Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sweed-3.2.1+dfsg/SweeD_EI.c
Examining data/sweed-3.2.1+dfsg/SweeD_BFGS.h
Examining data/sweed-3.2.1+dfsg/SweeD_SFS.c
Examining data/sweed-3.2.1+dfsg/SweeD_Kernel.c
Examining data/sweed-3.2.1+dfsg/SweeD_CLR.c
Examining data/sweed-3.2.1+dfsg/SweeD_BFGS.c
Examining data/sweed-3.2.1+dfsg/SweeD.c
Examining data/sweed-3.2.1+dfsg/SweeD_Input.c
Examining data/sweed-3.2.1+dfsg/SweeD.h
FINAL RESULTS:
data/sweed-3.2.1+dfsg/SweeD.c:378:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alignment->outgroupName, outgroupName);
data/sweed-3.2.1+dfsg/SweeD_Input.c:239:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(runName,argv[++i]);
data/sweed-3.2.1+dfsg/SweeD_Input.c:261:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,argv[++i]);
data/sweed-3.2.1+dfsg/SweeD_Input.c:307:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sfsfile,argv[++i]);
data/sweed-3.2.1+dfsg/SweeD_Input.c:339:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sfsofile,argv[++i]);
data/sweed-3.2.1+dfsg/SweeD_Input.c:360:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sfofile,argv[++i]);
data/sweed-3.2.1+dfsg/SweeD_Input.c:428:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outgroupName, argv[++i]);
data/sweed-3.2.1+dfsg/SweeD_Input.c:895:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while( fscanf(fp, "%s", word) )
data/sweed-3.2.1+dfsg/SweeD_Input.c:1060:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while( (nextAl = fscanf(fp, "%s", word)))
data/sweed-3.2.1+dfsg/SweeD_Input.c:3261:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
temp = fscanf(fp, "%s",siteflag);
data/sweed-3.2.1+dfsg/SweeD_Input.c:3471:6: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(fscanf(fp, "%s\t%d\t%d\t%d", tmpString, &x, &n, &folded)!=4)
data/sweed-3.2.1+dfsg/SweeD_SFS.c:573:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(fscanf(fpSFS,"%s",SFSindS)==-1)
data/sweed-3.2.1+dfsg/SweeD_SFS.c:590:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(fscanf(fpSFS,"%s",SFSvalS)==-1)
data/sweed-3.2.1+dfsg/SweeD.c:368:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/sweed-3.2.1+dfsg/SweeD.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputFileName[INFILENAMESIZE],
data/sweed-3.2.1+dfsg/SweeD.c:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outgroupName[SEQNAMESIZE];
data/sweed-3.2.1+dfsg/SweeD.c:312:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpSFSo = fopen(sfsoFileName,"w");
data/sweed-3.2.1+dfsg/SweeD.c:314:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(infoFileName,"SweeD_Info.");
data/sweed-3.2.1+dfsg/SweeD.c:318:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(warnFileName,"SweeD_Warnings.");
data/sweed-3.2.1+dfsg/SweeD.c:322:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(clrReportFileName,"SweeD_Report.");
data/sweed-3.2.1+dfsg/SweeD.c:328:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpIn = fopen(inputFileName,"r");
data/sweed-3.2.1+dfsg/SweeD.c:330:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpInfo = fopen(infoFileName,"w");
data/sweed-3.2.1+dfsg/SweeD.c:345:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpSFo = fopen(sfoFileName,"w");
data/sweed-3.2.1+dfsg/SweeD.c:350:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpWarnings = fopen(warnFileName, "w");
data/sweed-3.2.1+dfsg/SweeD.c:353:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpReport = fopen(clrReportFileName,"w");
data/sweed-3.2.1+dfsg/SweeD.c:366:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpSFS = fopen(sfsFileName,"r");
data/sweed-3.2.1+dfsg/SweeD.h:117:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char bits_in_16bits [0x1u << 16];
data/sweed-3.2.1+dfsg/SweeD.h:124:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__attribute__((__common__)) char VCF_alignment_name [MAX_CHROM_NAME_VCF];
data/sweed-3.2.1+dfsg/SweeD.h:128:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__attribute__((__common__)) char runName[INFILENAMESIZE];
data/sweed-3.2.1+dfsg/SweeD_BFGS.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char task[60], csave[60];
data/sweed-3.2.1+dfsg/SweeD_BFGS.c:564:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char word[3];
data/sweed-3.2.1+dfsg/SweeD_Input.c:263:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(infile,"r");
data/sweed-3.2.1+dfsg/SweeD_Input.c:309:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(sfsfile,"r");
data/sweed-3.2.1+dfsg/SweeD_Input.c:381:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*grid = atoi(argv[++i]);
data/sweed-3.2.1+dfsg/SweeD_Input.c:404:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*length = atoi(argv[++i]);
data/sweed-3.2.1+dfsg/SweeD_Input.c:499:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*threads = atoi(argv[++i]);
data/sweed-3.2.1+dfsg/SweeD_Input.c:523:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
