Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ann-1.1.2+doc/sample/ann_sample.cpp
Examining data/ann-1.1.2+doc/src/kd_fix_rad_search.h
Examining data/ann-1.1.2+doc/src/kd_fix_rad_search.cpp
Examining data/ann-1.1.2+doc/src/kd_tree.h
Examining data/ann-1.1.2+doc/src/kd_dump.cpp
Examining data/ann-1.1.2+doc/src/kd_util.cpp
Examining data/ann-1.1.2+doc/src/kd_split.h
Examining data/ann-1.1.2+doc/src/pr_queue_k.h
Examining data/ann-1.1.2+doc/src/brute.cpp
Examining data/ann-1.1.2+doc/src/kd_search.h
Examining data/ann-1.1.2+doc/src/ANN.cpp
Examining data/ann-1.1.2+doc/src/bd_tree.h
Examining data/ann-1.1.2+doc/src/kd_split.cpp
Examining data/ann-1.1.2+doc/src/bd_tree.cpp
Examining data/ann-1.1.2+doc/src/kd_pr_search.h
Examining data/ann-1.1.2+doc/src/bd_search.cpp
Examining data/ann-1.1.2+doc/src/pr_queue.h
Examining data/ann-1.1.2+doc/src/bd_fix_rad_search.cpp
Examining data/ann-1.1.2+doc/src/perf.cpp
Examining data/ann-1.1.2+doc/src/kd_search.cpp
Examining data/ann-1.1.2+doc/src/kd_util.h
Examining data/ann-1.1.2+doc/src/kd_pr_search.cpp
Examining data/ann-1.1.2+doc/src/bd_pr_search.cpp
Examining data/ann-1.1.2+doc/src/kd_tree.cpp
Examining data/ann-1.1.2+doc/test/ann_test.cpp
Examining data/ann-1.1.2+doc/test/rand.cpp
Examining data/ann-1.1.2+doc/test/rand.h
Examining data/ann-1.1.2+doc/include/ANN/ANNperf.h
Examining data/ann-1.1.2+doc/include/ANN/ANNx.h
Examining data/ann-1.1.2+doc/include/ANN/ANN.h
Examining data/ann-1.1.2+doc/ann2fig/ann2fig.cpp
Examining data/ann-1.1.2+doc/debian/tests/ann_test.cpp
Examining data/ann-1.1.2+doc/debian/tests/rand.cpp
Examining data/ann-1.1.2+doc/debian/tests/rand.h
FINAL RESULTS:
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:215:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(argv[i], "%s", file_name);
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:216:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile_name, file_name); // copy to input file name
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:217:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(infile_name, DUMP_SUFFIX);
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:218:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile_name, file_name); // copy to output file name
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:219:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outfile_name, FIG_SUFFIX);
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:240:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(caption, argv[0]); // copy command line to caption
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:243:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(caption, argv[i]);
data/ann-1.1.2+doc/debian/tests/rand.h:49:22: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define ANN_SRAND srand
data/ann-1.1.2+doc/debian/tests/rand.h:52:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define ANN_RAND random
data/ann-1.1.2+doc/debian/tests/rand.h:53:22: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define ANN_SRAND srandom
data/ann-1.1.2+doc/test/rand.h:49:22: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define ANN_SRAND srand
data/ann-1.1.2+doc/test/rand.h:52:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define ANN_RAND random
data/ann-1.1.2+doc/test/rand.h:53:22: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define ANN_SRAND srandom
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:63:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[STRING_LEN]; // (root) file name (say xxx)
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile_name[STRING_LEN];// input file name (xxx.dmp)
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile_name[STRING_LEN];// output file name (xxx.fig)
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:66:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char caption[STRING_LEN]; // caption line (= command line)
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:227:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile.open(infile_name, ios::in); // open for reading
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:231:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile.open(outfile_name, ios::out); // open for writing
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[STRING_LEN]; // tag (leaf, split, shrink)
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:517:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[STRING_LEN]; // storage for string
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[STRING_LEN]; // storage for version
data/ann-1.1.2+doc/debian/tests/ann_test.cpp:308:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char stat_table[N_STAT_LEVELS][STRING_LEN] = {
data/ann-1.1.2+doc/debian/tests/ann_test.cpp:334:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char distr_table[N_DISTRIBS][STRING_LEN] = {
data/ann-1.1.2+doc/debian/tests/ann_test.cpp:350:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char split_table[N_SPLIT_RULES][STRING_LEN] = {
data/ann-1.1.2+doc/debian/tests/ann_test.cpp:363:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char shrink_table[N_SHRINK_RULES][STRING_LEN] = {
data/ann-1.1.2+doc/debian/tests/ann_test.cpp:403:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char (*table)[STRING_LEN], // name table
data/ann-1.1.2+doc/debian/tests/ann_test.cpp:631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directive[STRING_LEN]; // input directive
data/ann-1.1.2+doc/debian/tests/ann_test.cpp:632:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[STRING_LEN]; // all-purpose argument
data/ann-1.1.2+doc/sample/ann_sample.cpp:161:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dim = atoi(argv[++i]); // get dimension to dump
data/ann-1.1.2+doc/sample/ann_sample.cpp:164:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxPts = atoi(argv[++i]); // get max number of points
data/ann-1.1.2+doc/sample/ann_sample.cpp:167:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(argv[++i]); // get number of near neighbors
data/ann-1.1.2+doc/sample/ann_sample.cpp:173:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dataStream.open(argv[++i], ios::in);// open data file
data/ann-1.1.2+doc/sample/ann_sample.cpp:181:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
queryStream.open(argv[++i], ios::in);// open query file
data/ann-1.1.2+doc/src/kd_dump.cpp:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[STRING_LEN]; // storage for string
data/ann-1.1.2+doc/src/kd_dump.cpp:266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[STRING_LEN]; // ANN version number
data/ann-1.1.2+doc/src/kd_dump.cpp:374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[STRING_LEN]; // tag (leaf, split, shrink)
data/ann-1.1.2+doc/test/ann_test.cpp:308:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char stat_table[N_STAT_LEVELS][STRING_LEN] = {
data/ann-1.1.2+doc/test/ann_test.cpp:334:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char distr_table[N_DISTRIBS][STRING_LEN] = {
data/ann-1.1.2+doc/test/ann_test.cpp:350:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char split_table[N_SPLIT_RULES][STRING_LEN] = {
data/ann-1.1.2+doc/test/ann_test.cpp:363:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char shrink_table[N_SHRINK_RULES][STRING_LEN] = {
data/ann-1.1.2+doc/test/ann_test.cpp:403:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char (*table)[STRING_LEN], // name table
data/ann-1.1.2+doc/test/ann_test.cpp:631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directive[STRING_LEN]; // input directive
data/ann-1.1.2+doc/test/ann_test.cpp:632:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[STRING_LEN]; // all-purpose argument
data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:242:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(caption, " ");
ANALYSIS SUMMARY:
Hits = 45
Lines analyzed = 11014 in approximately 0.24 seconds (46006 lines/second)
Physical Source Lines of Code (SLOC) = 5728
Hits@level = [0] 11 [1] 1 [2] 31 [3] 6 [4] 7 [5] 0
Hits@level+ = [0+] 56 [1+] 45 [2+] 44 [3+] 13 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 9.77654 [1+] 7.85615 [2+] 7.68156 [3+] 2.26955 [4+] 1.22207 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.