModel.h:290:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mld != NULL ? mld->update(read.getReadLength(), 1.0) : gld->update(read.getReadLength(), 1.0);
data/rsem-1.3.3+dfsg/SingleModel.h:290:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mld != NULL ? mld->update(read.getReadLength(), 1.0) : gld->update(read.getReadLength(), 1.0);
data/rsem-1.3.3+dfsg/SingleModel.h:291:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (i == 0) { npro->updateC(read.getReadSeq()); }
data/rsem-1.3.3+dfsg/SingleModel.h:293:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (read.getReadLength() < seedLen)
data/rsem-1.3.3+dfsg/SingleModel.h:295:106: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fprintf(stderr, "Warning: Read %s is ignored due to read length (= %d) < seed length (= %d)!\n", read.getName().c_str(), read.getReadLength(), seedLen);
data/rsem-1.3.3+dfsg/SingleModel.h:295:130: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fprintf(stderr, "Warning: Read %s is ignored due to read length (= %d) < seed length (= %d)!\n", read.getName().c_str(), read.getReadLength(), seedLen);
data/rsem-1.3.3+dfsg/SingleModel.h:338:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void SingleModel::read(const char* inpF) {
data/rsem-1.3.3+dfsg/SingleModel.h:347:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ori->read(fi);
data/rsem-1.3.3+dfsg/SingleModel.h:348:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gld->read(fi);
data/rsem-1.3.3+dfsg/SingleModel.h:352:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mld->read(fi);
data/rsem-1.3.3+dfsg/SingleModel.h:354:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rspd->read(fi);
data/rsem-1.3.3+dfsg/SingleModel.h:355:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pro->read(fi);
data/rsem-1.3.3+dfsg/SingleModel.h:356:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
npro->read(fi);
data/rsem-1.3.3+dfsg/SingleModel.h:413:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool SingleModel::simulate(READ_INT_TYPE rid, SingleRead& read, int& sid) {
data/rsem-1.3.3+dfsg/SingleQModel.h:101:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getConPrb(const SingleReadQ& read, const SingleHit& hit) const {
data/rsem-1.3.3+dfsg/SingleQModel.h:102:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality()) return 0.0;
data/rsem-1.3.3+dfsg/SingleQModel.h:111:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int readLen = read.getReadLength();
data/rsem-1.3.3+dfsg/SingleQModel.h:114:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(fpos >= 0, "The alignment of read " + read.getName() + " to transcript " + itos(sid) + " starts at " + itos(fpos) + \
data/rsem-1.3.3+dfsg/SingleQModel.h:117:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(fpos + readLen <= totLen,"Read " + read.getName() + " is hung over the end of transcript " + itos(sid) + "! " \
data/rsem-1.3.3+dfsg/SingleQModel.h:119:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
general_assert(readLen <= totLen, "Read " + read.getName() + " has length " + itos(readLen) + ", but it is aligned to transcript " \
data/rsem-1.3.3+dfsg/SingleQModel.h:144:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
prob = ori->getProb(dir) * value * qpro->getProb(read.getReadSeq(), read.getQScore(), ref, pos, dir);
data/rsem-1.3.3+dfsg/SingleQModel.h:144:71: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
prob = ori->getProb(dir) * value * qpro->getProb(read.getReadSeq(), read.getQScore(), ref, pos, dir);
data/rsem-1.3.3+dfsg/SingleQModel.h:153:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getNoiseConPrb(const SingleReadQ& read) {
data/rsem-1.3.3+dfsg/SingleQModel.h:154:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality()) return 0.0;
data/rsem-1.3.3+dfsg/SingleQModel.h:155:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double prob = mld != NULL ? mld->getProb(read.getReadLength()) : gld->getProb(read.getReadLength());
data/rsem-1.3.3+dfsg/SingleQModel.h:155:81: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double prob = mld != NULL ? mld->getProb(read.getReadLength()) : gld->getProb(read.getReadLength());
data/rsem-1.3.3+dfsg/SingleQModel.h:156:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
prob *= nqpro->getProb(read.getReadSeq(), read.getQScore());
data/rsem-1.3.3+dfsg/SingleQModel.h:156:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
