Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sim4-0.0.20121010/Xtend1.c
Examining data/sim4-0.0.20121010/Xtend1.h
Examining data/sim4-0.0.20121010/align.c
Examining data/sim4-0.0.20121010/align.h
Examining data/sim4-0.0.20121010/sim4.h
Examining data/sim4-0.0.20121010/sim4b1.c
Examining data/sim4-0.0.20121010/sim4b1.h
Examining data/sim4-0.0.20121010/splice.c
Examining data/sim4-0.0.20121010/splice.h
Examining data/sim4-0.0.20121010/args.c
Examining data/sim4-0.0.20121010/args.h
Examining data/sim4-0.0.20121010/charvec.c
Examining data/sim4-0.0.20121010/charvec.h
Examining data/sim4-0.0.20121010/discrim.c
Examining data/sim4-0.0.20121010/discrim.h
Examining data/sim4-0.0.20121010/dna.c
Examining data/sim4-0.0.20121010/dna.h
Examining data/sim4-0.0.20121010/encoding.h
Examining data/sim4-0.0.20121010/libc.h
Examining data/sim4-0.0.20121010/misc.c
Examining data/sim4-0.0.20121010/misc.h
Examining data/sim4-0.0.20121010/poly.c
Examining data/sim4-0.0.20121010/poly.h
Examining data/sim4-0.0.20121010/prnt.c
Examining data/sim4-0.0.20121010/prnt.h
Examining data/sim4-0.0.20121010/psublast.h
Examining data/sim4-0.0.20121010/seq.c
Examining data/sim4-0.0.20121010/seq.h
Examining data/sim4-0.0.20121010/seq_read.c
Examining data/sim4-0.0.20121010/types.h
Examining data/sim4-0.0.20121010/encoding.c
Examining data/sim4-0.0.20121010/sim4.init.c
FINAL RESULTS:
data/sim4-0.0.20121010/args.c:67:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*val_ptr, argv[i]+2);
data/sim4-0.0.20121010/misc.c:36:8: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(stderr, fmt, ap);
data/sim4-0.0.20121010/misc.c:48:8: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(stderr, fmt, ap);
data/sim4-0.0.20121010/misc.c:63:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (vfprintf(stderr, fmt, ap) < 0)
data/sim4-0.0.20121010/misc.c:76:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (vfprintf(stderr, fmt, ap) < 0)
data/sim4-0.0.20121010/misc.c:137:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(p, s);
data/sim4-0.0.20121010/misc.c:176:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp = popen(name, mode)) == NULL)
data/sim4-0.0.20121010/prnt.c:19:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ckprintf (void)printf /* XXX */
data/sim4-0.0.20121010/sim4.init.c:210:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(tmp,"%s sequence is not a DNA sequence.", tok);
data/sim4-0.0.20121010/sim4b1.c:518:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy((char *)tmp,END_SIG);
data/sim4-0.0.20121010/sim4b1.c:520:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy((char *)(tmp+sig->pos2+1), START_SIG);
data/sim4-0.0.20121010/sim4b1.c:539:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy((char *)tmp,END_SIG);
data/sim4-0.0.20121010/sim4b1.c:542:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy((char *)(tmp+N-sig->pos2+2),START_SIG);
data/sim4-0.0.20121010/Xtend1.c:75:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_AG,trace_AG[0][ORIGIN+DELTA],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:76:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_AC,trace_AC[0][ORIGIN+DELTA],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:193:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_AG,trace_AG[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:194:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_AC,trace_AC[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:210:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_AG,trace_AG[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:211:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_AC,trace_AC[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:227:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_AG,trace_AG[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:228:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_AC,trace_AC[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:266:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_AG,trace_AG[d][min_diag[d]],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:267:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_AC,trace_AC[d][min_diag[d]],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:332:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_GT,trace_GT[0][ORIGIN],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:333:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_CT,trace_CT[0][ORIGIN],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:453:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_GT,trace_GT[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:454:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_CT,trace_CT[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:468:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_GT,trace_GT[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:469:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_CT,trace_CT[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:485:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_GT,trace_GT[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:486:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_CT,trace_CT[d][k],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:525:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_GT,trace_GT[d][max_diag[d]],sizeof(coords));
data/sim4-0.0.20121010/Xtend1.c:526:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&last_CT,trace_CT[d][max_diag[d]],sizeof(coords));
data/sim4-0.0.20121010/args.c:38:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*val_ptr = atoi(argv[i]+2);
data/sim4-0.0.20121010/args.c:66:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*val_ptr = (char *) ckalloc(strlen(argv[i]+2)+1);
data/sim4-0.0.20121010/encoding.c:7:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char nfasta_ctype[256];
data/sim4-0.0.20121010/encoding.c:27:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char dna_complement[256];
data/sim4-0.0.20121010/encoding.h:2:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char nfasta_ctype[256];
data/sim4-0.0.20121010/encoding.h:3:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char dna_complement[256];
data/sim4-0.0.20121010/misc.c:89:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(name, mode)) == NULL)
data/sim4-0.0.20121010/misc.c:143:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, s, (size_t)n);
data/sim4-0.0.20121010/poly.c:24:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char encodingA[128];
data/sim4-0.0.20121010/poly.c:25:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char encodingT[128];
data/sim4-0.0.20121010/prnt.c:28:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/sim4-0.0.20121010/seq_read.c:151:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(seq->maskname, "r");
data/sim4-0.0.20121010/seq_read.c:168:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF];
data/sim4-0.0.20121010/sim4.h:108:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[2];
data/sim4-0.0.20121010/sim4.init.c:209:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[200];
data/sim4-0.0.20121010/sim4.init.c:218:20: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tok, "(no header)");
data/sim4-0.0.20121010/sim4b1.c:2729:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oris[500];
data/sim4-0.0.20121010/args.c:66:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*val_ptr = (char *) ckalloc(strlen(argv[i]+2)+1);
data/sim4-0.0.20121010/misc.c:136:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = ckalloc(strlen(s)+1); /* +1 to hold '\0' */
data/sim4-0.0.20121010/seq.c:20:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (*fname)+strlen(*fname)-1;
data/sim4-0.0.20121010/seq_read.c:29:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!feof(fp)) do c = getc(fp); while (c != EOF && ws(c));
data/sim4-0.0.20121010/seq_read.c:74:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(seq->fp);
data/sim4-0.0.20121010/seq_read.c:105:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(seq->fp);
data/sim4-0.0.20121010/sim4.init.c:217:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tok = ckalloc(strlen("(no header)")+1);
data/sim4-0.0.20121010/sim4.init.c:723:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, q, (int)(s-q));
data/sim4-0.0.20121010/sim4b1.c:519:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy((char *)(tmp+2),(char *)seq2,(size_t)sig->pos2-1);
data/sim4-0.0.20121010/sim4b1.c:540:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy((char *)(tmp+2),(char *)(seq2+sig->pos2),
ANALYSIS SUMMARY:
Hits = 60
Lines analyzed = 7462 in approximately 0.25 seconds (29953 lines/second)
Physical Source Lines of Code (SLOC) = 5781
Hits@level = [0] 115 [1] 10 [2] 37 [3] 0 [4] 13 [5] 0
Hits@level+ = [0+] 175 [1+] 60 [2+] 50 [3+] 13 [4+] 13 [5+] 0
Hits/KSLOC@level+ = [0+] 30.2716 [1+] 10.3788 [2+] 8.64902 [3+] 2.24875 [4+] 2.24875 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.