Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/sim4-0.0.20121010/Xtend1.c Examining data/sim4-0.0.20121010/Xtend1.h Examining data/sim4-0.0.20121010/align.c Examining data/sim4-0.0.20121010/align.h Examining data/sim4-0.0.20121010/sim4.h Examining data/sim4-0.0.20121010/sim4b1.c Examining data/sim4-0.0.20121010/sim4b1.h Examining data/sim4-0.0.20121010/splice.c Examining data/sim4-0.0.20121010/splice.h Examining data/sim4-0.0.20121010/args.c Examining data/sim4-0.0.20121010/args.h Examining data/sim4-0.0.20121010/charvec.c Examining data/sim4-0.0.20121010/charvec.h Examining data/sim4-0.0.20121010/discrim.c Examining data/sim4-0.0.20121010/discrim.h Examining data/sim4-0.0.20121010/dna.c Examining data/sim4-0.0.20121010/dna.h Examining data/sim4-0.0.20121010/encoding.h Examining data/sim4-0.0.20121010/libc.h Examining data/sim4-0.0.20121010/misc.c Examining data/sim4-0.0.20121010/misc.h Examining data/sim4-0.0.20121010/poly.c Examining data/sim4-0.0.20121010/poly.h Examining data/sim4-0.0.20121010/prnt.c Examining data/sim4-0.0.20121010/prnt.h Examining data/sim4-0.0.20121010/psublast.h Examining data/sim4-0.0.20121010/seq.c Examining data/sim4-0.0.20121010/seq.h Examining data/sim4-0.0.20121010/seq_read.c Examining data/sim4-0.0.20121010/types.h Examining data/sim4-0.0.20121010/encoding.c Examining data/sim4-0.0.20121010/sim4.init.c FINAL RESULTS: data/sim4-0.0.20121010/args.c:67:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(*val_ptr, argv[i]+2); data/sim4-0.0.20121010/misc.c:36:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void)vfprintf(stderr, fmt, ap); data/sim4-0.0.20121010/misc.c:48:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void)vfprintf(stderr, fmt, ap); data/sim4-0.0.20121010/misc.c:63:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (vfprintf(stderr, fmt, ap) < 0) data/sim4-0.0.20121010/misc.c:76:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (vfprintf(stderr, fmt, ap) < 0) data/sim4-0.0.20121010/misc.c:137:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(p, s); data/sim4-0.0.20121010/misc.c:176:12: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((fp = popen(name, mode)) == NULL) data/sim4-0.0.20121010/prnt.c:19:24: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ckprintf (void)printf /* XXX */ data/sim4-0.0.20121010/sim4.init.c:210:23: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(tmp,"%s sequence is not a DNA sequence.", tok); data/sim4-0.0.20121010/sim4b1.c:518:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy((char *)tmp,END_SIG); data/sim4-0.0.20121010/sim4b1.c:520:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy((char *)(tmp+sig->pos2+1), START_SIG); data/sim4-0.0.20121010/sim4b1.c:539:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy((char *)tmp,END_SIG); data/sim4-0.0.20121010/sim4b1.c:542:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy((char *)(tmp+N-sig->pos2+2),START_SIG); data/sim4-0.0.20121010/Xtend1.c:75:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AG,trace_AG[0][ORIGIN+DELTA],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:76:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AC,trace_AC[0][ORIGIN+DELTA],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:193:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AG,trace_AG[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:194:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AC,trace_AC[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:210:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AG,trace_AG[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:211:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AC,trace_AC[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:227:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AG,trace_AG[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:228:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AC,trace_AC[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:266:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AG,trace_AG[d][min_diag[d]],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:267:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_AC,trace_AC[d][min_diag[d]],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:332:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_GT,trace_GT[0][ORIGIN],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:333:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_CT,trace_CT[0][ORIGIN],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:453:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_GT,trace_GT[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:454:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_CT,trace_CT[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:468:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_GT,trace_GT[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:469:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_CT,trace_CT[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:485:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_GT,trace_GT[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:486:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_CT,trace_CT[d][k],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:525:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_GT,trace_GT[d][max_diag[d]],sizeof(coords)); data/sim4-0.0.20121010/Xtend1.c:526:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&last_CT,trace_CT[d][max_diag[d]],sizeof(coords)); data/sim4-0.0.20121010/args.c:38:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *val_ptr = atoi(argv[i]+2); data/sim4-0.0.20121010/args.c:66:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *val_ptr = (char *) ckalloc(strlen(argv[i]+2)+1); data/sim4-0.0.20121010/encoding.c:7:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char nfasta_ctype[256]; data/sim4-0.0.20121010/encoding.c:27:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char dna_complement[256]; data/sim4-0.0.20121010/encoding.h:2:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char nfasta_ctype[256]; data/sim4-0.0.20121010/encoding.h:3:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char dna_complement[256]; data/sim4-0.0.20121010/misc.c:89:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(name, mode)) == NULL) data/sim4-0.0.20121010/misc.c:143:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, s, (size_t)n); data/sim4-0.0.20121010/poly.c:24:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char encodingA[128]; data/sim4-0.0.20121010/poly.c:25:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char encodingT[128]; data/sim4-0.0.20121010/prnt.c:28:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/sim4-0.0.20121010/seq_read.c:151:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(seq->maskname, "r"); data/sim4-0.0.20121010/seq_read.c:168:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF]; data/sim4-0.0.20121010/sim4.h:108:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[2]; data/sim4-0.0.20121010/sim4.init.c:209:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/sim4-0.0.20121010/sim4.init.c:218:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tok, "(no header)"); data/sim4-0.0.20121010/sim4b1.c:2729:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oris[500]; data/sim4-0.0.20121010/args.c:66:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *val_ptr = (char *) ckalloc(strlen(argv[i]+2)+1); data/sim4-0.0.20121010/misc.c:136:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = ckalloc(strlen(s)+1); /* +1 to hold '\0' */ data/sim4-0.0.20121010/seq.c:20:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (*fname)+strlen(*fname)-1; data/sim4-0.0.20121010/seq_read.c:29:24: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!feof(fp)) do c = getc(fp); while (c != EOF && ws(c)); data/sim4-0.0.20121010/seq_read.c:74:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(seq->fp); data/sim4-0.0.20121010/seq_read.c:105:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(seq->fp); data/sim4-0.0.20121010/sim4.init.c:217:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tok = ckalloc(strlen("(no header)")+1); data/sim4-0.0.20121010/sim4.init.c:723:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, q, (int)(s-q)); data/sim4-0.0.20121010/sim4b1.c:519:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void)strncpy((char *)(tmp+2),(char *)seq2,(size_t)sig->pos2-1); data/sim4-0.0.20121010/sim4b1.c:540:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void)strncpy((char *)(tmp+2),(char *)(seq2+sig->pos2), ANALYSIS SUMMARY: Hits = 60 Lines analyzed = 7462 in approximately 0.25 seconds (29953 lines/second) Physical Source Lines of Code (SLOC) = 5781 Hits@level = [0] 115 [1] 10 [2] 37 [3] 0 [4] 13 [5] 0 Hits@level+ = [0+] 175 [1+] 60 [2+] 50 [3+] 13 [4+] 13 [5+] 0 Hits/KSLOC@level+ = [0+] 30.2716 [1+] 10.3788 [2+] 8.64902 [3+] 2.24875 [4+] 2.24875 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.