prob *= nqpro->getProb(read.getReadSeq(), read.getQScore());
data/rsem-1.3.3+dfsg/SingleQModel.h:168:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void update(const SingleReadQ& read, const SingleHit& hit, double frac) {
data/rsem-1.3.3+dfsg/SingleQModel.h:169:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality() || frac < EPSILON) return;
data/rsem-1.3.3+dfsg/SingleQModel.h:186:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int readLen = read.getReadLength();
data/rsem-1.3.3+dfsg/SingleQModel.h:214:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qpro->update(read.getReadSeq(), read.getQScore(), ref, pos, dir, frac);
data/rsem-1.3.3+dfsg/SingleQModel.h:214:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qpro->update(read.getReadSeq(), read.getQScore(), ref, pos, dir, frac);
data/rsem-1.3.3+dfsg/SingleQModel.h:217:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void updateNoise(const SingleReadQ& read, double frac) {
data/rsem-1.3.3+dfsg/SingleQModel.h:218:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read.isLowQuality() || frac < EPSILON) return;
data/rsem-1.3.3+dfsg/SingleQModel.h:220:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nqpro->update(read.getReadSeq(), read.getQScore(), frac);
data/rsem-1.3.3+dfsg/SingleQModel.h:220:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nqpro->update(read.getReadSeq(), read.getQScore(), frac);
data/rsem-1.3.3+dfsg/SingleQModel.h:237:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const char*);
data/rsem-1.3.3+dfsg/SingleQModel.h:286:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SingleReadQ read;
data/rsem-1.3.3+dfsg/SingleQModel.h:298:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (reader.next(read)) {
data/rsem-1.3.3+dfsg/SingleQModel.h:299:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read.isLowQuality()) {
data/rsem-1.3.3+dfsg/SingleQModel.h:300:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mld != NULL ? mld->update(read.getReadLength(), 1.0) : gld->update(read.getReadLength(), 1.0);
data/rsem-1.3.3+dfsg/SingleQModel.h:300:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mld != NULL ? mld->update(read.getReadLength(), 1.0) : gld->update(read.getReadLength(), 1.0);
data/rsem-1.3.3+dfsg/SingleQModel.h:301:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qd->update(read.getQScore());
data/rsem-1.3.3+dfsg/SingleQModel.h:302:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (i == 0) { nqpro->updateC(read.getReadSeq(), read.getQScore()); }
data/rsem-1.3.3+dfsg/SingleQModel.h:302:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (i == 0) { nqpro->updateC(read.getReadSeq(), read.getQScore()); }
data/rsem-1.3.3+dfsg/SingleQModel.h:304:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (read.getReadLength() < seedLen)
data/rsem-1.3.3+dfsg/SingleQModel.h:306:106: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fprintf(stderr, "Warning: Read %s is ignored due to read length (= %d) < seed length (= %d)!\n", read.getName().c_str(), read.getReadLength(), seedLen);
data/rsem-1.3.3+dfsg/SingleQModel.h:306:130: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fprintf(stderr, "Warning: Read %s is ignored due to read length (= %d) < seed length (= %d)!\n", read.getName().c_str(), read.getReadLength(), seedLen);
data/rsem-1.3.3+dfsg/SingleQModel.h:350:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void SingleQModel::read(const char* inpF) {
data/rsem-1.3.3+dfsg/SingleQModel.h:359:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ori->read(fi);
data/rsem-1.3.3+dfsg/SingleQModel.h:360:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gld->read(fi);
data/rsem-1.3.3+dfsg/SingleQModel.h:364:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mld->read(fi);
data/rsem-1.3.3+dfsg/SingleQModel.h:366:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rspd->read(fi);
data/rsem-1.3.3+dfsg/SingleQModel.h:367:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qd->read(fi);
data/rsem-1.3.3+dfsg/SingleQModel.h:368:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qpro->read(fi);
data/rsem-1.3.3+dfsg/SingleQModel.h:369:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nqpro->read(fi);
data/rsem-1.3.3+dfsg/SingleQModel.h:428:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool SingleQModel::simulate(READ_INT_TYPE rid, SingleReadQ& read, int& sid) {
data/rsem-1.3.3+dfsg/SingleRead.h:23:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(int argc, std::istream* argv[], int flags = 7);
