Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/staden-io-lib-1.14.13/MSVC_includes/sys/param.h
Examining data/staden-io-lib-1.14.13/MSVC_includes/sys/time.h
Examining data/staden-io-lib-1.14.13/MSVC_includes/unistd.h
Examining data/staden-io-lib-1.14.13/io_lib/Read.c
Examining data/staden-io-lib-1.14.13/io_lib/Read.h
Examining data/staden-io-lib-1.14.13/io_lib/abi.h
Examining data/staden-io-lib-1.14.13/io_lib/alf.h
Examining data/staden-io-lib-1.14.13/io_lib/array.c
Examining data/staden-io-lib-1.14.13/io_lib/array.h
Examining data/staden-io-lib-1.14.13/io_lib/bam.h
Examining data/staden-io-lib-1.14.13/io_lib/bgzip.h
Examining data/staden-io-lib-1.14.13/io_lib/binning.c
Examining data/staden-io-lib-1.14.13/io_lib/binning.h
Examining data/staden-io-lib-1.14.13/io_lib/compress.c
Examining data/staden-io-lib-1.14.13/io_lib/compress.h
Examining data/staden-io-lib-1.14.13/io_lib/compression.h
Examining data/staden-io-lib-1.14.13/io_lib/cram.h
Examining data/staden-io-lib-1.14.13/io_lib/cram_bambam.c
Examining data/staden-io-lib-1.14.13/io_lib/cram_bambam.h
Examining data/staden-io-lib-1.14.13/io_lib/cram_block_compression.h
Examining data/staden-io-lib-1.14.13/io_lib/cram_codecs.c
Examining data/staden-io-lib-1.14.13/io_lib/cram_codecs.h
Examining data/staden-io-lib-1.14.13/io_lib/cram_decode.c
Examining data/staden-io-lib-1.14.13/io_lib/cram_decode.h
Examining data/staden-io-lib-1.14.13/io_lib/cram_encode.c
Examining data/staden-io-lib-1.14.13/io_lib/cram_encode.h
Examining data/staden-io-lib-1.14.13/io_lib/cram_index.h
Examining data/staden-io-lib-1.14.13/io_lib/cram_io.h
Examining data/staden-io-lib-1.14.13/io_lib/cram_stats.h
Examining data/staden-io-lib-1.14.13/io_lib/cram_structs.h
Examining data/staden-io-lib-1.14.13/io_lib/crc32.c
Examining data/staden-io-lib-1.14.13/io_lib/crc32.h
Examining data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c
Examining data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.h
Examining data/staden-io-lib-1.14.13/io_lib/dstring.c
Examining data/staden-io-lib-1.14.13/io_lib/dstring.h
Examining data/staden-io-lib-1.14.13/io_lib/error.c
Examining data/staden-io-lib-1.14.13/io_lib/error.h
Examining data/staden-io-lib-1.14.13/io_lib/expFileIO.c
Examining data/staden-io-lib-1.14.13/io_lib/expFileIO.h
Examining data/staden-io-lib-1.14.13/io_lib/find.c
Examining data/staden-io-lib-1.14.13/io_lib/fpoint.c
Examining data/staden-io-lib-1.14.13/io_lib/fpoint.h
Examining data/staden-io-lib-1.14.13/io_lib/jenkins_lookup3.c
Examining data/staden-io-lib-1.14.13/io_lib/jenkins_lookup3.h
Examining data/staden-io-lib-1.14.13/io_lib/mFILE.c
Examining data/staden-io-lib-1.14.13/io_lib/mFILE.h
Examining data/staden-io-lib-1.14.13/io_lib/md5.c
Examining data/staden-io-lib-1.14.13/io_lib/md5.h
Examining data/staden-io-lib-1.14.13/io_lib/misc.h
Examining data/staden-io-lib-1.14.13/io_lib/misc_scf.c
Examining data/staden-io-lib-1.14.13/io_lib/open_trace_file.c
Examining data/staden-io-lib-1.14.13/io_lib/open_trace_file.h
Examining data/staden-io-lib-1.14.13/io_lib/plain.h
Examining data/staden-io-lib-1.14.13/io_lib/pooled_alloc.c
Examining data/staden-io-lib-1.14.13/io_lib/pooled_alloc.h
Examining data/staden-io-lib-1.14.13/io_lib/read_alloc.c
Examining data/staden-io-lib-1.14.13/io_lib/read_scf.c
Examining data/staden-io-lib-1.14.13/io_lib/sam_header.c
Examining data/staden-io-lib-1.14.13/io_lib/sam_header.h
Examining data/staden-io-lib-1.14.13/io_lib/scf.h
Examining data/staden-io-lib-1.14.13/io_lib/scf_extras.c
Examining data/staden-io-lib-1.14.13/io_lib/scf_extras.h
Examining data/staden-io-lib-1.14.13/io_lib/scram.c
Examining data/staden-io-lib-1.14.13/io_lib/scram.h
Examining data/staden-io-lib-1.14.13/io_lib/seqIOABI.h
Examining data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c
Examining data/staden-io-lib-1.14.13/io_lib/sff.c
Examining data/staden-io-lib-1.14.13/io_lib/sff.h
Examining data/staden-io-lib-1.14.13/io_lib/srf.c
Examining data/staden-io-lib-1.14.13/io_lib/stdio_hack.h
Examining data/staden-io-lib-1.14.13/io_lib/string_alloc.c
Examining data/staden-io-lib-1.14.13/io_lib/string_alloc.h
Examining data/staden-io-lib-1.14.13/io_lib/strings.c
Examining data/staden-io-lib-1.14.13/io_lib/tar_format.h
Examining data/staden-io-lib-1.14.13/io_lib/thread_pool.c
Examining data/staden-io-lib-1.14.13/io_lib/thread_pool.h
Examining data/staden-io-lib-1.14.13/io_lib/traceType.c
Examining data/staden-io-lib-1.14.13/io_lib/traceType.h
Examining data/staden-io-lib-1.14.13/io_lib/translate.c
Examining data/staden-io-lib-1.14.13/io_lib/translate.h
Examining data/staden-io-lib-1.14.13/io_lib/vlen.c
Examining data/staden-io-lib-1.14.13/io_lib/vlen.h
Examining data/staden-io-lib-1.14.13/io_lib/write_scf.c
Examining data/staden-io-lib-1.14.13/io_lib/xalloc.c
Examining data/staden-io-lib-1.14.13/io_lib/xalloc.h
Examining data/staden-io-lib-1.14.13/io_lib/zfio.c
Examining data/staden-io-lib-1.14.13/io_lib/zfio.h
Examining data/staden-io-lib-1.14.13/io_lib/ztr.c
Examining data/staden-io-lib-1.14.13/io_lib/ztr.h
Examining data/staden-io-lib-1.14.13/io_lib/ztr_translate.c
Examining data/staden-io-lib-1.14.13/io_lib/cram_stats.c
Examining data/staden-io-lib-1.14.13/io_lib/hash_table.c
Examining data/staden-io-lib-1.14.13/io_lib/hash_table.h
Examining data/staden-io-lib-1.14.13/io_lib/cram_index.c
Examining data/staden-io-lib-1.14.13/io_lib/cram_io.c
Examining data/staden-io-lib-1.14.13/io_lib/files.c
Examining data/staden-io-lib-1.14.13/io_lib/srf.h
Examining data/staden-io-lib-1.14.13/io_lib/bgzip.c
Examining data/staden-io-lib-1.14.13/io_lib/mach-io.c
Examining data/staden-io-lib-1.14.13/io_lib/mach-io.h
Examining data/staden-io-lib-1.14.13/io_lib/seqIOABI.c
Examining data/staden-io-lib-1.14.13/io_lib/seqIOALF.c
Examining data/staden-io-lib-1.14.13/io_lib/bam.c
Examining data/staden-io-lib-1.14.13/io_lib/compression.c
Examining data/staden-io-lib-1.14.13/progs/append_sff.c
Examining data/staden-io-lib-1.14.13/progs/convert_trace.c
Examining data/staden-io-lib-1.14.13/progs/cram_dump.c
Examining data/staden-io-lib-1.14.13/progs/cram_filter.c
Examining data/staden-io-lib-1.14.13/progs/cram_size.c
Examining data/staden-io-lib-1.14.13/progs/cram_to_sam.c
Examining data/staden-io-lib-1.14.13/progs/extract_fastq.c
Examining data/staden-io-lib-1.14.13/progs/extract_qual.c
Examining data/staden-io-lib-1.14.13/progs/extract_seq.c
Examining data/staden-io-lib-1.14.13/progs/get_comment.c
Examining data/staden-io-lib-1.14.13/progs/hash_exp.c
Examining data/staden-io-lib-1.14.13/progs/hash_extract.c
Examining data/staden-io-lib-1.14.13/progs/hash_list.c
Examining data/staden-io-lib-1.14.13/progs/hash_sff.c
Examining data/staden-io-lib-1.14.13/progs/hash_tar.c
Examining data/staden-io-lib-1.14.13/progs/index_tar.c
Examining data/staden-io-lib-1.14.13/progs/makeSCF.c
Examining data/staden-io-lib-1.14.13/progs/sam_convert.c
Examining data/staden-io-lib-1.14.13/progs/sam_to_cram.c
Examining data/staden-io-lib-1.14.13/progs/scf_dump.c
Examining data/staden-io-lib-1.14.13/progs/scf_info.c
Examining data/staden-io-lib-1.14.13/progs/scf_update.c
Examining data/staden-io-lib-1.14.13/progs/scram_flagstat.c
Examining data/staden-io-lib-1.14.13/progs/scram_merge.c
Examining data/staden-io-lib-1.14.13/progs/scram_pileup.c
Examining data/staden-io-lib-1.14.13/progs/scram_pileup.h
Examining data/staden-io-lib-1.14.13/progs/scram_test.c
Examining data/staden-io-lib-1.14.13/progs/srf2fasta.c
Examining data/staden-io-lib-1.14.13/progs/srf_dump_all.c
Examining data/staden-io-lib-1.14.13/progs/srf_extract_hash.c
Examining data/staden-io-lib-1.14.13/progs/srf_extract_linear.c
Examining data/staden-io-lib-1.14.13/progs/srf_filter.c
Examining data/staden-io-lib-1.14.13/progs/srf_index_hash.c
Examining data/staden-io-lib-1.14.13/progs/srf_info.c
Examining data/staden-io-lib-1.14.13/progs/srf_list.c
Examining data/staden-io-lib-1.14.13/progs/trace_dump.c
Examining data/staden-io-lib-1.14.13/progs/ztr_dump.c
Examining data/staden-io-lib-1.14.13/progs/cram_index.c
Examining data/staden-io-lib-1.14.13/progs/srf2fastq.c
Examining data/staden-io-lib-1.14.13/progs/scramble.c
Examining data/staden-io-lib-1.14.13/tests/cram_io_test.c
FINAL RESULTS:
data/staden-io-lib-1.14.13/io_lib/cram_io.c:93:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define chmod _chmod
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3336:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(path, mode);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3343:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(path, mode);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3484:15: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (0 == chmod(path_tmp, 0444))
data/staden-io-lib-1.14.13/io_lib/Read.c:325:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read->trace_name, fn);
data/staden-io-lib-1.14.13/io_lib/bam.c:4057:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hp, out->header->ref[i].name);
data/staden-io-lib-1.14.13/io_lib/compress.c:307:9: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("sh", "sh", "-c", command, NULL);
data/staden-io-lib-1.14.13/io_lib/compress.c:479:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s%s", file, magics[compression_used-1].extension);
data/staden-io-lib-1.14.13/io_lib/compress.c:569:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fext, "%s%s", file, magics[i].extension);
data/staden-io-lib-1.14.13/io_lib/cram_index.c:273:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn2, "%s.crai", fn);
data/staden-io-lib-1.14.13/io_lib/cram_index.c:523:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn_idx, fn_base);
data/staden-io-lib-1.14.13/io_lib/cram_index.c:525:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn_idx, "%s.crai", fn_base);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:135:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define RP(...) fprintf (stderr, __VA_ARGS__)
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3288:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, fn);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3314:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, dir);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3318:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, fn);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3467:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path_tmp, "%s.tmp_%d", path, /*getpid(),*/ i);
data/staden-io-lib-1.14.13/io_lib/dstring.c:231:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(bufp, fmt, args);
data/staden-io-lib-1.14.13/io_lib/error.c:67:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:718:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(aline+apos, line);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:773:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&en[l1+1], &aline[10]);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:1320:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, str);
data/staden-io-lib-1.14.13/io_lib/files.c:136:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.gz", fname);
data/staden-io-lib-1.14.13/io_lib/files.c:139:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.bz", fname);
data/staden-io-lib-1.14.13/io_lib/files.c:142:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.bz2", fname);
data/staden-io-lib-1.14.13/io_lib/files.c:145:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.Z", fname);
data/staden-io-lib-1.14.13/io_lib/files.c:148:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.z", fname);
data/staden-io-lib-1.14.13/io_lib/files.c:175:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (1 == sscanf(line, "%s", name))
data/staden-io-lib-1.14.13/io_lib/find.c:109:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wholePath,file);
data/staden-io-lib-1.14.13/io_lib/find.c:116:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(paths,searchpath);
data/staden-io-lib-1.14.13/io_lib/find.c:150:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(wholePath,path);
data/staden-io-lib-1.14.13/io_lib/find.c:152:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat(wholePath,file);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1422:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(aname, "%.*s%s", (int)(cp-fname+1), fname,
data/staden-io-lib-1.14.13/io_lib/mFILE.c:685:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
ret = vsprintf(&mf->data[mf->offset], fmt, args);
data/staden-io-lib-1.14.13/io_lib/misc.h:98:60: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define __PRINTF_FORMAT__(a,b) __attribute__ ((format (printf, a, b)))
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:237:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s.index", tarname);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:342:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hf_name, hashfile);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:500:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
cp += strlen(strcpy(cp, file));
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:511:2: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("wget", "wget", "-q", "-O", fname, buf, NULL);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:567:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
cp += strlen(strcpy(cp, file));
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:692:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sff_copy, sff);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:766:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sff_copy, sff);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:932:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sff_copy, sff);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1060:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s", file);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1082:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path_end, file);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1094:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path_end, file);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1111:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path2, path); /* path contains / too as it's from file */
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1232:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file2, "%s%s", file, suffix[i]);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1298:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(relative_path, relative_to);
data/staden-io-lib-1.14.13/io_lib/read_alloc.c:295:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dst->trace_name, new_name );
data/staden-io-lib-1.14.13/io_lib/read_alloc.c:297:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dst->trace_name, src->trace_name );
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:728:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "COMM=%s\n", commstrp);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:729:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:737:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "NAME=%s\n", buffer);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:738:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:744:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:768:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:778:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:800:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:856:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "DATE=%s to %s\nRUND=%s\n",
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:858:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:865:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "DYEP=%s\n", buffer);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:866:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:872:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "MACH=%s\n", buffer);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:873:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:879:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "MODL=%s\n", buffer);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:880:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:886:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "MTXF=%s\n", buffer);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:887:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:893:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "BCAL=%s\n", buffer);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:894:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:900:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "VER1=%s\n", buffer);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:901:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:905:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "VER2=%s\n", buffer);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:906:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:912:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "GELN=%s\n", buffer);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:913:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, line);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:919:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,comment);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:1007:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read->trace_name, fn);
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:475:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read->trace_name, fn);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:214:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (5 == sscanf(line, "%6d%6d%6d%4c%s",
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:224:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read->trace_name, name);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:299:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read->trace_name, fn);
data/staden-io-lib-1.14.13/io_lib/srf.c:255:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ch->version, SRF_VERSION);
data/staden-io-lib-1.14.13/io_lib/stdio_hack.h:72:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf mfprintf
data/staden-io-lib-1.14.13/io_lib/translate.c:364:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(exp_get_entry(e, EFLT_EN), "%s", EN);
data/staden-io-lib-1.14.13/io_lib/translate.c:366:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(exp_get_entry(e, EFLT_ID), "%s", EN);
data/staden-io-lib-1.14.13/io_lib/translate.c:376:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_LN), cp);
data/staden-io-lib-1.14.13/io_lib/translate.c:381:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_LT), t);
data/staden-io-lib-1.14.13/io_lib/translate.c:482:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_SV),line+EXP_TAGLEN);
data/staden-io-lib-1.14.13/io_lib/translate.c:487:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_CV),line+EXP_TAGLEN);
data/staden-io-lib-1.14.13/io_lib/translate.c:492:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_CN),line+EXP_TAGLEN);
data/staden-io-lib-1.14.13/io_lib/translate.c:526:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_TN),comment);
data/staden-io-lib-1.14.13/io_lib/translate.c:530:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_ST),comment);
data/staden-io-lib-1.14.13/io_lib/translate.c:546:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp,"%s %c %d..%d\n%s",
data/staden-io-lib-1.14.13/io_lib/translate.c:549:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_TG),tmp);
data/staden-io-lib-1.14.13/io_lib/translate.c:602:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp,"%s %c %d..%d\n%s",
data/staden-io-lib-1.14.13/io_lib/translate.c:605:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_TC),tmp);
data/staden-io-lib-1.14.13/io_lib/translate.c:614:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp,"%s = %d..%d\n%s%s\n%s",/* use strand = */
data/staden-io-lib-1.14.13/io_lib/translate.c:617:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exp_get_entry(e, EFLT_TG),tmp);
data/staden-io-lib-1.14.13/io_lib/translate.c:667:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(exp_get_entry(e, EFLT_AV), "%s", cstr);
data/staden-io-lib-1.14.13/io_lib/translate.c:789:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->base, str);
data/staden-io-lib-1.14.13/io_lib/vlen.c:343:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n","test");
data/staden-io-lib-1.14.13/io_lib/vlen.c:375:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%c %f %d %s %c %g %ld %s\n", 'a', 3.1, 9, "one", 'b', 4.2, 9, "two");
