Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sumalibs-1.0.36/libfasta/fasta_header_handler.c
Examining data/sumalibs-1.0.36/libfasta/fasta_header_handler.h
Examining data/sumalibs-1.0.36/libfasta/fasta_header_parser.c
Examining data/sumalibs-1.0.36/libfasta/fasta_header_parser.h
Examining data/sumalibs-1.0.36/libfasta/fasta_seq_writer.c
Examining data/sumalibs-1.0.36/libfasta/fasta_seq_writer.h
Examining data/sumalibs-1.0.36/libfasta/header_mem_handler.c
Examining data/sumalibs-1.0.36/libfasta/header_mem_handler.h
Examining data/sumalibs-1.0.36/libfasta/sequence.c
Examining data/sumalibs-1.0.36/libfasta/sequence.h
Examining data/sumalibs-1.0.36/libfile/fileHandling.c
Examining data/sumalibs-1.0.36/libfile/fileHandling.h
Examining data/sumalibs-1.0.36/liblcs/_lcs.ext.1.c
Examining data/sumalibs-1.0.36/liblcs/_lcs.ext.2.c
Examining data/sumalibs-1.0.36/liblcs/_lcs.ext.3.c
Examining data/sumalibs-1.0.36/liblcs/_lcs.h
Examining data/sumalibs-1.0.36/liblcs/_lcs_fast.h
Examining data/sumalibs-1.0.36/liblcs/banded_LCS_alignment.c
Examining data/sumalibs-1.0.36/liblcs/banded_LCS_alignment.h
Examining data/sumalibs-1.0.36/liblcs/sse_banded_LCS_alignment.c
Examining data/sumalibs-1.0.36/liblcs/sse_banded_LCS_alignment.h
Examining data/sumalibs-1.0.36/liblcs/upperband.c
Examining data/sumalibs-1.0.36/liblcs/upperband.h
Examining data/sumalibs-1.0.36/libsse/_sse.h
Examining data/sumalibs-1.0.36/libutils/debug.c
Examining data/sumalibs-1.0.36/libutils/debug.h
Examining data/sumalibs-1.0.36/libutils/utilities.c
Examining data/sumalibs-1.0.36/libutils/utilities.h
FINAL RESULTS:
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:17:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header+lheader+1,name);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:19:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header+lheader+1+strlen(name)+1,value);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:25:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header+lheader+2,name);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:27:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header+lheader+2+strlen(name)+1,value);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:41:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rawheader, seq->rawheader);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:51:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, rawheader+i);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:57:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rawheader+i,name);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:59:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rawheader+i+strlen(name)+1,value);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:61:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rawheader+i+strlen(name)+1+strlen(value)+1, buffer);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:76:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header[nbf].name, name);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:78:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header[nbf].value, value);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:123:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header[i].value, newValue);
data/sumalibs-1.0.36/libfasta/fasta_header_parser.c:799:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(((*p_header)[*nbf]).value,header_yytext);
data/sumalibs-1.0.36/libfasta/header_mem_handler.c:56:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&(field[(*i)]),yytext);
data/sumalibs-1.0.36/libfasta/header_mem_handler.c:67:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*storing_place,field);
data/sumalibs-1.0.36/libfasta/sequence.c:99:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, tempstr);
data/sumalibs-1.0.36/libutils/utilities.c:130:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, temp + strlen(delim));
data/sumalibs-1.0.36/libutils/utilities.c:134:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, src);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:72:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nbf = atoi(header[0].value);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:79:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(header[0].value, "%d", nbf);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:87:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nbf = atoi(header[0].value);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:103:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nbf = atoi(header[0].value);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:116:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nbf = atoi(header[0].value);
data/sumalibs-1.0.36/libfasta/fasta_header_parser.c:795:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(((*p_header)[*nbf]).name,"id");
data/sumalibs-1.0.36/libfasta/fasta_header_parser.c:844:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((*p_header)[*nbf].name,"definition");
data/sumalibs-1.0.36/libfasta/fasta_header_parser.c:1938:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nbfields_n, "nbfields");
data/sumalibs-1.0.36/libfasta/fasta_seq_writer.c:51:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nbf = atoi(header[0].value);