checkPointInterval = (double)atoi(argv[++i]);
data/sweed-3.2.1+dfsg/SweeD_Input.c:599:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*sequences = atoi(argv[++i]);
data/sweed-3.2.1+dfsg/SweeD_Input.c:892:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[1000];
data/sweed-3.2.1+dfsg/SweeD_Input.c:950:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * headerFields[VCF_HLENGTH];
data/sweed-3.2.1+dfsg/SweeD_Input.c:1055:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[100];
data/sweed-3.2.1+dfsg/SweeD_Input.c:1288:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char states[2] = {'0', '1'};
data/sweed-3.2.1+dfsg/SweeD_Input.c:1309:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char states[4] = {'A', 'C', 'G', 'T'};
data/sweed-3.2.1+dfsg/SweeD_Input.c:1355:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char major, alpha[4] = {'A', 'C', 'G', 'T'};
data/sweed-3.2.1+dfsg/SweeD_Input.c:1493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char freqString[100];
data/sweed-3.2.1+dfsg/SweeD_Input.c:2071:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqName[SEQNAMESIZE];
data/sweed-3.2.1+dfsg/SweeD_Input.c:2405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AF_s [10];
data/sweed-3.2.1+dfsg/SweeD_Input.c:2653:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stateVector[MAX_STATES_VCF];
data/sweed-3.2.1+dfsg/SweeD_Input.c:2682:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
position = atoi(*string);
data/sweed-3.2.1+dfsg/SweeD_Input.c:3184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char siteflag[100];
data/sweed-3.2.1+dfsg/SweeD_Input.c:3445:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpString[100];
data/sweed-3.2.1+dfsg/SweeD_SFS.c:403:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(SFSindS);
data/sweed-3.2.1+dfsg/SweeD_SFS.c:522:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SFSvalS[50];
data/sweed-3.2.1+dfsg/SweeD_SFS.c:529:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(SFSvalS, "%e", alignment->SFS[i]);
data/sweed-3.2.1+dfsg/SweeD_SFS.c:550:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SFSvalS[50]; char SFSindS[50], t;
data/sweed-3.2.1+dfsg/SweeD_SFS.c:550:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SFSvalS[50]; char SFSindS[50], t;
data/sweed-3.2.1+dfsg/SweeD.c:316:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(infoFileName,runName,INFILENAMESIZE-strlen(infoFileName));
data/sweed-3.2.1+dfsg/SweeD.c:316:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(infoFileName,runName,INFILENAMESIZE-strlen(infoFileName));
data/sweed-3.2.1+dfsg/SweeD.c:320:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(warnFileName,runName,INFILENAMESIZE-strlen(warnFileName));
data/sweed-3.2.1+dfsg/SweeD.c:320:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(warnFileName,runName,INFILENAMESIZE-strlen(warnFileName));
data/sweed-3.2.1+dfsg/SweeD.c:324:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(clrReportFileName,runName,INFILENAMESIZE-strlen(clrReportFileName));
data/sweed-3.2.1+dfsg/SweeD.c:324:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(clrReportFileName,runName,INFILENAMESIZE-strlen(clrReportFileName));
data/sweed-3.2.1+dfsg/SweeD_BFGS.c:203:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len=strlen(s2);
data/sweed-3.2.1+dfsg/SweeD_Input.c:105:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:125:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp=fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:143:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:148:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:179:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:220:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(runName,"x");
data/sweed-3.2.1+dfsg/SweeD_Input.c:792:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:808:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
signed char ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:842:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:861:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp=fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:868:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:873:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp=fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:879:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:884:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:887:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:910:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp=fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1009:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(VCF_alignment_name, *string, MAX_CHROM_NAME_VCF);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1011:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(VCF_alignment_name)!