data/staden-io-lib-1.14.13/io_lib/vlen.c:407:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n", "0123456789");
data/staden-io-lib-1.14.13/io_lib/vlen.c:411:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%5s\n", "0123456789");
data/staden-io-lib-1.14.13/io_lib/vlen.c:415:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%50s\n", "0123456789");
data/staden-io-lib-1.14.13/io_lib/ztr.c:785:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ch->dlength += 1+sprintf(cp, "%c%s%c%s%c", 0, key, 0, value, 0);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:99:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
*mdbytes = sprintf(*mdata, "OFFS%c%s", 0, buf) + 1;
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:204:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
*mdbytes = sprintf(*mdata, "TYPE%c%.*s%cOFFS%c%s",
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:763:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int added = sprintf(iptr, "%s=%s\n",
data/staden-io-lib-1.14.13/progs/convert_trace.c:811:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "ERROR %s", infname);
data/staden-io-lib-1.14.13/progs/convert_trace.c:825:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "ERROR %s", outfname);
data/staden-io-lib-1.14.13/progs/cram_dump.c:65:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(j ? ", %d" : "%d", (unsigned char)data[k]);
data/staden-io-lib-1.14.13/progs/cram_dump.c:116:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(i ? ", %02x" : "%02x", (unsigned char)b->data[i]);
data/staden-io-lib-1.14.13/progs/cram_dump.c:254:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(i ? ", %d" : "%d", c->landmark[i]);
data/staden-io-lib-1.14.13/progs/cram_dump.c:322:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(id ? ", %d" : "%d", s->hdr->block_content_ids[id]);
data/staden-io-lib-1.14.13/progs/hash_exp.c:84:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rname, c+5);
data/staden-io-lib-1.14.13/progs/hash_tar.c:211:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(files[nfiles].member, hi->data.p);
data/staden-io-lib-1.14.13/progs/hash_tar.c:215:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(files[nfiles].member, member);
data/staden-io-lib-1.14.13/progs/hash_tar.c:218:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(files[nfiles].member, member);
data/staden-io-lib-1.14.13/progs/makeSCF.c:127:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cc, r->info);
data/staden-io-lib-1.14.13/progs/makeSCF.c:144:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "CONV=makeSCF V3.06\nDATF=%s\nDATN=%s\n",
data/staden-io-lib-1.14.13/progs/makeSCF.c:147:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cp, buf);
data/staden-io-lib-1.14.13/progs/scram_flagstat.c:192:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(imode, "r%s%c", in_f, level);
data/staden-io-lib-1.14.13/progs/scram_flagstat.c:195:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(imode, "r%s%c", detect_format(argv[optind]), level);
data/staden-io-lib-1.14.13/progs/scram_merge.c:227:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(omode, "w%s%c", out_f, level);
data/staden-io-lib-1.14.13/progs/scram_merge.c:234:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(imode, "r%s%c", in_f, level);
data/staden-io-lib-1.14.13/progs/scram_merge.c:247:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(imode, "r%s%c", detect_format(argv[optind]), level);
data/staden-io-lib-1.14.13/progs/scram_pileup.c:779:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) cp, scram_get_header(fp)->ref[ref].name);
data/staden-io-lib-1.14.13/progs/scram_test.c:196:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(imode, "r%s%c", in_f, level);
data/staden-io-lib-1.14.13/progs/scram_test.c:199:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(imode, "r%s%c", detect_format(argv[optind]), level);
data/staden-io-lib-1.14.13/progs/scramble.c:516:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(imode, "r%s%c", in_f, level);
data/staden-io-lib-1.14.13/progs/scramble.c:519:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(imode, "r%s%c", detect_format(argv[optind]), level);
data/staden-io-lib-1.14.13/progs/scramble.c:545:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(omode, "w%s%c", out_f, level);
data/staden-io-lib-1.14.13/progs/scramble.c:548:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(omode, "w%s%c", detect_format(argv[optind+1]), level);
data/staden-io-lib-1.14.13/progs/srf2fastq.c:286:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s_%d.fastq", root,
data/staden-io-lib-1.14.13/progs/srf2fastq.c:289:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s_%s.fastq", root,
data/staden-io-lib-1.14.13/progs/srf2fastq.c:435:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq, regn->name[iregion-1]);
data/staden-io-lib-1.14.13/progs/srf2fastq.c:500:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq, regn->name[iregion]);
data/staden-io-lib-1.14.13/progs/srf2fastq.c:603:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(root, argv[++i]);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:575:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_filter->prefixes[read_filter->prefixes_size - 1], prefix);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:586:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_filter->reads[read_filter->reads_size - 1], read);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:660:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_filter->prefixes[read_filter->prefixes_size - 1], prefix);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:671:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_filter->reads[read_filter->reads_size - 1], read);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:852:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/s_%d_%04d_%s.txt", dir, lane, tile, type);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:885:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dir2, "%s.run", ar_name);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:954:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/s_%d_%04d_dump.txt", dir, lane, tile);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:986:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dir2, "%s.run", ar_name);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:1160:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(ar_name, R_OK)) {
data/staden-io-lib-1.14.13/progs/srf_extract_linear.c:106:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s%s", srf->th.id_prefix, tb.read_id);
data/staden-io-lib-1.14.13/progs/srf_filter.c:249:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_filter->prefixes[read_filter->prefixes_size - 1], prefix);
data/staden-io-lib-1.14.13/progs/srf_filter.c:351:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(read_filter->prefixes[read_filter->prefixes_size - 1], prefix);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3355:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *ref_path = getenv("REF_PATH");
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3359:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *local_cache = getenv("REF_CACHE");
data/staden-io-lib-1.14.13/io_lib/cram_stats.c:211:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
switch(random()%10) {
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:2257:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c:detxl:b:hr:i:")) != -1) {
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:493:19: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
char *fname = tempnam(NULL, NULL);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1205:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = getenv("RAWDATA");
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1347:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
: getenv("TRACE_PATH"), rel_to);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1352:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
: getenv("TRACE_PATH"), rel_to);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1360:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
: getenv("EXP_PATH"), relative_to);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1365:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
: getenv("EXP_PATH"), relative_to);
data/staden-io-lib-1.14.13/io_lib/thread_pool.c:792:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
usleep(random() % 1000000); // to coerce job completion out of order
data/staden-io-lib-1.14.13/progs/cram_filter.c:800:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "hqt:T:!n:r:")) != -1) {
data/staden-io-lib-1.14.13/progs/cram_to_sam.c:76:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((C = getopt(argc, argv, "bu0123456789mp:hr:R:X")) != -1) {
data/staden-io-lib-1.14.13/progs/sam_to_cram.c:79:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "u0123456789hvs:S:V:r:X")) != -1) {
data/staden-io-lib-1.14.13/progs/scram_flagstat.c:124:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "hI:R:r:!t:b")) != -1) {
data/staden-io-lib-1.14.13/progs/scram_merge.c:146:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "u0123456789hvs:S:V:r:XI:O:R:N:")) != -1) {
data/staden-io-lib-1.14.13/progs/scram_test.c:126:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "hI:R:r:!t:c:C:")) != -1) {
data/staden-io-lib-1.14.13/progs/scramble.c:273:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "u0123456789hvs:S:V:r:xeEI:O:R:!MmajJzZt:BN:F:Hb:nPpqg:G:fTX:d:D:")) != -1) {
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:1058:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, ":c:d:f:not:v")) != -1) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:1117:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, ":c:m:f:vb2:")) != -1) {
data/staden-io-lib-1.14.13/progs/srf_info.c:771:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "l:")) != -1) {
data/staden-io-lib-1.14.13/progs/srf_list.c:154:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "lcvh")) != -1) {
data/staden-io-lib-1.14.13/io_lib/bam.c:157:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdata, b->uncomp_p, l);
data/staden-io-lib-1.14.13/io_lib/bam.c:304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4], *header;
data/staden-io-lib-1.14.13/io_lib/bam.c:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_a[1024], *name;
data/staden-io-lib-1.14.13/io_lib/bam.c:367:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len_c[100];
data/staden-io-lib-1.14.13/io_lib/bam.c:368:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(len_c, "%d", len);
data/staden-io-lib-1.14.13/io_lib/bam.c:489:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (b->fp = fopen(fn, "wb")))
data/staden-io-lib-1.14.13/io_lib/bam.c:507:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (b->fp = fopen(fn, "rb")))
data/staden-io-lib-1.14.13/io_lib/bam.c:689:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char comp[Z_BUFF_SIZE];
data/staden-io-lib-1.14.13/io_lib/bam.c:690:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uncomp[Z_BUFF_SIZE];
data/staden-io-lib-1.14.13/io_lib/bam.c:718:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&crc2, j->comp + j->comp_sz, 4);
data/staden-io-lib-1.14.13/io_lib/bam.c:756:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&crc2, j->comp + j->comp_sz, 4);
data/staden-io-lib-1.14.13/io_lib/bam.c:886:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(j->comp, b->comp_p, bsize+8);
data/staden-io-lib-1.14.13/io_lib/bam.c:932:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->uncomp, j->uncomp, j->uncomp_sz);
data/staden-io-lib-1.14.13/io_lib/bam.c:1057:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&crc2, b->comp_p-8, 4);
data/staden-io-lib-1.14.13/io_lib/bam.c:1237:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char lookup[256] = {
data/staden-io-lib-1.14.13/io_lib/bam.c:1322:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sh->ref[sh->nref].name, cp, cpf-cp);
data/staden-io-lib-1.14.13/io_lib/bam.c:1365:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[4];
data/staden-io-lib-1.14.13/io_lib/bam.c:1423:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sh->ref[sh->nref].name, cp, cpf-cp);
data/staden-io-lib-1.14.13/io_lib/bam.c:1565:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpt, value, cpf-value); cpt += cpf-value;
data/staden-io-lib-1.14.13/io_lib/bam.c:1571:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpt, value, cpf-value); cpt += cpf-value;
data/staden-io-lib-1.14.13/io_lib/bam.c:1669:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&CG_len, CG+2, 4);
data/staden-io-lib-1.14.13/io_lib/bam.c:1707:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cg_cache, fp, CG_len*4);
data/staden-io-lib-1.14.13/io_lib/bam.c:1786:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_name(bn), bam_name(b), b->name_len);
data/staden-io-lib-1.14.13/io_lib/bam.c:1794:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_cigar(bn), cig, 8);
data/staden-io-lib-1.14.13/io_lib/bam.c:1800:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_seq(bn), bam_seq(b), bam_aux(b)-bam_seq(b));
data/staden-io-lib-1.14.13/io_lib/bam.c:1806:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_aux(bn), bam_aux(b), ep-fp);
data/staden-io-lib-1.14.13/io_lib/bam.c:1815:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ep, &len, 4); ep += 4;
data/staden-io-lib-1.14.13/io_lib/bam.c:1816:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ep, bam_cigar(b), bam_cigar_len(b)*4);
data/staden-io-lib-1.14.13/io_lib/bam.c:1878:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&b->next_len, &((char *)(&bs->ref))[blk_size], 4);
data/staden-io-lib-1.14.13/io_lib/bam.c:1994:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)bam_cigar(bs))[blk_size] = 0;
data/staden-io-lib-1.14.13/io_lib/bam.c:1997:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&b->next_len, &((char *)bam_cigar(bs))[blk_size], 4);
data/staden-io-lib-1.14.13/io_lib/bam.c:1997:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memcpy(&b->next_len, &((char *)bam_cigar(bs))[blk_size], 4);
data/staden-io-lib-1.14.13/io_lib/bam.c:1998:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)bam_cigar(bs))[blk_size] = 0;
data/staden-io-lib-1.14.13/io_lib/bam.c:2209:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val->i = (uint16_t)((((unsigned char *)s)[3]<< 0) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2210:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[4]<< 8));
data/staden-io-lib-1.14.13/io_lib/bam.c:2217:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val->i = (int16_t)((((unsigned char *)s)[3]<< 0) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2218:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[4]<< 8));
data/staden-io-lib-1.14.13/io_lib/bam.c:2225:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val->i = (uint32_t)((((unsigned char *)s)[3]<< 0) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2226:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[4]<< 8) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2227:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[5]<<16) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2228:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[6]<<24));
data/staden-io-lib-1.14.13/io_lib/bam.c:2235:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val->i = (int32_t)((((unsigned char *)s)[3]<< 0) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2236:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[4]<< 8) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2237:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[5]<<16) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2238:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[6]<<24));
data/staden-io-lib-1.14.13/io_lib/bam.c:2245:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val->i = (int32_t)((((unsigned char *)s)[3]<< 0) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2246:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[4]<< 8) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2247:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[5]<<16) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2248:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[6]<<24));
data/staden-io-lib-1.14.13/io_lib/bam.c:2255:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val->i64 = (uint64_t)(((uint64_t)(((unsigned char *)s)[ 3])<< 0) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2256:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((uint64_t)(((unsigned char *)s)[ 4])<< 8) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2257:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((uint64_t)(((unsigned char *)s)[ 5])<<16) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2258:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((uint64_t)(((unsigned char *)s)[ 6])<<24) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2259:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((uint64_t)(((unsigned char *)s)[ 7])<<32) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2260:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((uint64_t)(((unsigned char *)s)[ 8])<<40) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2261:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((uint64_t)(((unsigned char *)s)[ 9])<<48) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2262:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((uint64_t)(((unsigned char *)s)[10])<<54));
data/staden-io-lib-1.14.13/io_lib/bam.c:2276:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
count = (unsigned int)((((unsigned char *)s)[4]<< 0) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2277:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[5]<< 8) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2278:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[6]<<16) +
data/staden-io-lib-1.14.13/io_lib/bam.c:2279:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)s)[7]<<24));
data/staden-io-lib-1.14.13/io_lib/bam.c:2321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char k3[3];
data/staden-io-lib-1.14.13/io_lib/bam.c:2375:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char L[256] = {
data/staden-io-lib-1.14.13/io_lib/bam.c:2432:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, qname, qname_len);
data/staden-io-lib-1.14.13/io_lib/bam.c:2466:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, qual, len);
data/staden-io-lib-1.14.13/io_lib/bam.c:2481:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bam_aux_add(bam_seq_t **b, const char tag[2], char type,
data/staden-io-lib-1.14.13/io_lib/bam.c:2532:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, data, array_len * tlen);
data/staden-io-lib-1.14.13/io_lib/bam.c:2537:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, data, array_len);
data/staden-io-lib-1.14.13/io_lib/bam.c:2565:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, data, tlen);
data/staden-io-lib-1.14.13/io_lib/bam.c:2891:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bam_aux_add_data(bam_seq_t **b, const char tag[2], char type,
data/staden-io-lib-1.14.13/io_lib/bam.c:2914:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, data, len);
data/staden-io-lib-1.14.13/io_lib/bam.c:2951:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, data, len);
data/staden-io-lib-1.14.13/io_lib/bam.c:2977:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, b, b->alloc);
data/staden-io-lib-1.14.13/io_lib/bam.c:3178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blk+18+5, buf, in_sz);
data/staden-io-lib-1.14.13/io_lib/bam.c:3347:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bf->bgbuf_p + bf->bgbuf_sz, input, copy_length);
data/staden-io-lib-1.14.13/io_lib/bam.c:3364:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char blk[Z_BUFF_SIZE+4];
data/staden-io-lib-1.14.13/io_lib/bam.c:3378:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[Z_BUFF_SIZE];
data/staden-io-lib-1.14.13/io_lib/bam.c:3379:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[Z_BUFF_SIZE];
data/staden-io-lib-1.14.13/io_lib/bam.c:3400:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(j->in, buf, count);
data/staden-io-lib-1.14.13/io_lib/bam.c:3446:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *auxh, aux_key[3], type;
data/staden-io-lib-1.14.13/io_lib/bam.c:3527:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->uncomp_p, bam_name(b), sz-1); fp->uncomp_p += sz-1;