data/sumalibs-1.0.36/libfasta/header_mem_handler.c:92:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((*p_header)->value, "%d", nbf);
data/sumalibs-1.0.36/libfasta/sequence.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[length];
data/sumalibs-1.0.36/libfasta/sequence.c:357:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(count_n, "count");
data/sumalibs-1.0.36/libfasta/sequence.c:370:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
db->fastaSeqs[s].count = atoi(count);
data/sumalibs-1.0.36/libfile/fileHandling.c:27:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fileName, "r");
data/sumalibs-1.0.36/libfile/fileHandling.c:41:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fileName, "w+");
data/sumalibs-1.0.36/liblcs/upperband.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(table,&data,16);
data/sumalibs-1.0.36/libutils/debug.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[65];
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:11:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lheader = strlen(header);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:12:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header = (char*) realloc(header, (lheader+strlen(name)+strlen(value)+4)*sizeof(char));
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:12:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header = (char*) realloc(header, (lheader+strlen(name)+strlen(value)+4)*sizeof(char));
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:15:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(header+lheader-1,";");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:16:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(header+lheader," ");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:18:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(header+lheader+1+strlen(name),"=");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:18:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(header+lheader+1+strlen(name),"=");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:19:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(header+lheader+1+strlen(name)+1,value);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:23:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(header+lheader,";");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:24:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(header+lheader+1," ");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:26:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(header+lheader+2+strlen(name),"=");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:26:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(header+lheader+2+strlen(name),"=");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:27:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(header+lheader+2+strlen(name)+1,value);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:35:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lheader = strlen(seq->rawheader);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:40:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rawheader = (char*) malloc((lheader+strlen(name)+strlen(value)+5)*sizeof(char));
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:40:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rawheader = (char*) malloc((lheader+strlen(name)+strlen(value)+5)*sizeof(char));
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:53:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rawheader+i, " ");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:58:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rawheader+i+strlen(name),"=");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:58:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(rawheader+i+strlen(name),"=");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:59:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(rawheader+i+strlen(name)+1,value);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:60:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rawheader+i+strlen(name)+1+strlen(value),";");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:60:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(rawheader+i+strlen(name)+1+strlen(value),";");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:60:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(rawheader+i+strlen(name)+1+strlen(value),";");
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:61:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(rawheader+i+strlen(name)+1+strlen(value)+1, buffer);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:61:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(rawheader+i+strlen(name)+1+strlen(value)+1, buffer);
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:75:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header[nbf].name = (char*) malloc((1+strlen(name))*sizeof(char));
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:77:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header[nbf].value = (char*) malloc((1+strlen(value))*sizeof(char));
data/sumalibs-1.0.36/libfasta/fasta_header_handler.c:122:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header[i].value = realloc(header[i].value, (1+strlen(newValue))*sizeof(char));