data/rsem-1.3.3+dfsg/SingleRead.h:37:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool SingleRead::read(int argc, std::istream* argv[], int flags) {
data/rsem-1.3.3+dfsg/SingleReadQ.h:24:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(int argc, std::istream* argv[], int flags = 7);
data/rsem-1.3.3+dfsg/SingleReadQ.h:38:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool SingleReadQ::read(int argc, std::istream* argv[], int flags) {
data/rsem-1.3.3+dfsg/Transcript.h:77:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(std::ifstream&);
data/rsem-1.3.3+dfsg/Transcript.h:119:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Transcript::read(std::ifstream& fin) {
data/rsem-1.3.3+dfsg/Transcripts.h:91:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
transcripts[i].read(fin);
data/rsem-1.3.3+dfsg/calcCI.cpp:169:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
model.read(modelF);
data/rsem-1.3.3+dfsg/calcCI.cpp:337:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fin.read((char*)(&tsamples[k]), FLOATSIZE);
data/rsem-1.3.3+dfsg/calcCI.cpp:533:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(argv[i + 1]);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:244:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned int dataLength = strlen(value.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/BamAlignment.cpp:402:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned int dataLength = strlen(pTagData);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:76:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cline[strlen(cline)-1]='\0';
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:285:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string chr=*sit++; chr=chr.substr(3,strlen(chr.c_str()));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/bed2vector.cpp:465:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string chr=*sit++; chr=chr.substr(3,strlen(chr.c_str()));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.2/src/maqmap.c:30:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mm->ref_name[i]) + 1;
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:244:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned int dataLength = strlen(value.c_str());
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/BamAlignment.cpp:402:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned int dataLength = strlen(pTagData);
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:78:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cline[strlen(cline)-1]='\0';
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:287:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string chr=*sit++; chr=chr.substr(3,strlen(chr.c_str()));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/bed2vector.cpp:467:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string chr=*sit++; chr=chr.substr(3,strlen(chr.c_str()));
data/rsem-1.3.3+dfsg/pRSEM/phantompeakqualtools/spp_1.10.1_on_R3.3/src/maqmap.c:30:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mm->ref_name[i]) + 1;
data/rsem-1.3.3+dfsg/parseIt.cpp:79:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ReadType read, record_read;
data/rsem-1.3.3+dfsg/parseIt.cpp:90:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((val = parser->parseNext(read, hit)) >= 0) {
data/rsem-1.3.3+dfsg/parseIt.cpp:119:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
record_read = read; // no pointer, thus safe
data/rsem-1.3.3+dfsg/simulation.cpp:89:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ReadType read;
data/rsem-1.3.3+dfsg/simulation.cpp:92:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
model.read(modelF);
data/rsem-1.3.3+dfsg/simulation.cpp:122:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!model.simulate(i, read, sid)) { ++resimulation_count; }
data/rsem-1.3.3+dfsg/simulation.cpp:123:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.write(n_os, os);
ANALYSIS SUMMARY:
Hits = 766
Lines analyzed = 34079 in approximately 0.89 seconds (38081 lines/second)
Physical Source Lines of Code (SLOC) = 23766
Hits@level = [0] 604 [1] 260 [2] 391 [3] 17 [4] 98 [5] 0
Hits@level+ = [0+] 1370 [1+] 766 [2+] 506 [3+] 115 [4+] 98 [5+] 0
Hits/KSLOC@level+ = [0+] 57.6454 [1+] 32.2309 [2+] 21.2909 [3+] 4.83885 [4+] 4.12354 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.