data/staden-io-lib-1.14.13/io_lib/bam.c:3542:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->uncomp_p, fp->header->ref[b->ref].name, l);
data/staden-io-lib-1.14.13/io_lib/bam.c:3587:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->uncomp_p, fp->header->ref[b->mate_ref].name, l);
data/staden-io-lib-1.14.13/io_lib/bam.c:3755:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
fp->uncomp_p += sprintf((char *)fp->uncomp_p, "%g", val.f);
data/staden-io-lib-1.14.13/io_lib/bam.c:3759:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
fp->uncomp_p += sprintf((char *)fp->uncomp_p, "%g", val.d);
data/staden-io-lib-1.14.13/io_lib/bam.c:3769:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->uncomp_p, dat, l2);
data/staden-io-lib-1.14.13/io_lib/bam.c:3858:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[4];
data/staden-io-lib-1.14.13/io_lib/bam.c:3866:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
fp->uncomp_p += sprintf((char *)fp->uncomp_p, "%g", u.f);
data/staden-io-lib-1.14.13/io_lib/bam.c:3957:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->uncomp_p, ptr, 32 + name_len);
data/staden-io-lib-1.14.13/io_lib/bam.c:3973:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->uncomp_p, ptr, blk_len);
data/staden-io-lib-1.14.13/io_lib/bam.c:4045:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hp, htext, htext_len);
data/staden-io-lib-1.14.13/io_lib/bam.h:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[2];
data/staden-io-lib-1.14.13/io_lib/bam.h:151:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char comp[Z_BUFF_SIZE];
data/staden-io-lib-1.14.13/io_lib/bam.h:155:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uncomp[Z_BUFF_SIZE];
data/staden-io-lib-1.14.13/io_lib/bam.h:211:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bgbuf[Z_BUFF_SIZE];
data/staden-io-lib-1.14.13/io_lib/bam.h:428:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bam_aux_add(bam_seq_t **b, const char tag[2], char type,
data/staden-io-lib-1.14.13/io_lib/bam.h:633:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int bam_aux_add_data(bam_seq_t **b, const char tag[2],
data/staden-io-lib-1.14.13/io_lib/bgzip.c:79:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fn, "rb");
data/staden-io-lib-1.14.13/io_lib/bgzip.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn2[8192];
data/staden-io-lib-1.14.13/io_lib/bgzip.c:86:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fn2, "rb");
data/staden-io-lib-1.14.13/io_lib/bgzip.c:182:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, bname, blen);
data/staden-io-lib-1.14.13/io_lib/bgzip.c:183:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp+blen, suffix, slen+1);
data/staden-io-lib-1.14.13/io_lib/bgzip.c:186:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *idx_f = fopen(tmp, "wb");
data/staden-io-lib-1.14.13/io_lib/bgzip.c:304:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[65536];
data/staden-io-lib-1.14.13/io_lib/bgzip.c:363:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(zp->fp = fopen(path, mode))) goto err;
data/staden-io-lib-1.14.13/io_lib/bgzip.c:427:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(argv[1], "rb");
data/staden-io-lib-1.14.13/io_lib/compress.c:201:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdata, "\037\213\010\000\000\000\000\000\000\377", 10);
data/staden-io-lib-1.14.13/io_lib/compress.c:271:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PIPEBS];
data/staden-io-lib-1.14.13/io_lib/compress.c:352:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&output[output_used], buf, len);
data/staden-io-lib-1.14.13/io_lib/compress.c:393:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[3];
data/staden-io-lib-1.14.13/io_lib/compress.c:468:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[2048];
data/staden-io-lib-1.14.13/io_lib/compress.c:480:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fname, "wb")))
data/staden-io-lib-1.14.13/io_lib/compress.c:549:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fext[1024];
data/staden-io-lib-1.14.13/io_lib/compress.c:596:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mg[3];
data/staden-io-lib-1.14.13/io_lib/compression.c:576:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &uncomp[i], rsz);
data/staden-io-lib-1.14.13/io_lib/compression.c:656:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out[out_len], &comp[i], rsz);
data/staden-io-lib-1.14.13/io_lib/compression.c:680:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out[out_len], last, rsz);
data/staden-io-lib-1.14.13/io_lib/compression.c:1474:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char next[256];
data/staden-io-lib-1.14.13/io_lib/compression.c:1535:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char next[256];
data/staden-io-lib-1.14.13/io_lib/compression.c:2093:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[2];
data/staden-io-lib-1.14.13/io_lib/compression.c:2422:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)tnew)[0] = ZTR_FORM_TSHIFT;
data/staden-io-lib-1.14.13/io_lib/cram_bambam.c:353:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd, orig, sizeof(*fd));
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:157:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block->data[block->byte], bytes, len);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:442:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, cp, *out_size);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:582:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[99], *tp = tmp;
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:847:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[99], *tp = tmp;
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:1001:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[99], *tp = tmp;
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:1351:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, b->data + b->byte, *out_size);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:1570:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->e_xpack.map, e->map, sizeof(e->map)); // P,A,C,K to 0,1,2,3
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:2038:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, b->data + b->idx, n);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:2362:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->e_xrle.rep_score, e->rep_score, 256*sizeof(*c->e_xrle.rep_score));
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:3536:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20], *cp = buf;
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:195:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr->substitution_matrix, "CGTNAGTNACTNACGNACGT", 20);
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:1095:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr->md5, cp, 16);
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:1108:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[3];
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:1381:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq[seq_pos-1],
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:1390:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq[seq_pos-1], &s->ref[ref_pos - s->ref_start +1],
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:1841:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq[seq_pos-1],
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:1852:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq[seq_pos-1], &s->ref[ref_pos - s->ref_start +1],
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:1942:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_MD_[1024], *tmp_MD = tmp_MD_;
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:1949:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_MD, orig_aux_p, sz);
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:1953:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&BLOCK_DATA(s->aux_blk)[-has_MD], tmp_MD, sz);
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:1968:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[7];
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:2021:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tag_data[3];
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:2087:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tag_data[7];
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:2104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tag_data[2], "I\0\0\0\0", 5);
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:2552:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:2588:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char M[33];
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:3135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_a[1024], *name;
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:3150:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name_a, BLOCK_DATA(s->name_blk)+s->crecs[cr->mate_line].name,
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:3156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, fd->prefix, name_len);
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:3220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aux, BLOCK_DATA(s->aux_blk) + cr->aux, cr->aux_size);
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:3228:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aux, bfd->rg[cr->rg].name, len);
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:3670:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*bam, s->bl[s->curr_rec-1], sz);
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:73:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*bt, bf, MIN(bf->alloc, bf->blk_size+44));
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smat[5], *mp = smat;
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:494:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, s->hdr->md5, 16); cp += 16;
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:2131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->substitution_matrix, CRAM_SUBST_MATRIX, 20);
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:2423:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_f[3];
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:2488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_f[3];
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:2666:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_f[3] = {aux[0], aux[1], aux[2]};
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:2971:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
uint32_t count = (uint32_t)((((unsigned char *)aux)[4]<< 0) +
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:2972:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)aux)[5]<< 8) +
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:2973:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)aux)[6]<<16) +
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:2974:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)aux)[7]<<24));
data/staden-io-lib-1.14.13/io_lib/cram_encode.c:3607:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, from, cr->len);
data/staden-io-lib-1.14.13/io_lib/cram_index.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/staden-io-lib-1.14.13/io_lib/cram_index.c:232:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(indexfn, fn, fnsize);
data/staden-io-lib-1.14.13/io_lib/cram_index.c:233:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(indexfn+fnsize,indexsuffix,suffixsize);
data/staden-io-lib-1.14.13/io_lib/cram_index.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn2[PATH_MAX];
data/staden-io-lib-1.14.13/io_lib/cram_index.c:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536];
data/staden-io-lib-1.14.13/io_lib/cram_index.c:466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-io-lib-1.14.13/io_lib/cram_index.c:480:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d\t%d\t%d\t%"PRId64"\t%d\t%d\n",
data/staden-io-lib-1.14.13/io_lib/cram_index.c:492:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d\t%d\t%d\t%"PRId64"\t%d\t%d\n",
data/staden-io-lib-1.14.13/io_lib/cram_index.c:515:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn_idx[PATH_MAX];
data/staden-io-lib-1.14.13/io_lib/cram_index.c:563:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-io-lib-1.14.13/io_lib/cram_index.c:591:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d\t%"PRId64"\t%"PRId64"\t%"PRId64"\t%d\t%d\n",
data/staden-io-lib-1.14.13/io_lib/cram_io.c:228:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr,fd->fp_in_buffer->fp_in_buf_pc,tocopy);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:262:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr,fd->fp_in_buffer->fp_in_buf_pc,tocopy);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:517:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd->fp_out_buffer->fp_out_buf_pc, ptr, tocopy);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:553:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd->fp_out_buffer->fp_out_buf_pc, ptr, towrite);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:824:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[5];
data/staden-io-lib-1.14.13/io_lib/cram_io.c:1073:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[9];
data/staden-io-lib-1.14.13/io_lib/cram_io.c:1172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/staden-io-lib-1.14.13/io_lib/cram_io.c:1181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[9];
data/staden-io-lib-1.14.13/io_lib/cram_io.c:1446:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[4];
data/staden-io-lib-1.14.13/io_lib/cram_io.c:1867:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vardata[100];
data/staden-io-lib-1.14.13/io_lib/cram_io.c:1889:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dat[100], *cp = dat;;
data/staden-io-lib-1.14.13/io_lib/cram_io.c:2999:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fai_fn[PATH_MAX];
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3000:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192];
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3031:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fai_fn, "%.*s.fai", PATH_MAX-5, fn);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3037:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(fai_fn, "r"))) {
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX], path_tmp[PATH_MAX+20];
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3469:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path_tmp, "wx");
data/staden-io-lib-1.14.13/io_lib/cram_io.c:4209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_a[1024], *buf = buf_a, *cp;
data/staden-io-lib-1.14.13/io_lib/cram_io.c:4944:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header, BLOCK_END(b), header_len);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5009:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out+len, "/%.*s", PATH_MAX - len, in);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5035:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unsigned buf[16], buf2[33];
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5061:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ref_fn[PATH_MAX];
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5468:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd->fp_in = fopen(filename, fmode);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5531:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd->fp_out = fopen(filename, fmode);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5573:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmode[3]= { mode[0], '\0', '\0' };
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5626:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(def.file_id, filename, MIN(strlen(filename),20));
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5864:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(def.file_id, filename, MIN(strlen(filename),20));
data/staden-io-lib-1.14.13/io_lib/cram_io.h:188:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(BLOCK_END((b)), (s), (l)); \
data/staden-io-lib-1.14.13/io_lib/cram_stats.c:247:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void hist(unsigned char *data, int dlen, int hist[256]) {
data/staden-io-lib-1.14.13/io_lib/cram_stats.c:266:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char map[256];
data/staden-io-lib-1.14.13/io_lib/cram_structs.h:189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/staden-io-lib-1.14.13/io_lib/cram_structs.h:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_id[20]; // Filename or SHA1 checksum
data/staden-io-lib-1.14.13/io_lib/cram_structs.h:347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char substitution_matrix[5][4];
data/staden-io-lib-1.14.13/io_lib/cram_structs.h:396:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5[16];
data/staden-io-lib-1.14.13/io_lib/cram_structs.h:917:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char L1[256]; // ACGT{*} ->0123{4}
data/staden-io-lib-1.14.13/io_lib/cram_structs.h:918:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char L2[256]; // ACGTN{*}->01234{5}
data/staden-io-lib-1.14.13/io_lib/cram_structs.h:919:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cram_sub_matrix[32][32]; // base substituion codes
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:400:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->codes, ctmp, c->ncodes * sizeof(huffman_code_t));
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:962:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block->data[block->byte], val, nbytes);
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:977:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bl_code[257]; /* bit-length codes and for codes 16-18 */
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:978:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bl_opt[257]; /* the operand to the blcode */
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:979:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sorted_codes[258];
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:2098:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (fd = open(fn, O_RDONLY, 0))) {
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:2157:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&blk_in->data[blk_in->byte+1], data+1, len-1);
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:2159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&blk_in->data[blk_in->byte], data, len);
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:2260:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blk_size = atoi(optarg);
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:2264:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code_set = atoi(optarg);
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:2268:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rec_size = atoi(optarg);
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.h:94:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char symbol[4];
data/staden-io-lib-1.14.13/io_lib/dstring.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], *bufp = buf;
data/staden-io-lib-1.14.13/io_lib/dstring.c:356:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char escape[256];
data/staden-io-lib-1.14.13/io_lib/dstring.c:359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[3];
data/staden-io-lib-1.14.13/io_lib/dstring.c:418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50], *cp = buf;
data/staden-io-lib-1.14.13/io_lib/dstring.c:482:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ds->str[ds->length], str, len);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:158:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eflt_feature_ids[MAXIMUM_EFLTS][MAXIMUM_EFLT_LENGTH+1] = {
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:329:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d..%d", start, end);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:392:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[EXP_FILE_LINE_LENGTH+1];
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:470:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d..%d ", opos[st], opos[i-1]);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:472:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d ", opos[st]);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:479:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d ", f);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:493:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d..%d", opos[st], opos[i-1]);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:495:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", opos[st]);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:596:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d ", conf[i]);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:636:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file,"r"))==NULL) {