data/sumalibs-1.0.36/libfasta/fasta_header_parser.c:606:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( header_yyin )) != EOF && c != '\n'; ++n ) \
data/sumalibs-1.0.36/libfasta/fasta_header_parser.c:797:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_needed = strlen(header_yytext)+1;
data/sumalibs-1.0.36/libfasta/fasta_header_parser.c:1671:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return header_yy_scan_bytes(yystr,strlen(yystr) );
data/sumalibs-1.0.36/libfasta/fasta_header_parser.c:1939:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nbfields_v, "1");
data/sumalibs-1.0.36/libfasta/fasta_seq_writer.c:12:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(seq->sequence);
data/sumalibs-1.0.36/libfasta/fasta_seq_writer.c:28:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(seq);
data/sumalibs-1.0.36/libfasta/header_mem_handler.c:34:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_needed = size_needed + strlen(field);
data/sumalibs-1.0.36/libfasta/header_mem_handler.c:36:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(field)>0)
data/sumalibs-1.0.36/libfasta/header_mem_handler.c:51:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_needed = strlen(yytext)+1;
data/sumalibs-1.0.36/libfasta/header_mem_handler.c:65:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_needed = strlen(field)+1;
data/sumalibs-1.0.36/libfasta/sequence.c:42:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seqLen = strlen(strTemp);
data/sumalibs-1.0.36/libfasta/sequence.c:43:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header = (char*) util_malloc(1+(strlen(seq) - seqLen)*sizeof(char), __FILE__, __LINE__);
data/sumalibs-1.0.36/libfasta/sequence.c:46:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(header, seq, strTemp - seq);
data/sumalibs-1.0.36/libfasta/sequence.c:97:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tempstr) + strlen(buffer) + 1;
data/sumalibs-1.0.36/libfasta/sequence.c:97:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tempstr) + strlen(buffer) + 1;
data/sumalibs-1.0.36/libfasta/sequence.c:123:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IdSize = strlen(header);
data/sumalibs-1.0.36/libfasta/sequence.c:125:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IdSize = strlen(header) - strlen(IdEnd);
data/sumalibs-1.0.36/libfasta/sequence.c:125:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IdSize = strlen(header) - strlen(IdEnd);
data/sumalibs-1.0.36/libfasta/sequence.c:129:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seqElem->accession_id, header, IdSize);
data/sumalibs-1.0.36/libfasta/sequence.c:144:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int32_t index = 0, seqIndex = 0, len = strlen(seq);
data/sumalibs-1.0.36/libfasta/sequence.c:165:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int32_t index = 1, seqIndex = 0, len = strlen(seq);
data/sumalibs-1.0.36/libfasta/sequence.c:200:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int32_t index = 0, seqIndex = 0, len = strlen(seq);
data/sumalibs-1.0.36/libfasta/sequence.c:358:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(count_v, "1");
data/sumalibs-1.0.36/libfile/fileHandling.c:57:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (char) fgetc(fp);
data/sumalibs-1.0.36/liblcs/_lcs.ext.1.c:106:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lseq1=strlen(seq1);
data/sumalibs-1.0.36/liblcs/_lcs.ext.1.c:107:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lseq2=strlen(seq2);
data/sumalibs-1.0.36/liblcs/_lcs_fast.h:161:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lseq1=strlen(seq1);
data/sumalibs-1.0.36/liblcs/_lcs_fast.h:162:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lseq2=strlen(seq2);
data/sumalibs-1.0.36/liblcs/banded_LCS_alignment.c:31:34: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int diag_score, delete, insert, mismatch;
data/sumalibs-1.0.36/liblcs/sse_banded_LCS_alignment.c:599:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(seq1);
data/sumalibs-1.0.36/liblcs/sse_banded_LCS_alignment.c:600:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(seq2);
data/sumalibs-1.0.36/libutils/utilities.c:104:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = temp - src + strlen(delim);
data/sumalibs-1.0.36/libutils/utilities.c:105:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, len);
data/sumalibs-1.0.36/libutils/utilities.c:110:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, temp - src);
data/sumalibs-1.0.36/libutils/utilities.c:129:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, src, temp - src);
data/sumalibs-1.0.36/libutils/utilities.c:130:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(value, temp + strlen(delim));
data/sumalibs-1.0.36/libutils/utilities.c:135:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(value, "");
data/sumalibs-1.0.36/libutils/utilities.c:157:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int32_t start = 0, end = strlen(src) - 1;
ANALYSIS SUMMARY:
Hits = 101
Lines analyzed = 6504 in approximately 0.16 seconds (40420 lines/second)
Physical Source Lines of Code (SLOC) = 4370
Hits@level = [0] 29 [1] 66 [2] 17 [3] 0 [4] 18 [5] 0
Hits@level+ = [0+] 130 [1+] 101 [2+] 35 [3+] 18 [4+] 18 [5+] 0
Hits/KSLOC@level+ = [0+] 29.7483 [1+] 23.1121 [2+] 8.00915 [3+] 4.11899 [4+] 4.11899 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.