=0);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1039:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp=fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1047:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1385:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1396:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1459:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len1 = strlen(s);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1460:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len2 = strlen(q);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1489:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(word);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1521:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(word);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1580:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (ent = fgetc(fp) ) != EOF )
data/sweed-3.2.1+dfsg/SweeD_Input.c:1594:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(w1);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1595:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(len != strlen(w2))
data/sweed-3.2.1+dfsg/SweeD_Input.c:1611:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(word);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1691:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(line);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1771:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:1799:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2223:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2230:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (tmp = fgetc(fp) ) != EOF)
data/sweed-3.2.1+dfsg/SweeD_Input.c:2267:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(stateVector);i++)
data/sweed-3.2.1+dfsg/SweeD_Input.c:2280:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, j, index=0, elen=0, slen=strlen(string);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2337:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, j, index=0, elen=0, slen=strlen(string);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2404:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, j, len = strlen(string);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2448:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(AF_s)==0)
data/sweed-3.2.1+dfsg/SweeD_Input.c:2451:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(AF_s)!=0);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2467:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(string);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2499:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(string), GTposition = 0;
data/sweed-3.2.1+dfsg/SweeD_Input.c:2538:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i=0, pos=GTpos, len = strlen(string),j=0, counter=0;
data/sweed-3.2.1+dfsg/SweeD_Input.c:2566:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(string) > 0);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2591:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, j=0, index=0, start=0, end=0, len = strlen(string);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2672:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(VCF_alignment_name, *string, MAX_CHROM_NAME_VCF);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2674:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(VCF_alignment_name)!=0);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2890:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*SNP_SZ += strlen(*sampleData);
data/sweed-3.2.1+dfsg/SweeD_Input.c:2892:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(*sampleData);i++)
data/sweed-3.2.1+dfsg/SweeD_Input.c:3210:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ent = fgetc(fp)))
data/sweed-3.2.1+dfsg/SweeD_Input.c:3269:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:3281:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:3383:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:3386:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:3405:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_Input.c:3473:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ent = fgetc(fp);
data/sweed-3.2.1+dfsg/SweeD_SFS.c:381:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, length = strlen(SFSindS);
data/sweed-3.2.1+dfsg/SweeD_SFS.c:554:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((t=fgetc(fpSFS))!=EOF)
data/sweed-3.2.1+dfsg/SweeD_SFS.c:563:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((t=fgetc(fpSFS))!=EOF)
ANALYSIS SUMMARY:
Hits = 123
Lines analyzed = 13260 in approximately 0.33 seconds (40755 lines/second)
Physical Source Lines of Code (SLOC) = 7904
Hits@level = [0] 267 [1] 67 [2] 42 [3] 1 [4] 13 [5] 0
Hits@level+ = [0+] 390 [1+] 123 [2+] 56 [3+] 14 [4+] 13 [5+] 0
Hits/KSLOC@level+ = [0+] 49.3421 [1+] 15.5617 [2+] 7.08502 [3+] 1.77126 [4+] 1.64474 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.