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:650:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
e->fp = fopen(file,"a");
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:663:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[EXP_FILE_LINE_LENGTH+1];
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:853:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*val = atoi(exp_get_entry(e,id));
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:921:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EXP_FILE_LINE_LENGTH];
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:923:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",*val);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:936:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EXP_FILE_LINE_LENGTH];
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:1019:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfn[1025];
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:1142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EXP_FILE_LINE_LENGTH];
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:1161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EXP_FILE_LINE_LENGTH];
data/staden-io-lib-1.14.13/io_lib/expFileIO.h:142:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char eflt_feature_ids[MAXIMUM_EFLTS][MAXIMUM_EFLT_LENGTH+1];
data/staden-io-lib-1.14.13/io_lib/files.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[2048];
data/staden-io-lib-1.14.13/io_lib/files.c:167:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(files, "r");
data/staden-io-lib-1.14.13/io_lib/files.c:171:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/staden-io-lib-1.14.13/io_lib/files.c:172:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[256];
data/staden-io-lib-1.14.13/io_lib/files.c:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_path[PATH_MAX], shrt_path[PATH_MAX];
data/staden-io-lib-1.14.13/io_lib/find.c:103:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char wholePath[1024];
data/staden-io-lib-1.14.13/io_lib/hash_table.c:567:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hi->key, key, key_len);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1033:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hf->hh.magic, HASHFILE_MAGIC, 4);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1035:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hf->hh.vers, HASHFILE_VERSION, 4);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1037:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hf->hh.vers, HASHFILE_VERSION100, 4);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(foot.magic, HASHFILE_MAGIC, 4);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1125:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(foot.offset, &be_hfsize, 8);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1157:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hf->hh, htable, HHSIZE);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bucket_pos[i], &htable[htable_pos], 4);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1211:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256];
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1221:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, &htable[htable_pos], c);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1231:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pos, &htable[htable_pos], 8);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1236:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&size, &htable[htable_pos], 4);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1246:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hi->key, key, c);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1296:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&offset, foot.offset, 8);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1394:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fname, "rb")))
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1414:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (hf->afp[i] = fopen(hf->archives[i], "rb"))) {
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aname[1024];
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1424:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (hf->afp[i] = fopen(aname, "rb"))) {
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1474:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bucket_pos[i], &htable[htable_pos], 4);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1486:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256];
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1496:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, &htable[htable_pos], c);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1506:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pos, &htable[htable_pos], 8);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1513:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&size, &htable[htable_pos], 4);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1523:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hi->key, key, c);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1571:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char k[256];
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1674:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (hf->afp[archive_no] = fopen(hf->archives[archive_no], "rb")))
data/staden-io-lib-1.14.13/io_lib/hash_table.h:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/staden-io-lib-1.14.13/io_lib/hash_table.h:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vers[4];
data/staden-io-lib-1.14.13/io_lib/hash_table.h:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/staden-io-lib-1.14.13/io_lib/hash_table.h:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offset[8];
data/staden-io-lib-1.14.13/io_lib/mFILE.c:354:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode2[11];
data/staden-io-lib-1.14.13/io_lib/mFILE.c:367:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(path, mode2)))
data/staden-io-lib-1.14.13/io_lib/mFILE.c:534:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cptr, &mf->data[mf->offset], len);
data/staden-io-lib-1.14.13/io_lib/mFILE.c:566:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mf->data[mf->offset], ptr, size * nmemb);
data/staden-io-lib-1.14.13/io_lib/md5.c:226:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/staden-io-lib-1.14.13/io_lib/md5.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, free);
data/staden-io-lib-1.14.13/io_lib/md5.c:241:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/staden-io-lib-1.14.13/io_lib/md5.h:41:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/staden-io-lib-1.14.13/io_lib/misc.h:148:24: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memmove(d,s,l) bcopy(s,d,l)
data/staden-io-lib-1.14.13/io_lib/misc_scf.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v[5];
data/staden-io-lib-1.14.13/io_lib/misc_scf.c:117:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char v[5];
data/staden-io-lib-1.14.13/io_lib/misc_scf.c:119:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(v, "%1.2f", f);
data/staden-io-lib-1.14.13/io_lib/misc_scf.c:213:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp=fopen(fn,"rb")) == NULL) {
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX+101];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:239:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpind = fopen(path, "r");
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:272:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(tarname, "rb")))
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:331:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hf_name[1024];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:378:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, srf->th.trace_hdr, srf->th.trace_hdr_size);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:379:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + srf->th.trace_hdr_size,
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[1024], *cp;
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:407:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:409:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RDBUFSZ];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:418:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(cp+1);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:427:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&saddr.sin_addr,host->h_addr_list[0], host->h_length);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:438:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "--scf %.*s\n", 1000, file);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], *cp;
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:527:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], *cp;
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:537:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[CURL_ERROR_SIZE];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:599:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_agent[1000];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:600:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(user_agent, "io_lib/" PACKAGE_VERSION " libcurl/%.900s", info->version);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:678:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sff_copy[1024];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:739:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sff_copy[1024];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:744:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chdr[1024];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:747:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c1[1024];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:870:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, chdr, chdrlen);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:871:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + chdrlen, rhdr.c1, rhdrlen);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:897:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sff_copy[1024];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:899:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c1[65536];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:908:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char index_format[8];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:937:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(sff, "rb")))
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1030:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fake_file, chdr.c1, chdrlen);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1031:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fake_file+chdrlen, rhdr.c1, rhdrlen);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1051:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX+1], path2[PATH_MAX+1];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1116:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[8];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1122:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(path2, "rb")))
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1124:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(magic, "\0\0\0\0\0\0", 4);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *suffix[6] = {"", ".gz", ".bz2", ".sz", ".Z", ".bz2"};
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1218:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file2[1024];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char relative_path[PATH_MAX+1];
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1322:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (NULL == (fp = tmpfile()))
data/staden-io-lib-1.14.13/io_lib/read_scf.c:417:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scf->header, &h, sizeof(Header));
data/staden-io-lib-1.14.13/io_lib/sam_header.c:132:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sh->ref[nref].len = atoi(tag->str+3);
data/staden-io-lib-1.14.13/io_lib/sam_header.c:1189:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sh->ID_buf, "%.1000s.%d", name, sh->ID_cnt++);
data/staden-io-lib-1.14.13/io_lib/sam_header.c:1223:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(end, sh->pg_end, nends * sizeof(*end));
data/staden-io-lib-1.14.13/io_lib/sam_header.h:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ID_buf[1024]; // temporary buffer
data/staden-io-lib-1.14.13/io_lib/scf.h:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[4]; /* "version.revision" */
data/staden-io-lib-1.14.13/io_lib/scf_extras.c:155:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prob_A, r->prob_A, r->NBases);
data/staden-io-lib-1.14.13/io_lib/scf_extras.c:156:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prob_C, r->prob_C, r->NBases);
data/staden-io-lib-1.14.13/io_lib/scf_extras.c:157:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prob_G, r->prob_G, r->NBases);
data/staden-io-lib-1.14.13/io_lib/scf_extras.c:158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prob_T, r->prob_T, r->NBases);
data/staden-io-lib-1.14.13/io_lib/scf_extras.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seq, r->base, r->NBases);
data/staden-io-lib-1.14.13/io_lib/scram.c:135:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, fd->buf, l);
data/staden-io-lib-1.14.13/io_lib/scram.c:136:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd->buf, &fd->buf[l], fd->used - l);
data/staden-io-lib-1.14.13/io_lib/scram.c:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode2[10];
data/staden-io-lib-1.14.13/io_lib/scram.c:203:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mode2, "rs%.7s", mode+1), mode = mode2;
data/staden-io-lib-1.14.13/io_lib/scram.c:205:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mode2, "rb%.7s", mode+1), mode = mode2;
data/staden-io-lib-1.14.13/io_lib/scram.c:207:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mode2, "rc%.7s", mode+1), mode = mode2;
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:704:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[257];
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:705:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[8192], line[8192];
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commstr[256], *commstrp;
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:723:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[300];
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:743:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "LANE=%d\n", i2);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:766:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "SIGN=A=%d,C=%d,G=%d,T=%d\n",
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:777:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "SPAC=%-6.2f\n", fspacing);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:799:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "PRIM=%d\n", (i4>>16));
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:808:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1025];
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:809:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_s[1025];
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:810:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_e[1025];
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:819:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%04d%02d%02d.%02d%02d%02d - %04d%02d%02d.%02d%02d%02d",
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:1000:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "rb")) == NULL)
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:357:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[200];
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:468:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "rb")) == NULL)
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5], name[17], line[1024];
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:291:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "r")) == NULL)
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:324:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn,"w")) == NULL)
data/staden-io-lib-1.14.13/io_lib/sff.c:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->version, buf+4, 4);
data/staden-io-lib-1.14.13/io_lib/sff.c:123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+4, h->version, 4);
data/staden-io-lib-1.14.13/io_lib/sff.c:131:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+31, h->flow, h->flow_len);
data/staden-io-lib-1.14.13/io_lib/sff.c:132:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+31+h->flow_len, h->key, h->key_len);
data/staden-io-lib-1.14.13/io_lib/sff.c:134:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+end, "\0\0\0\0\0\0\0\0", ((end+7)&~7)-end);
data/staden-io-lib-1.14.13/io_lib/sff.c:147:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chdr[31];
data/staden-io-lib-1.14.13/io_lib/sff.c:221:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+16, h->name, h->name_len);
data/staden-io-lib-1.14.13/io_lib/sff.c:223:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+end, "\0\0\0\0\0\0\0\0", ((end+7)&~7)-end);
data/staden-io-lib-1.14.13/io_lib/sff.c:236:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rhdr[16];
data/staden-io-lib-1.14.13/io_lib/sff.h:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[4];
data/staden-io-lib-1.14.13/io_lib/srf.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bmode[11];
data/staden-io-lib-1.14.13/io_lib/srf.c:95:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (fp = fopen(fn, mode)) ? srf_create(fp) : NULL;
data/staden-io-lib-1.14.13/io_lib/srf.c:184:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[4];
data/staden-io-lib-1.14.13/io_lib/srf.c:193:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[4];
data/staden-io-lib-1.14.13/io_lib/srf.c:203:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[8];
data/staden-io-lib-1.14.13/io_lib/srf.c:219:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[8];
data/staden-io-lib-1.14.13/io_lib/srf.c:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[3];
data/staden-io-lib-1.14.13/io_lib/srf.c:536:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tb->read_id, suffix, suffix_len);
data/staden-io-lib-1.14.13/io_lib/srf.c:939:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name_copy, name, name_len);
data/staden-io-lib-1.14.13/io_lib/srf.c:1030:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr.magic, SRF_INDEX_MAGIC, 4);
data/staden-io-lib-1.14.13/io_lib/srf.c:1031:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr.version, SRF_INDEX_VERSION, 4);
data/staden-io-lib-1.14.13/io_lib/srf.c:1288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/staden-io-lib-1.14.13/io_lib/srf.c:1474:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(suffix+1, blk->data, *suffix);
data/staden-io-lib-1.14.13/io_lib/srf.c:1640:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ztr->chunk[ztr->nchunks-1], chunk, sizeof(*chunk));
data/staden-io-lib-1.14.13/io_lib/srf.c:2040:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/staden-io-lib-1.14.13/io_lib/srf.h:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[256];
data/staden-io-lib-1.14.13/io_lib/srf.h:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_caller[256];
data/staden-io-lib-1.14.13/io_lib/srf.h:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_caller_version[256];
data/staden-io-lib-1.14.13/io_lib/srf.h:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_prefix[256];
data/staden-io-lib-1.14.13/io_lib/srf.h:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_id[256];
data/staden-io-lib-1.14.13/io_lib/srf.h:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/staden-io-lib-1.14.13/io_lib/srf.h:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[4];
data/staden-io-lib-1.14.13/io_lib/srf.h:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbh_file[256];
data/staden-io-lib-1.14.13/io_lib/srf.h:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cont_file[256];
data/staden-io-lib-1.14.13/io_lib/srf.h:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch_file[PATH_MAX+1];
data/staden-io-lib-1.14.13/io_lib/srf.h:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char th_file[PATH_MAX+1];
data/staden-io-lib-1.14.13/io_lib/stdio_hack.h:57:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen mfopen
data/staden-io-lib-1.14.13/io_lib/string_alloc.c:155:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, instr, len);
data/staden-io-lib-1.14.13/io_lib/strings.c:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f,c,i);
data/staden-io-lib-1.14.13/io_lib/tar_format.h:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[TBLOCK];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMSIZ];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[8];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[8];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gid[8];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[12];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtime[12];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chksum[8];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkname[NAMSIZ];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[6];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[2];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[32];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gname[32];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devmajor[8];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devminor[8];
data/staden-io-lib-1.14.13/io_lib/tar_format.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[155];
data/staden-io-lib-1.14.13/io_lib/traceType.c:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/staden-io-lib-1.14.13/io_lib/translate.c:200:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read->info, scf->comments, scf->header.comments_size);
data/staden-io-lib-1.14.13/io_lib/translate.c:212:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read->private_data,scf->private_data, scf->header.private_size);
data/staden-io-lib-1.14.13/io_lib/translate.c:281:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scf->comments, read->info, scf->header.comments_size - 1);
data/staden-io-lib-1.14.13/io_lib/translate.c:291:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scf->header.version, scf_version_float2str(SCF_VERSION), 4);
data/staden-io-lib-1.14.13/io_lib/translate.c:321:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char valid_bases[256];
data/staden-io-lib-1.14.13/io_lib/translate.c:390:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exp_get_entry(e, EFLT_QL), "%d", read->leftCutoff);
data/staden-io-lib-1.14.13/io_lib/translate.c:395:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exp_get_entry(e, EFLT_QR), "%d", read->rightCutoff);
data/staden-io-lib-1.14.13/io_lib/translate.c:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/staden-io-lib-1.14.13/io_lib/translate.c:466:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exp_get_entry(e, EFLT_CH), "%d",chem );
data/staden-io-lib-1.14.13/io_lib/translate.c:477:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exp_get_entry(e, EFLT_PR), "%d",primer);
data/staden-io-lib-1.14.13/io_lib/translate.c:501:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start=atoi(line);
data/staden-io-lib-1.14.13/io_lib/translate.c:503:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stop=atoi(line);
data/staden-io-lib-1.14.13/io_lib/translate.c:535:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exp_get_entry(e, EFLT_SL),"%d",start);
data/staden-io-lib-1.14.13/io_lib/translate.c:536:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exp_get_entry(e, EFLT_SR),"%d",stop);
data/staden-io-lib-1.14.13/io_lib/translate.c:539:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[5]; /* staden note tag (always 4 chars) */
data/staden-io-lib-1.14.13/io_lib/translate.c:553:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[5]; /* staden note tag (always 4 chars) */
data/staden-io-lib-1.14.13/io_lib/translate.c:583:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rstart=atol(rangestart);
data/staden-io-lib-1.14.13/io_lib/translate.c:584:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rend=atol(rangeend);
data/staden-io-lib-1.14.13/io_lib/translate.c:735:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q = atoi(exp_get_entry(e, EFLT_QL));
data/staden-io-lib-1.14.13/io_lib/translate.c:739:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = atoi(exp_get_entry(e, EFLT_SL));
data/staden-io-lib-1.14.13/io_lib/translate.c:749:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q = atoi(exp_get_entry(e, EFLT_QR));
data/staden-io-lib-1.14.13/io_lib/translate.c:753:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = atoi(exp_get_entry(e, EFLT_SR));
data/staden-io-lib-1.14.13/io_lib/vlen.c:333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10000];
data/staden-io-lib-1.14.13/io_lib/vlen.c:335:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "d: %d\n", 500);
data/staden-io-lib-1.14.13/io_lib/vlen.c:347:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%c\n", 'a');
data/staden-io-lib-1.14.13/io_lib/vlen.c:351:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%31.30f\n", -9999.99);
data/staden-io-lib-1.14.13/io_lib/vlen.c:355:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%f\n", -1e308);
data/staden-io-lib-1.14.13/io_lib/vlen.c:359:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.9f\n", -1e308);
data/staden-io-lib-1.14.13/io_lib/vlen.c:363:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%10.20f\n", -1.999222333);
data/staden-io-lib-1.14.13/io_lib/vlen.c:367:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%#g\n", -3.14159265358e-222);
data/staden-io-lib-1.14.13/io_lib/vlen.c:371:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%e\n", -123456789123456789.1);
data/staden-io-lib-1.14.13/io_lib/vlen.c:379:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%*.*e %*c\n", 10, 5, 9.0, 20, 'x');
data/staden-io-lib-1.14.13/io_lib/vlen.c:383:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%10c\n", 'z');
data/staden-io-lib-1.14.13/io_lib/vlen.c:387:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.10c\n", 'z');
data/staden-io-lib-1.14.13/io_lib/vlen.c:391:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%10d\n", 'z');
data/staden-io-lib-1.14.13/io_lib/vlen.c:395:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.10d\n", 'z');
data/staden-io-lib-1.14.13/io_lib/vlen.c:399:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%10%\n");
data/staden-io-lib-1.14.13/io_lib/vlen.c:403:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.10%\n");
data/staden-io-lib-1.14.13/io_lib/vlen.c:419:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.5s\n", "0123456789");
data/staden-io-lib-1.14.13/io_lib/vlen.c:423:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.50s\n", "0123456789");
data/staden-io-lib-1.14.13/io_lib/vlen.c:427:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%5.50s\n", "0123456789");
data/staden-io-lib-1.14.13/io_lib/vlen.c:431:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%50.5s\n", "0123456789");
data/staden-io-lib-1.14.13/io_lib/write_scf.c:463:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scf->header.version, scf_version_float2str(SCF_VERSION), 4);
data/staden-io-lib-1.14.13/io_lib/write_scf.c:465:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scf->header.version, scf_version_float2str(SCF_VERSION_OLD), 4);
data/staden-io-lib-1.14.13/io_lib/write_scf.c:526:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn,"wb")) == NULL)
data/staden-io-lib-1.14.13/io_lib/zfio.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path2[1024];
data/staden-io-lib-1.14.13/io_lib/zfio.c:126:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
NULL != (zf->fp = fopen(path, mode))) {
data/staden-io-lib-1.14.13/io_lib/zfio.c:127:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[2];
data/staden-io-lib-1.14.13/io_lib/zfio.c:146:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path2, "%.*s.gz", 1020, path);
data/staden-io-lib-1.14.13/io_lib/ztr.c:200:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1024];
data/staden-io-lib-1.14.13/io_lib/ztr.c:201:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "chunk.%d", i);
data/staden-io-lib-1.14.13/io_lib/ztr.c:202:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, O_RDWR|O_CREAT|O_TRUNC, 0666);
data/staden-io-lib-1.14.13/io_lib/ztr.c:470:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ztr->chunk[ztr->nchunks-1], chunk, sizeof(*chunk));
data/staden-io-lib-1.14.13/io_lib/ztr.c:816:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[2];
data/staden-io-lib-1.14.13/io_lib/ztr.h:81:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[8]; /* 0xae5a54520d0a1a0a (be) */
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:97:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
blen = sprintf(buf, "%d", r->baseline);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:186:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *ztr_encode_samples_common(ztr_t *z,
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:187:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ident[4], Read *r,
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:202:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
blen = sprintf(buf, "%d", r->baseline);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:209:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*mdbytes = sprintf(*mdata, "TYPE%c%.*s", 0, 4, ident) + 1;
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:326:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes+1, r->base, r->NBases);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:343:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->base, bytes, r->NBases);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:835:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes+1, r->flow_order, r->nflows);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:849:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->flow_order, bytes, r->nflows);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:871:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(*mdata, "TYPE%cPYNO", 0);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:932:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(*mdata, "TYPE%cPYRW", 0);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:1037:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ztr->header.magic, ZTR_MAGIC, 8);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:1124:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r->baseline = atoi(offs);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:1146:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r->baseline = atoi(offs);
data/staden-io-lib-1.14.13/progs/append_sff.c:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chdr[31];
data/staden-io-lib-1.14.13/progs/append_sff.c:70:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fpout = fopen(argv[1], "rb+"))) {
data/staden-io-lib-1.14.13/progs/append_sff.c:105:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fpin = fopen(sff, "rb"))) {
data/staden-io-lib-1.14.13/progs/convert_trace.c:270:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(channel, copy, nchannel * sizeof(*copy));
data/staden-io-lib-1.14.13/progs/convert_trace.c:294:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, data, ndata * sizeof(TRACE));
data/staden-io-lib-1.14.13/progs/convert_trace.c:629:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts.start = atoi(*++argv);
data/staden-io-lib-1.14.13/progs/convert_trace.c:633:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts.end = atoi(*++argv);
data/staden-io-lib-1.14.13/progs/convert_trace.c:637:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts.scale = atoi(*++argv);
data/staden-io-lib-1.14.13/progs/convert_trace.c:660:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts.subtract = atoi(*++argv);
data/staden-io-lib-1.14.13/progs/convert_trace.c:667:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts.min_normalise = atoi(*++argv);
data/staden-io-lib-1.14.13/progs/convert_trace.c:686:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts.in_format = atoi(*argv);
data/staden-io-lib-1.14.13/progs/convert_trace.c:696:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts.out_format = atoi(*argv);
data/staden-io-lib-1.14.13/progs/convert_trace.c:724:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts.in_format = atoi(argv[0]);
data/staden-io-lib-1.14.13/progs/convert_trace.c:726:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts.out_format = atoi(argv[1]);
data/staden-io-lib-1.14.13/progs/convert_trace.c:756:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192], line2[8192];
data/staden-io-lib-1.14.13/progs/convert_trace.c:760:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fofn_fp = fopen(opts.fofn, "r"))) {
data/staden-io-lib-1.14.13/progs/convert_trace.c:765:41: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (opts.passed && NULL == (fppassed = fopen(opts.passed, "w"))) {
data/staden-io-lib-1.14.13/progs/convert_trace.c:770:41: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (opts.failed && NULL == (fpfailed = fopen(opts.failed, "w"))) {
data/staden-io-lib-1.14.13/progs/convert_trace.c:810:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192+10];
data/staden-io-lib-1.14.13/progs/convert_trace.c:824:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/staden-io-lib-1.14.13/progs/cram_dump.c:515:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[3];
data/staden-io-lib-1.14.13/progs/cram_dump.c:558:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[3];
data/staden-io-lib-1.14.13/progs/cram_dump.c:611:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dat[100];
data/staden-io-lib-1.14.13/progs/cram_dump.c:734:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dat[1024];
data/staden-io-lib-1.14.13/progs/cram_dump.c:749:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dat[1024];
data/staden-io-lib-1.14.13/progs/cram_dump.c:800:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fields[1024], *fp = fields;
data/staden-io-lib-1.14.13/progs/cram_dump.c:940:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/staden-io-lib-1.14.13/progs/cram_filter.c:122:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[3];
data/staden-io-lib-1.14.13/progs/cram_filter.c:227:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
cram_container *c, char *keep_aux,
data/staden-io-lib-1.14.13/progs/cram_filter.c:228:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*tag_to_keep)[128]) {
data/staden-io-lib-1.14.13/progs/cram_filter.c:274:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*tag_to_keep)[128],
data/staden-io-lib-1.14.13/progs/cram_filter.c:275:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*tag_to_del)[128]) {
data/staden-io-lib-1.14.13/progs/cram_filter.c:333:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void fix_TD_map(cram_container *c, char (*tag_to_del)[128]) {
data/staden-io-lib-1.14.13/progs/cram_filter.c:397:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup->data, b->data, b->comp_size);
data/staden-io-lib-1.14.13/progs/cram_filter.c:540:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_to_del[128][128] = {{0}};
data/staden-io-lib-1.14.13/progs/cram_filter.c:541:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_to_keep[128][128] = {{0}};
data/staden-io-lib-1.14.13/progs/cram_filter.c:700:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn_idx[PATH_MAX];
data/staden-io-lib-1.14.13/progs/cram_filter.c:707:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(fn_idx, "r"))) {
data/staden-io-lib-1.14.13/progs/cram_size.c:158:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/staden-io-lib-1.14.13/progs/cram_size.c:290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fields[1024], *fp = fields;
data/staden-io-lib-1.14.13/progs/cram_to_sam.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[4] = {'w', '\0', '\0', '\0'};
data/staden-io-lib-1.14.13/progs/cram_to_sam.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ref_name[1024] = {0}, *arg_list, *ref_fn = NULL;
data/staden-io-lib-1.14.13/progs/extract_fastq.c:132:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (outfp = fopen(*++argv, "wb"))) {
data/staden-io-lib-1.14.13/progs/extract_fastq.c:148:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192];
data/staden-io-lib-1.14.13/progs/extract_fastq.c:153:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fofn_fp = fopen(fofn, "r");
data/staden-io-lib-1.14.13/progs/extract_qual.c:81:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d ", conf[i]);
data/staden-io-lib-1.14.13/progs/extract_qual.c:320:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (outfp = fopen(*++argv, "wb"))) {
data/staden-io-lib-1.14.13/progs/extract_qual.c:338:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192];
data/staden-io-lib-1.14.13/progs/extract_qual.c:343:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fofn_fp = fopen(fofn, "r");
data/staden-io-lib-1.14.13/progs/extract_seq.c:237:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (outfp = fopen(*++argv, "wb"))) {
data/staden-io-lib-1.14.13/progs/extract_seq.c:255:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192];
data/staden-io-lib-1.14.13/progs/extract_seq.c:260:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fofn_fp = fopen(fofn, "r");
data/staden-io-lib-1.14.13/progs/hash_exp.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192];
data/staden-io-lib-1.14.13/progs/hash_exp.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rname[8192];
data/staden-io-lib-1.14.13/progs/hash_exp.c:105:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(argv[1], "rb+"))) {
data/staden-io-lib-1.14.13/progs/hash_extract.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/staden-io-lib-1.14.13/progs/hash_extract.c:99:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fofnfp = fopen(fofn, "r"))) {
data/staden-io-lib-1.14.13/progs/hash_list.c:96:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "rb");
data/staden-io-lib-1.14.13/progs/hash_sff.c:69:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rhdr[16];
data/staden-io-lib-1.14.13/progs/hash_sff.c:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chdr[31];
data/staden-io-lib-1.14.13/progs/hash_sff.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr[31];
data/staden-io-lib-1.14.13/progs/hash_sff.c:126:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fpout = fopen(argv[1], "wb+"))) {
data/staden-io-lib-1.14.13/progs/hash_sff.c:161:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(sff, "rb"))) {
data/staden-io-lib-1.14.13/progs/hash_sff.c:166:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(sff, "rb+"))) {
data/staden-io-lib-1.14.13/progs/hash_sff.c:233:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[8192];
data/staden-io-lib-1.14.13/progs/hash_tar.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char member[256];
data/staden-io-lib-1.14.13/progs/hash_tar.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/staden-io-lib-1.14.13/progs/hash_tar.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192];
data/staden-io-lib-1.14.13/progs/hash_tar.c:88:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "r"))) {
data/staden-io-lib-1.14.13/progs/hash_tar.c:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char member[256];
data/staden-io-lib-1.14.13/progs/hash_tar.c:423:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(argv[0], "rb");
data/staden-io-lib-1.14.13/progs/index_tar.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char member[257];
data/staden-io-lib-1.14.13/progs/index_tar.c:103:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(argv[0], "rb"))) {
data/staden-io-lib-1.14.13/progs/makeSCF.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/staden-io-lib-1.14.13/progs/sam_to_cram.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_mode[4];
data/staden-io-lib-1.14.13/progs/sam_to_cram.c:99:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s_opt = atoi(optarg);
data/staden-io-lib-1.14.13/progs/sam_to_cram.c:103:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
S_opt = atoi(optarg);
data/staden-io-lib-1.14.13/progs/sam_to_cram.c:137:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out_mode, "wb%c", level);
data/staden-io-lib-1.14.13/progs/scf_update.c:101:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = atoi(argv[2]);
data/staden-io-lib-1.14.13/progs/scram_flagstat.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imode[10], *in_f = "";
data/staden-io-lib-1.14.13/progs/scram_flagstat.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ref_name[1024] = {0};
data/staden-io-lib-1.14.13/progs/scram_flagstat.c:165:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nthreads = atoi(optarg);
data/staden-io-lib-1.14.13/progs/scram_merge.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imode[10], *in_f = "", omode[10], *out_f = "";
data/staden-io-lib-1.14.13/progs/scram_merge.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ref_name[1024] = {0};
data/staden-io-lib-1.14.13/progs/scram_merge.c:166:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s_opt = atoi(optarg);
data/staden-io-lib-1.14.13/progs/scram_merge.c:170:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
S_opt = atoi(optarg);
data/staden-io-lib-1.14.13/progs/scram_merge.c:216:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_reads = atoi(optarg);
data/staden-io-lib-1.14.13/progs/scram_pileup.c:92:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tab[256][2];
data/staden-io-lib-1.14.13/progs/scram_pileup.c:629:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strand_char[2][256];
data/staden-io-lib-1.14.13/progs/scram_pileup.c:786:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, seq, sp-seq); cp += sp-seq; *cp++ = '\t';
data/staden-io-lib-1.14.13/progs/scram_pileup.c:787:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, qual, qp-qual); cp += qp-qual; *cp++ = '\0';
data/staden-io-lib-1.14.13/progs/scram_pileup.c:847:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024], *cp = buf, *rp;
data/staden-io-lib-1.14.13/progs/scram_test.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imode[10], *in_f = "";
data/staden-io-lib-1.14.13/progs/scram_test.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ref_name[1024] = {0};
data/staden-io-lib-1.14.13/progs/scram_test.c:167:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nthreads = atoi(optarg);
data/staden-io-lib-1.14.13/progs/scramble.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2][257] = {{0}};
data/staden-io-lib-1.14.13/progs/scramble.c:244:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imode[10], *in_f = "", omode[10], *out_f = "", *index_fn = NULL, *index_out_fn = NULL;
data/staden-io-lib-1.14.13/progs/scramble.c:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ref_name[1024] = {0};
data/staden-io-lib-1.14.13/progs/scramble.c:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_filter[65536] = {0};
data/staden-io-lib-1.14.13/progs/scramble.c:307:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s_opt = atoi(optarg);
data/staden-io-lib-1.14.13/progs/scramble.c:312:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bases_per_slice = atoi(optarg);
data/staden-io-lib-1.14.13/progs/scramble.c:316:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
S_opt = atoi(optarg);
data/staden-io-lib-1.14.13/progs/scramble.c:434:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nthreads = atoi(optarg);
data/staden-io-lib-1.14.13/progs/scramble.c:458:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_reads = atoi(optarg);
data/staden-io-lib-1.14.13/progs/srf2fasta.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_READ_LEN*2 + 512 + 6];
data/staden-io-lib-1.14.13/progs/srf2fasta.c:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512];
data/staden-io-lib-1.14.13/progs/srf2fastq.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[MAX_REGIONS];
data/staden-io-lib-1.14.13/progs/srf2fastq.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[MAX_REGIONS];
data/staden-io-lib-1.14.13/progs/srf2fastq.c:95:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char cbase[256];
data/staden-io-lib-1.14.13/progs/srf2fastq.c:122:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qlookup[256];
data/staden-io-lib-1.14.13/progs/srf2fastq.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1024];
data/staden-io-lib-1.14.13/progs/srf2fastq.c:207:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bndy, chunk->data+1, chunk->dlength-1);
data/staden-io-lib-1.14.13/progs/srf2fastq.c:253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_READ_LEN*2 + 512 + 6];
data/staden-io-lib-1.14.13/progs/srf2fastq.c:283:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FILENAME_MAX];
data/staden-io-lib-1.14.13/progs/srf2fastq.c:308:43: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(filename, "wb+"))) {
data/staden-io-lib-1.14.13/progs/srf2fastq.c:398:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int n = sprintf(seq,"/%d", regn->index[iregion]);
data/staden-io-lib-1.14.13/progs/srf2fastq.c:585:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char root[FILENAME_MAX];
data/staden-io-lib-1.14.13/progs/srf2fastq.c:587:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filenames[MAX_REGIONS];
data/staden-io-lib-1.14.13/progs/srf2fastq.c:659:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512];
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:134:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*variable = atoi(&name[(*i)+1]);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:330:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key ? atoi(key) : 0,
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:345:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key ? atoi(key) : 0,
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:360:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key ? atoi(key) : 0,
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:500:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cThisLine[MAX_REC_LEN]; /* Contents of current line */
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:639:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file_name, "r");
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:849:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[2048];
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:854:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "w+"))) {
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:872:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], dir2[1024];
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:951:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[2048];
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:955:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen(fn, "w+"))) {
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:973:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], dir2[1024];
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:1037:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512];
data/staden-io-lib-1.14.13/progs/srf_extract_hash.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qlookup[256];
data/staden-io-lib-1.14.13/progs/srf_extract_hash.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_READ_LEN*2 + 512 + 6];
data/staden-io-lib-1.14.13/progs/srf_extract_hash.c:146:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(archive, "rb");
data/staden-io-lib-1.14.13/progs/srf_extract_linear.c:101:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512];
data/staden-io-lib-1.14.13/progs/srf_filter.c:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cThisLine[MAX_REC_LEN]; /* Contents of current line */
data/staden-io-lib-1.14.13/progs/srf_filter.c:330:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file_name, "r");
data/staden-io-lib-1.14.13/progs/srf_filter.c:591:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
mdlen = sprintf(mdata, "NAME%cforward:P;reverse:P%c",0,0);
data/staden-io-lib-1.14.13/progs/srf_filter.c:622:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/staden-io-lib-1.14.13/progs/srf_filter.c:802:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trace_hdr, mf->data, trace_hdr_size);
data/staden-io-lib-1.14.13/progs/srf_filter.c:1050:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[65536];
data/staden-io-lib-1.14.13/progs/srf_filter.c:1146:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rev_cycle = atoi(optarg);
data/staden-io-lib-1.14.13/progs/srf_index_hash.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512];
data/staden-io-lib-1.14.13/progs/srf_info.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[MAX_REGIONS];
data/staden-io-lib-1.14.13/progs/srf_info.c:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[MAX_REGIONS];
data/staden-io-lib-1.14.13/progs/srf_info.c:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1024];
data/staden-io-lib-1.14.13/progs/srf_info.c:228:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bndy, chunk->data+1, chunk->dlength-1);
data/staden-io-lib-1.14.13/progs/srf_info.c:429:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ztr->chunk[ztr->nchunks-1], chunk, sizeof(*chunk));
data/staden-io-lib-1.14.13/progs/srf_info.c:468:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int srf_info(char *input, int level_mode, long *read_count, long *chunk_count,
data/staden-io-lib-1.14.13/progs/srf_info.c:477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/staden-io-lib-1.14.13/progs/srf_info.c:806:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5];
data/staden-io-lib-1.14.13/progs/srf_list.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512];
data/staden-io-lib-1.14.13/progs/ztr_dump.c:46:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unk[100];
data/staden-io-lib-1.14.13/progs/ztr_dump.c:71:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(unk, "?%d?\n", format);
data/staden-io-lib-1.14.13/progs/ztr_dump.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[5];
data/staden-io-lib-1.14.13/tests/cram_io_test.c:10:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(argv[i],"rb");
data/staden-io-lib-1.14.13/tests/cram_io_test.c:19:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf0[32];
data/staden-io-lib-1.14.13/tests/cram_io_test.c:20:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf1[32];
data/staden-io-lib-1.14.13/io_lib/Read.c:158:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/staden-io-lib-1.14.13/io_lib/Read.c:162:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !strncmp(fn,BIOLIMS_TAG,strlen(BIOLIMS_TAG))){
data/staden-io-lib-1.14.13/io_lib/Read.c:196:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-io-lib-1.14.13/io_lib/Read.c:213:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/staden-io-lib-1.14.13/io_lib/Read.c:324:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != NULLRead && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/staden-io-lib-1.14.13/io_lib/Read.c:324:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read != NULLRead && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/staden-io-lib-1.14.13/io_lib/Read.c:329:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-io-lib-1.14.13/io_lib/Read.c:344:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int mfwrite_reading(mFILE *fp, Read *read, int format) {
data/staden-io-lib-1.14.13/io_lib/Read.c:370:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztr = read2ztr(read);
data/staden-io-lib-1.14.13/io_lib/Read.c:379:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztr = read2ztr(read);
data/staden-io-lib-1.14.13/io_lib/Read.c:387:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ztr = read2ztr(read);
data/staden-io-lib-1.14.13/io_lib/Read.c:399:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
scf = read2scf(read);
data/staden-io-lib-1.14.13/io_lib/Read.c:426:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Exp_info *e = read2exp(read, read->ident ? read->ident : "unknown");
data/staden-io-lib-1.14.13/io_lib/Read.c:442:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = mfwrite_pln(fp, read);
data/staden-io-lib-1.14.13/io_lib/Read.c:456:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_reading(FILE *fp, Read *read, int format) {
data/staden-io-lib-1.14.13/io_lib/Read.c:460:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = mfwrite_reading(mf, read, format);
data/staden-io-lib-1.14.13/io_lib/Read.c:479:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_reading(char *fn, Read *read, int format) {
data/staden-io-lib-1.14.13/io_lib/Read.c:485:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = mfwrite_reading(fp, read, format);
data/staden-io-lib-1.14.13/io_lib/Read.c:499:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_abi(FILE *fp, Read *read) {
data/staden-io-lib-1.14.13/io_lib/Read.c:500:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fwrite_reading(fp, read, TT_ABI);
data/staden-io-lib-1.14.13/io_lib/Read.c:509:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_alf(FILE *fp, Read *read) {
data/staden-io-lib-1.14.13/io_lib/Read.c:510:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fwrite_reading(fp, read, TT_ALF);
data/staden-io-lib-1.14.13/io_lib/Read.c:519:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_pln(FILE *fp, Read *read) {
data/staden-io-lib-1.14.13/io_lib/Read.c:520:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fwrite_reading(fp, read, TT_PLN);
data/staden-io-lib-1.14.13/io_lib/Read.h:240:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_reading(char *fn, Read *read, int format);
data/staden-io-lib-1.14.13/io_lib/Read.h:241:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_reading(FILE *fp, Read *read, int format);
data/staden-io-lib-1.14.13/io_lib/Read.h:242:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int mfwrite_reading(mFILE *fp, Read *read, int format);
data/staden-io-lib-1.14.13/io_lib/Read.h:275:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read_deallocate(Read *read);
data/staden-io-lib-1.14.13/io_lib/Read.h:284:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_abi(char *fn, Read *read);
data/staden-io-lib-1.14.13/io_lib/Read.h:285:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_abi(FILE *fp, Read *read);
data/staden-io-lib-1.14.13/io_lib/Read.h:286:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int mfwrite_abi(mFILE *fp, Read *read);
data/staden-io-lib-1.14.13/io_lib/Read.h:288:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_alf(char *fn, Read *read);
data/staden-io-lib-1.14.13/io_lib/Read.h:289:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_alf(FILE *fp, Read *read);
data/staden-io-lib-1.14.13/io_lib/Read.h:290:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int mfwrite_alf(mFILE *fp, Read *read);
data/staden-io-lib-1.14.13/io_lib/Read.h:295:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_pln(char *fn, Read *read);
data/staden-io-lib-1.14.13/io_lib/Read.h:296:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_pln(FILE *fp, Read *read);
data/staden-io-lib-1.14.13/io_lib/Read.h:297:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int mfwrite_pln(mFILE *fp, Read *read);
data/staden-io-lib-1.14.13/io_lib/bam.c:2497:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen((const char *) data) + 1;
data/staden-io-lib-1.14.13/io_lib/bam.c:2620:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(tags[i].value.z) + 1;
data/staden-io-lib-1.14.13/io_lib/bam.c:3540:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(fp->header->ref[b->ref].name);
data/staden-io-lib-1.14.13/io_lib/bam.c:3585:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(fp->header->ref[b->mate_ref].name);
data/staden-io-lib-1.14.13/io_lib/bam.c:3764:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(val.s), l2;
data/staden-io-lib-1.14.13/io_lib/bam.c:4036:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdr_size += strlen(out->header->ref[i].name)+1 + 8;
data/staden-io-lib-1.14.13/io_lib/bam.c:4054:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(out->header->ref[i].name)+1;
data/staden-io-lib-1.14.13/io_lib/bgzip.c:77:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn) >= 4 && strcmp(fn+strlen(fn)-4, ".gzi") == 0) {
data/staden-io-lib-1.14.13/io_lib/bgzip.c:77:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn) >= 4 && strcmp(fn+strlen(fn)-4, ".gzi") == 0) {
data/staden-io-lib-1.14.13/io_lib/bgzip.c:178:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int blen = strlen(bname);
data/staden-io-lib-1.14.13/io_lib/bgzip.c:179:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(suffix);
data/staden-io-lib-1.14.13/io_lib/compress.c:346:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fdp[1][0], buf, PIPEBS);
data/staden-io-lib-1.14.13/io_lib/compress.c:645:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = file+strlen(file)-strlen(magics[i].extension);
data/staden-io-lib-1.14.13/io_lib/compress.c:645:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cp = file+strlen(file)-strlen(magics[i].extension);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:586:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(prefix);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:851:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(prefix);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:1005:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(prefix);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:1149:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(prefix);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:1466:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(prefix);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:1843:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(prefix);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:2235:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(prefix);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:2984:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(prefix);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:3335:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(prefix);
data/staden-io-lib-1.14.13/io_lib/cram_codecs.c:3539:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(prefix);
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:2076:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cr->ntags = strlen((char *)TN)/3; // optimise to remove strlen
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:2333:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(fd->prefix) + 20; // overestimate
data/staden-io-lib-1.14.13/io_lib/cram_decode.c:3155:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(fd->prefix);
data/staden-io-lib-1.14.13/io_lib/cram_index.c:223:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const fnsize = strlen(fn);
data/staden-io-lib-1.14.13/io_lib/cram_index.c:224:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const suffixsize = strlen(indexsuffix);
data/staden-io-lib-1.14.13/io_lib/cram_index.c:519:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len=strlen(fn_base)) > PATH_MAX-6)
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3085:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(hi = HashTableAdd(r->h_meta, e->name, strlen(e->name), hd, &n))){
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3240:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (HashTableSearch(r->h_meta, h->ref[i].name, strlen(h->ref[i].name)))
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3263:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(r->ref_id[j]->name), hd, &n))
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3284:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, dir, cp-dir);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3289:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path += strlen(fn);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3290:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn += strlen(fn);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3297:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = MIN(l, strlen(fn));
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3299:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, fn, l);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:3315:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path += strlen(dir);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:4996:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out, in, PATH_MAX-1);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5003:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len = strlen(out))+1+strlen(in) >= PATH_MAX) {
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5003:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len = strlen(out))+1+strlen(in) >= PATH_MAX) {
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5004:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out, in, PATH_MAX-1);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5490:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int const c = fgetc(fd->fp_in);
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5576:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mode) > 1 && (mode[1] == 'b' || mode[1] == 'c')) {
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5586:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mode) > 2 && mode[2] >= '0' && mode[2] <= '9') {
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5626:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(def.file_id, filename, MIN(strlen(filename),20));
data/staden-io-lib-1.14.13/io_lib/cram_io.c:5864:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(def.file_id, filename, MIN(strlen(filename),20));
data/staden-io-lib-1.14.13/io_lib/cram_structs.h:974:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define CRAM_IO_GETC(fd) getc(fd->fp_in)
data/staden-io-lib-1.14.13/io_lib/deflate_interlaced.c:2114:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, data + dcurr, 8192);
data/staden-io-lib-1.14.13/io_lib/dstring.c:298:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return dstring_ninsert(ds, offset, str, strlen(str));
data/staden-io-lib-1.14.13/io_lib/dstring.c:510:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ds->length = strlen(ds->str);
data/staden-io-lib-1.14.13/io_lib/dstring.c:556:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rep_len = strlen(rep_str);
data/staden-io-lib-1.14.13/io_lib/dstring.c:601:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t search_len = strlen(search);
data/staden-io-lib-1.14.13/io_lib/dstring.c:625:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t search_len = strlen(search);
data/staden-io-lib-1.14.13/io_lib/dstring.c:656:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t search_len = strlen(search);
data/staden-io-lib-1.14.13/io_lib/dstring.c:839:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(long)strlen(dstring_str(ds1)));
data/staden-io-lib-1.14.13/io_lib/dstring.c:865:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("i=%d, len=%ld\n", i, (long)strlen(dstring_str(ds1)));
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:296:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(seq = arr(char *,e->entries[eflt],i));
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:476:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:482:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:597:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:708:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:759:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(&aline[10]);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:796:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry_len = strlen(c);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:883:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s,exp_get_entry(e,id),s_l);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:899:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(exp_get_entry(e,id), s, len);
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:924:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return exp_append_str(e,id,buf,strlen(buf));
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:941:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return exp_append_str(e,id,buf,strlen(buf));
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:1151:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return exp_append_str(e,*id,buf,strlen(buf));
data/staden-io-lib-1.14.13/io_lib/expFileIO.c:1315:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(str);
data/staden-io-lib-1.14.13/io_lib/find.c:115:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
paths = (char *) malloc(strlen(searchpath)+1);
data/staden-io-lib-1.14.13/io_lib/find.c:122:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(next,next+1,strlen(next+1)+1); /* shuffle up data [including \0]*/
data/staden-io-lib-1.14.13/io_lib/find.c:132:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !strncmp( CORBATAG,path,strlen(CORBATAG))){
data/staden-io-lib-1.14.13/io_lib/find.c:133:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(corba_found(wholePath,path+strlen(CORBATAG),file)){
data/staden-io-lib-1.14.13/io_lib/find.c:141:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !strncmp( BIOLIMS_TAG,path,strlen(BIOLIMS_TAG))){
data/staden-io-lib-1.14.13/io_lib/find.c:142:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(biolims_found(wholePath,path+strlen(BIOLIMS_TAG),file)){
data/staden-io-lib-1.14.13/io_lib/find.c:151:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(wholePath,"/");
data/staden-io-lib-1.14.13/io_lib/find.c:164:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(next,next+1,strlen(next+1)+1); /* shuffle up data */
data/staden-io-lib-1.14.13/io_lib/hash_table.c:535:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:694:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:785:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1015:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hfsize += strlen(hf->archives[i])+1; /* archive filename */
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1052:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fputc(strlen(hf->archives[i]), fp);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1173:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fnamelen = fgetc(fp);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1180:2: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1321:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = fgetc(fp);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1341:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fnamelen = fgetc(fp);
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1570:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (klen = fgetc(hf->hfp); klen; klen = fgetc(hf->hfp)) {
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1570:46: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (klen = fgetc(hf->hfp); klen; klen = fgetc(hf->hfp)) {
data/staden-io-lib-1.14.13/io_lib/hash_table.c:1691:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (-1 == HashFileQuery(hf, (uint8_t *)fname, strlen(fname), &hfi))
data/staden-io-lib-1.14.13/io_lib/misc_scf.c:110:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(v,version,4);v[4]='\0';
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:146:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newsearch = (char *)malloc((len = strlen(searchpath))+5);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:230:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_len = strlen(file);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:416:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(server, arcname, 1023);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:439:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_len = strlen(msg);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:466:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((msg_len = read(s, buf, RDBUFSZ)) > 0 ||
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:492:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int maxlen = 8190 - strlen(file);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:500:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(strcpy(cp, file));
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:529:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int maxlen = 8190 - strlen(file);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:567:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(strcpy(cp, file));
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:910:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t entry_len = strlen(entry);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1052:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dirname);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1069:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path_end, dirname, (endp+1)-dirname);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1075:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path_end, dirname, cp-dirname);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1078:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path_end, file, l);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1079:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_end += MIN(strlen(file), l);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1080:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file += MIN(strlen(file), l);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1083:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_end += strlen(file);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1084:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file += strlen(file);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1089:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path_end, dirname, len);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1090:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_end += MIN(strlen(dirname), len);
data/staden-io-lib-1.14.13/io_lib/open_trace_file.c:1214:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ele = newsearch; *ele; ele += strlen(ele)+1) {
data/staden-io-lib-1.14.13/io_lib/read_alloc.c:207:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read_deallocate(Read *read)
data/staden-io-lib-1.14.13/io_lib/read_alloc.c:249:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xfree(read);
data/staden-io-lib-1.14.13/io_lib/read_alloc.c:284:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(new_name);
data/staden-io-lib-1.14.13/io_lib/read_alloc.c:286:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(src->trace_name);
data/staden-io-lib-1.14.13/io_lib/sam_header.c:129:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sh->ref[nref].name, tag->str+3, tag->len-3);
data/staden-io-lib-1.14.13/io_lib/sam_header.c:167:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sh->rg[nrg].name, tag->str+3, tag->len-3);
data/staden-io-lib-1.14.13/io_lib/sam_header.c:169:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sh->rg[nrg].name_len = strlen(sh->rg[nrg].name);
data/staden-io-lib-1.14.13/io_lib/sam_header.c:205:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sh->pg[npg].name, tag->str+3, tag->len-3);
data/staden-io-lib-1.14.13/io_lib/sam_header.c:207:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sh->pg[npg].name_len = strlen(sh->pg[npg].name);
data/staden-io-lib-1.14.13/io_lib/sam_header.c:281:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(lines);
data/staden-io-lib-1.14.13/io_lib/sam_header.c:587:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hi = HashTableSearch(hdr->ref_hash, ID_value, strlen(ID_value));
data/staden-io-lib-1.14.13/io_lib/sam_header.c:593:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hi = HashTableSearch(hdr->rg_hash, ID_value, strlen(ID_value));
data/staden-io-lib-1.14.13/io_lib/sam_header.c:599:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hi = HashTableSearch(hdr->pg_hash, ID_value, strlen(ID_value));
data/staden-io-lib-1.14.13/io_lib/sam_header.c:1106:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HashItem *hi = HashTableSearch(hdr->ref_hash, ref, strlen(ref));
data/staden-io-lib-1.14.13/io_lib/sam_header.c:1265:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes += strlen(argv[i]) + 1;
data/staden-io-lib-1.14.13/io_lib/scram.c:199:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stdin);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:619:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = fgetc(fp)) == EOF)
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:918:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char *)xmalloc(strlen(comment)+1);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:975:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return(read);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:979:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:980:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:996:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:1006:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:1006:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:1009:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:1016:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_abi(char *fn, Read *read) {
data/staden-io-lib-1.14.13/io_lib/seqIOABI.c:1025:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_abi(FILE *fp, Read *read) {
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:443:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return(read);
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:447:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:448:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:465:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:474:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:474:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read && (read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:477:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:484:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_alf(char *fn, Read *read) {
data/staden-io-lib-1.14.13/io_lib/seqIOALF.c:493:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_alf(FILE *fp, Read *read) {
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:187:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fp)) != EOF) {
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:197:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:205:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:222:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read->trace_name = (char *)xmalloc(strlen(name)+1);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:229:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:232:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:235:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:238:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:242:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:253:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read->leftCutoff = strlen(leftc);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:258:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rightc, strlen(rightc));
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:260:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read->NBases += read->leftCutoff + strlen(rightc);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:267:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return(read);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:271:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:272:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:288:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:297:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && read->trace_name == NULL &&
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:298:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(read->trace_name = (char *)xmalloc(strlen(fn)+1)))
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:301:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:308:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fwrite_pln(FILE *fp, Read *read) {
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:321:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int write_pln(char *fn, Read *read) {
data/staden-io-lib-1.14.13/io_lib/seqIOPlain.c:327:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fwrite_pln(fp, read)) {
data/staden-io-lib-1.14.13/io_lib/srf.c:83:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((l = strlen(mode)) < 9) {
data/staden-io-lib-1.14.13/io_lib/srf.c:134:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = str ? strlen(str) : 0;
data/staden-io-lib-1.14.13/io_lib/srf.c:169:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (EOF == (len = fgetc(srf->fp)))
data/staden-io-lib-1.14.13/io_lib/srf.c:257:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ch->base_caller, bc, 255);
data/staden-io-lib-1.14.13/io_lib/srf.c:258:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ch->base_caller_version, bc_version, 255);
data/staden-io-lib-1.14.13/io_lib/srf.c:284:34: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (EOF == (ch->block_type = fgetc(srf->fp)))
data/staden-io-lib-1.14.13/io_lib/srf.c:300:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (EOF == (ch->container_type = fgetc(srf->fp)) ||
data/staden-io-lib-1.14.13/io_lib/srf.c:334:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(ch->version) + 1
data/staden-io-lib-1.14.13/io_lib/srf.c:335:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(ch->base_caller) + 1
data/staden-io-lib-1.14.13/io_lib/srf.c:336:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(ch->base_caller_version) + 1;
data/staden-io-lib-1.14.13/io_lib/srf.c:362:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (EOF == (block_type = fgetc(srf->fp)))
data/staden-io-lib-1.14.13/io_lib/srf.c:418:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(th->id_prefix, prefix, 255);
data/staden-io-lib-1.14.13/io_lib/srf.c:449:34: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (EOF == (th->block_type = fgetc(srf->fp)))
data/staden-io-lib-1.14.13/io_lib/srf.c:459:40: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (EOF == (th->read_prefix_type = fgetc(srf->fp)))
data/staden-io-lib-1.14.13/io_lib/srf.c:500:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(th->id_prefix) + 1
data/staden-io-lib-1.14.13/io_lib/srf.c:532:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix_len = strlen(suffix);
data/staden-io-lib-1.14.13/io_lib/srf.c:596:34: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (EOF == (tb->block_type = fgetc(srf->fp)))
data/staden-io-lib-1.14.13/io_lib/srf.c:607:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (EOF == (z = fgetc(srf->fp)))
data/staden-io-lib-1.14.13/io_lib/srf.c:688:43: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (EOF == (hdr->index_type = fgetc(srf->fp)))
data/staden-io-lib-1.14.13/io_lib/srf.c:690:43: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (EOF == (hdr->dbh_pos_stored_sep = fgetc(srf->fp)))
data/staden-io-lib-1.14.13/io_lib/srf.c:796:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(idx->ch_file, ch_file, PATH_MAX);
data/staden-io-lib-1.14.13/io_lib/srf.c:803:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(idx->th_file, th_file, PATH_MAX);
data/staden-io-lib-1.14.13/io_lib/srf.c:915:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name) + 1; /* Include NULL */
data/staden-io-lib-1.14.13/io_lib/srf.c:1010:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
1 + strlen(idx->ch_file) +
data/staden-io-lib-1.14.13/io_lib/srf.c:1011:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
1 + strlen(idx->th_file);
data/staden-io-lib-1.14.13/io_lib/srf.c:1036:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hdr.dbh_file, idx->th_file, 255);
data/staden-io-lib-1.14.13/io_lib/srf.c:1037:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hdr.cont_file, idx->ch_file, 255);
data/staden-io-lib-1.14.13/io_lib/srf.c:1855:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(srf->fp);
data/staden-io-lib-1.14.13/io_lib/srf.c:2023:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hval = hash64(HASH_FUNC_JENKINS3, (unsigned char *)tname, strlen(tname));
data/staden-io-lib-1.14.13/io_lib/srf.c:2041:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int h = fgetc(srf->fp);
data/staden-io-lib-1.14.13/io_lib/stdio_hack.h:68:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define fgetc mfgetc
data/staden-io-lib-1.14.13/io_lib/string_alloc.c:147:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return string_ndup(a_str, instr, strlen(instr));
data/staden-io-lib-1.14.13/io_lib/strings.c:108:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c,f,i);
data/staden-io-lib-1.14.13/io_lib/strings.c:116:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = MIN((int)strlen(c),max_f);
data/staden-io-lib-1.14.13/io_lib/strings.c:190:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_ct = strlen(ct);
data/staden-io-lib-1.14.13/io_lib/strings.c:191:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(cs) - len_ct;
data/staden-io-lib-1.14.13/io_lib/strings.c:214:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen(str);
data/staden-io-lib-1.14.13/io_lib/thread_pool.c:792:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(random() % 1000000); // to coerce job completion out of order
data/staden-io-lib-1.14.13/io_lib/traceType.c:168:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(magics[i].string);
data/staden-io-lib-1.14.13/io_lib/traceType.c:181:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( ( c = fgetc(fp) ) == EOF ) break;
data/staden-io-lib-1.14.13/io_lib/translate.c:124:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/staden-io-lib-1.14.13/io_lib/translate.c:138:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (NULLRead == read)
data/staden-io-lib-1.14.13/io_lib/translate.c:196:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/staden-io-lib-1.14.13/io_lib/translate.c:215:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/staden-io-lib-1.14.13/io_lib/translate.c:226:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Scf *read2scf(Read *read) {
data/staden-io-lib-1.14.13/io_lib/translate.c:274:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scf->header.comments_size = strlen(read->info) + 1;
data/staden-io-lib-1.14.13/io_lib/translate.c:315:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Exp_info *read2exp(Read *read, char *EN) {
data/staden-io-lib-1.14.13/io_lib/translate.c:318:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(EN)+1;
data/staden-io-lib-1.14.13/io_lib/translate.c:375:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e, EFLT_LN, strlen(cp)+1);
data/staden-io-lib-1.14.13/io_lib/translate.c:380:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e, EFLT_LT, strlen(t)+1);
data/staden-io-lib-1.14.13/io_lib/translate.c:481:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e,EFLT_SV,strlen(line)-EXP_TAGLEN+1);
data/staden-io-lib-1.14.13/io_lib/translate.c:486:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e,EFLT_CV,strlen(line)-EXP_TAGLEN+1);
data/staden-io-lib-1.14.13/io_lib/translate.c:491:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e,EFLT_CN,strlen(line)-EXP_TAGLEN+1);
data/staden-io-lib-1.14.13/io_lib/translate.c:525:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e, EFLT_TN, strlen(comment)+1);
data/staden-io-lib-1.14.13/io_lib/translate.c:529:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e, EFLT_ST, strlen(comment)+1);
data/staden-io-lib-1.14.13/io_lib/translate.c:543:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag,key+STADEN_FKEY_LEN+1,4);
data/staden-io-lib-1.14.13/io_lib/translate.c:548:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e,EFLT_TG,strlen(tmp)+1);
data/staden-io-lib-1.14.13/io_lib/translate.c:566:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag,key+STADEN_FKEY_LEN+1,4);
data/staden-io-lib-1.14.13/io_lib/translate.c:604:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e,EFLT_TC,strlen(tmp)+1);
data/staden-io-lib-1.14.13/io_lib/translate.c:616:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e,EFLT_TG,strlen(tmp)+1);
data/staden-io-lib-1.14.13/io_lib/translate.c:666:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extend(e, EFLT_AV, strlen(cstr)+1);
data/staden-io-lib-1.14.13/io_lib/translate.c:766:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(str);
data/staden-io-lib-1.14.13/io_lib/translate.h:112:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Scf *read2scf(Read *read);
data/staden-io-lib-1.14.13/io_lib/translate.h:122:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Exp_info *read2exp(Read *read, char *EN);
data/staden-io-lib-1.14.13/io_lib/vlen.c:302:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += MAX(conv_len, (int)strlen(s));
data/staden-io-lib-1.14.13/io_lib/vlen.c:337:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:339:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(buf, "");
data/staden-io-lib-1.14.13/io_lib/vlen.c:341:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:345:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:349:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:353:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:357:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:361:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:365:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:369:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:373:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:377:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:381:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:385:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:389:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:393:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:397:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:401:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:405:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:409:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:413:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:417:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:421:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:425:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:429:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/vlen.c:433:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%d %d\n\n", strlen(buf), l);
data/staden-io-lib-1.14.13/io_lib/zfio.c:97:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(zf->fp);
data/staden-io-lib-1.14.13/io_lib/ztr.c:337:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data += strlen(ident)+1;
data/staden-io-lib-1.14.13/io_lib/ztr.c:340:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data += strlen(value)+1;
data/staden-io-lib-1.14.13/io_lib/ztr.c:759:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/staden-io-lib-1.14.13/io_lib/ztr.c:760:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len = strlen(value);
data/staden-io-lib-1.14.13/io_lib/ztr.c:869:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(cp);
data/staden-io-lib-1.14.13/io_lib/ztr.c:877:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(cp);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:690:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(r->info);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:749:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes += strlen(ztr->text_segments[i].ident);
data/staden-io-lib-1.14.13/io_lib/ztr_translate.c:751:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes += strlen(ztr->text_segments[i].value);
data/staden-io-lib-1.14.13/progs/convert_trace.c:779:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/staden-io-lib-1.14.13/progs/cram_dump.c:554:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ntags = strlen(tn)/3;
data/staden-io-lib-1.14.13/progs/cram_to_sam.c:129:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ref_name, optarg, 1023);
data/staden-io-lib-1.14.13/progs/extract_qual.c:82:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/staden-io-lib-1.14.13/progs/get_comment.c:166:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(r->info);
data/staden-io-lib-1.14.13/progs/hash_exp.c:73:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HashTableAdd(hf->h, rname, strlen(rname), hd, NULL);
data/staden-io-lib-1.14.13/progs/hash_tar.c:108:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!HashTableAdd(h, from, strlen(from), hd, NULL))
data/staden-io-lib-1.14.13/progs/hash_tar.c:160:24: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(member, blk.header.prefix, 155);
data/staden-io-lib-1.14.13/progs/hash_tar.c:161:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(blk.header.prefix) > 0 && blk.header.name[0])
data/staden-io-lib-1.14.13/progs/hash_tar.c:162:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(member, "/");
data/staden-io-lib-1.14.13/progs/hash_tar.c:163:21: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void) strncat(member, blk.header.name, 100);
data/staden-io-lib-1.14.13/progs/hash_tar.c:201:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(member, cp+1, strlen(cp+1)+1);
data/staden-io-lib-1.14.13/progs/hash_tar.c:207:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(member));
data/staden-io-lib-1.14.13/progs/hash_tar.c:292:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HashTableAdd(hf->h, files[i].member, strlen(files[i].member),
data/staden-io-lib-1.14.13/progs/index_tar.c:131:24: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(member, blk.header.prefix, 155);
data/staden-io-lib-1.14.13/progs/index_tar.c:133:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(blk.header.prefix) > 0 && blk.header.name[0])
data/staden-io-lib-1.14.13/progs/index_tar.c:134:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(member, "/");
data/staden-io-lib-1.14.13/progs/index_tar.c:135:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = member + strlen(member);
data/staden-io-lib-1.14.13/progs/index_tar.c:136:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(cp, blk.header.name, 100);
data/staden-io-lib-1.14.13/progs/makeSCF.c:117:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(r->info) + 1024;
data/staden-io-lib-1.14.13/progs/sam_convert.c:62:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(argv[1]);
data/staden-io-lib-1.14.13/progs/sam_convert.c:74:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(argv[2]);
data/staden-io-lib-1.14.13/progs/scram_flagstat.c:156:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ref_name, optarg, 1023);
data/staden-io-lib-1.14.13/progs/scram_merge.c:211:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ref_name, optarg, 1023);
data/staden-io-lib-1.14.13/progs/scram_pileup.c:769:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len = strlen(scram_get_header(fp)->ref[ref].name) + 1 // name
data/staden-io-lib-1.14.13/progs/scram_pileup.c:780:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen((char *) cp);
data/staden-io-lib-1.14.13/progs/scram_test.c:158:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ref_name, optarg, 1023);
data/staden-io-lib-1.14.13/progs/scramble.c:95:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *optend = optarg + strlen(optarg);
data/staden-io-lib-1.14.13/progs/scramble.c:369:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ref_name, optarg, 1023);
data/staden-io-lib-1.14.13/progs/srf2fastq.c:172:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (hi = (HashTableSearch(regn_hash, key, strlen(key))))) {
data/staden-io-lib-1.14.13/progs/srf2fastq.c:233:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (hi = HashTableAdd(regn_hash, key, strlen(key), hd, NULL))) {
data/staden-io-lib-1.14.13/progs/srf2fastq.c:415:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qual += strlen(regn->name[iregion-1]);
data/staden-io-lib-1.14.13/progs/srf2fastq.c:436:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq += strlen(regn->name[iregion-1]);
data/staden-io-lib-1.14.13/progs/srf2fastq.c:437:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(qual, '!', strlen(regn->name[iregion-1]));
data/staden-io-lib-1.14.13/progs/srf2fastq.c:438:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qual += strlen(regn->name[iregion-1]);
data/staden-io-lib-1.14.13/progs/srf2fastq.c:476:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qual += strlen(regn->name[iregion]);
data/staden-io-lib-1.14.13/progs/srf2fastq.c:501:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seq += strlen(regn->name[iregion]);
data/staden-io-lib-1.14.13/progs/srf2fastq.c:502:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(qual, '!', strlen(regn->name[iregion]));
data/staden-io-lib-1.14.13/progs/srf2fastq.c:503:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qual += strlen(regn->name[iregion]);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:155:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(name);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:374:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read *read;
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:444:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:506:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:574:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read_filter->prefixes[read_filter->prefixes_size - 1] = (char*) calloc (strlen(prefix) + 1,sizeof(char));
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:585:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read_filter->reads[read_filter->reads_size - 1] = (char*) calloc (strlen(read) + 1,sizeof(char));
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:585:81: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_filter->reads[read_filter->reads_size - 1] = (char*) calloc (strlen(read) + 1,sizeof(char));
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:586:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strcpy(read_filter->reads[read_filter->reads_size - 1], read);
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:659:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read_filter->prefixes[read_filter->prefixes_size - 1] = (char*) calloc (strlen(prefix) + 1,sizeof(char));
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:670:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read_filter->reads[read_filter->reads_size - 1] = (char*) calloc (strlen(read) + 1, sizeof(char));
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:670:80: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_filter->reads[read_filter->reads_size - 1] = (char*) calloc (strlen(read) + 1, sizeof(char));
data/staden-io-lib-1.14.13/progs/srf_dump_all.c:671:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
strcpy(read_filter->reads[read_filter->reads_size - 1], read);
data/staden-io-lib-1.14.13/progs/srf_extract_linear.c:90:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(srf->th.id_prefix)) &&
data/staden-io-lib-1.14.13/progs/srf_filter.c:180:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read;
data/staden-io-lib-1.14.13/progs/srf_filter.c:248:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read_filter->prefixes[read_filter->prefixes_size - 1] = (char*) calloc (strlen(prefix) + 1,sizeof(char));
data/staden-io-lib-1.14.13/progs/srf_filter.c:259:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( NULL != (file = strchr(read, ' '))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:262:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("read=%s file=%s\n", read, file);
data/staden-io-lib-1.14.13/progs/srf_filter.c:264:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
printf("read=%s\n", read);
data/staden-io-lib-1.14.13/progs/srf_filter.c:266:79: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (NULL == (hi = (HashTableSearch(read_filter->reads_hash, read, strlen(read))))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:266:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (hi = (HashTableSearch(read_filter->reads_hash, read, strlen(read))))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:266:92: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (NULL == (hi = (HashTableSearch(read_filter->reads_hash, read, strlen(read))))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:269:79: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (NULL == (hi = HashTableAdd(read_filter->reads_hash, read, strlen(read), hd, NULL))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:269:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (hi = HashTableAdd(read_filter->reads_hash, read, strlen(read), hd, NULL))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:269:92: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (NULL == (hi = HashTableAdd(read_filter->reads_hash, read, strlen(read), hd, NULL))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:350:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read_filter->prefixes[read_filter->prefixes_size - 1] = (char*) calloc (strlen(prefix) + 1,sizeof(char));
data/staden-io-lib-1.14.13/progs/srf_filter.c:360:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (NULL == (hi = (HashTableSearch(read_filter->reads_hash, read, strlen(read))))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:360:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (hi = (HashTableSearch(read_filter->reads_hash, read, strlen(read))))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:360:86: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (NULL == (hi = (HashTableSearch(read_filter->reads_hash, read, strlen(read))))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:363:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (NULL == (hi = HashTableAdd(read_filter->reads_hash, read, strlen(read), hd, NULL))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:363:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (hi = HashTableAdd(read_filter->reads_hash, read, strlen(read), hd, NULL))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:363:86: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (NULL == (hi = HashTableAdd(read_filter->reads_hash, read, strlen(read), hd, NULL))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:443:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL != (hi = (HashTableSearch(read_filter->reads_hash, name, strlen(name))))) {
data/staden-io-lib-1.14.13/progs/srf_filter.c:993:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name+strlen(in_srf->th.id_prefix), -1,
data/staden-io-lib-1.14.13/progs/srf_info.c:193:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (hi = (HashTableSearch(regn_hash, key, strlen(key))))) {
data/staden-io-lib-1.14.13/progs/srf_info.c:252:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == (hi = HashTableAdd(regn_hash, key, strlen(key), hd, NULL))) {
data/staden-io-lib-1.14.13/progs/srf_info.c:329:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(cp);
data/staden-io-lib-1.14.13/progs/srf_info.c:350:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(cp);
data/staden-io-lib-1.14.13/progs/srf_info.c:490:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf( " ... %s x%ld\n", name+strlen(srf->th.id_prefix), trace_body_count);
data/staden-io-lib-1.14.13/progs/srf_info.c:502:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf( " ... %s x%ld\n", name+strlen(srf->th.id_prefix), trace_body_count);
data/staden-io-lib-1.14.13/progs/srf_info.c:514:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf( " ... %s x%ld\n", name+strlen(srf->th.id_prefix), trace_body_count);
data/staden-io-lib-1.14.13/progs/srf_info.c:569:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf( "trace_name: %s + %s", srf->th.id_prefix, name+strlen(srf->th.id_prefix));
data/staden-io-lib-1.14.13/progs/srf_info.c:658:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf( " ... %s x%ld\n", name+strlen(srf->th.id_prefix), trace_body_count);
data/staden-io-lib-1.14.13/progs/srf_info.c:670:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf( " ... %s x%ld\n", name+strlen(srf->th.id_prefix), trace_body_count);
data/staden-io-lib-1.14.13/progs/srf_info.c:689:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf( " ... %s x%ld\n", name+strlen(srf->th.id_prefix), trace_body_count);
data/staden-io-lib-1.14.13/progs/srf_info.c:722:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf( " ... %s x%ld\n", name+strlen(srf->th.id_prefix), trace_body_count);
data/staden-io-lib-1.14.13/progs/trace_dump.c:92:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Read* read;
data/staden-io-lib-1.14.13/progs/trace_dump.c:168:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_deallocate(read);
data/staden-io-lib-1.14.13/tests/cram_io_test.c:61:32: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int const c1 = getc(fp);
data/staden-io-lib-1.14.13/tests/cram_io_test.c:66:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert ( getc(fp) == EOF );
data/staden-io-lib-1.14.13/tests/cram_io_test.c:86:32: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int const c1 = getc(fp);
data/staden-io-lib-1.14.13/tests/cram_io_test.c:105:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
assert ( getc(fp) == EOF );
data/staden-io-lib-1.14.13/tests/cram_io_test.c:116:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( strlen(&linebuf0[0]) == strlen(&linebuf1[0]) );
data/staden-io-lib-1.14.13/tests/cram_io_test.c:116:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert ( strlen(&linebuf0[0]) == strlen(&linebuf1[0]) );
ANALYSIS SUMMARY:
Hits = 1234
Lines analyzed = 79796 in approximately 2.23 seconds (35799 lines/second)
Physical Source Lines of Code (SLOC) = 48844
Hits@level = [0] 1378 [1] 401 [2] 658 [3] 22 [4] 149 [5] 4
Hits@level+ = [0+] 2612 [1+] 1234 [2+] 833 [3+] 175 [4+] 153 [5+] 4
Hits/KSLOC@level+ = [0+] 53.4764 [1+] 25.2641 [2+] 17.0543 [3+] 3.58284 [4+] 3.13242 [5+] 0.0818934
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.