Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ann-1.1.2+doc/sample/ann_sample.cpp Examining data/ann-1.1.2+doc/src/kd_fix_rad_search.h Examining data/ann-1.1.2+doc/src/kd_fix_rad_search.cpp Examining data/ann-1.1.2+doc/src/kd_tree.h Examining data/ann-1.1.2+doc/src/kd_dump.cpp Examining data/ann-1.1.2+doc/src/kd_util.cpp Examining data/ann-1.1.2+doc/src/kd_split.h Examining data/ann-1.1.2+doc/src/pr_queue_k.h Examining data/ann-1.1.2+doc/src/brute.cpp Examining data/ann-1.1.2+doc/src/kd_search.h Examining data/ann-1.1.2+doc/src/ANN.cpp Examining data/ann-1.1.2+doc/src/bd_tree.h Examining data/ann-1.1.2+doc/src/kd_split.cpp Examining data/ann-1.1.2+doc/src/bd_tree.cpp Examining data/ann-1.1.2+doc/src/kd_pr_search.h Examining data/ann-1.1.2+doc/src/bd_search.cpp Examining data/ann-1.1.2+doc/src/pr_queue.h Examining data/ann-1.1.2+doc/src/bd_fix_rad_search.cpp Examining data/ann-1.1.2+doc/src/perf.cpp Examining data/ann-1.1.2+doc/src/kd_search.cpp Examining data/ann-1.1.2+doc/src/kd_util.h Examining data/ann-1.1.2+doc/src/kd_pr_search.cpp Examining data/ann-1.1.2+doc/src/bd_pr_search.cpp Examining data/ann-1.1.2+doc/src/kd_tree.cpp Examining data/ann-1.1.2+doc/test/ann_test.cpp Examining data/ann-1.1.2+doc/test/rand.cpp Examining data/ann-1.1.2+doc/test/rand.h Examining data/ann-1.1.2+doc/include/ANN/ANNperf.h Examining data/ann-1.1.2+doc/include/ANN/ANNx.h Examining data/ann-1.1.2+doc/include/ANN/ANN.h Examining data/ann-1.1.2+doc/ann2fig/ann2fig.cpp Examining data/ann-1.1.2+doc/debian/tests/ann_test.cpp Examining data/ann-1.1.2+doc/debian/tests/rand.cpp Examining data/ann-1.1.2+doc/debian/tests/rand.h FINAL RESULTS: data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:215:4: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(argv[i], "%s", file_name); data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:216:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(infile_name, file_name); // copy to input file name data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:217:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(infile_name, DUMP_SUFFIX); data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:218:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outfile_name, file_name); // copy to output file name data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:219:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(outfile_name, FIG_SUFFIX); data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:240:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(caption, argv[0]); // copy command line to caption data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:243:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(caption, argv[i]); data/ann-1.1.2+doc/debian/tests/rand.h:49:22: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define ANN_SRAND srand data/ann-1.1.2+doc/debian/tests/rand.h:52:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define ANN_RAND random data/ann-1.1.2+doc/debian/tests/rand.h:53:22: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define ANN_SRAND srandom data/ann-1.1.2+doc/test/rand.h:49:22: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define ANN_SRAND srand data/ann-1.1.2+doc/test/rand.h:52:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define ANN_RAND random data/ann-1.1.2+doc/test/rand.h:53:22: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define ANN_SRAND srandom data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:63:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[STRING_LEN]; // (root) file name (say xxx) data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:64:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char infile_name[STRING_LEN];// input file name (xxx.dmp) data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:65:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile_name[STRING_LEN];// output file name (xxx.fig) data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:66:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char caption[STRING_LEN]; // caption line (= command line) data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:227:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifile.open(infile_name, ios::in); // open for reading data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:231:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile.open(outfile_name, ios::out); // open for writing data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:379:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[STRING_LEN]; // tag (leaf, split, shrink) data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:517:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[STRING_LEN]; // storage for string data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:518:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[STRING_LEN]; // storage for version data/ann-1.1.2+doc/debian/tests/ann_test.cpp:308:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char stat_table[N_STAT_LEVELS][STRING_LEN] = { data/ann-1.1.2+doc/debian/tests/ann_test.cpp:334:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char distr_table[N_DISTRIBS][STRING_LEN] = { data/ann-1.1.2+doc/debian/tests/ann_test.cpp:350:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char split_table[N_SPLIT_RULES][STRING_LEN] = { data/ann-1.1.2+doc/debian/tests/ann_test.cpp:363:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char shrink_table[N_SHRINK_RULES][STRING_LEN] = { data/ann-1.1.2+doc/debian/tests/ann_test.cpp:403:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char (*table)[STRING_LEN], // name table data/ann-1.1.2+doc/debian/tests/ann_test.cpp:631:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char directive[STRING_LEN]; // input directive data/ann-1.1.2+doc/debian/tests/ann_test.cpp:632:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arg[STRING_LEN]; // all-purpose argument data/ann-1.1.2+doc/sample/ann_sample.cpp:161:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dim = atoi(argv[++i]); // get dimension to dump data/ann-1.1.2+doc/sample/ann_sample.cpp:164:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxPts = atoi(argv[++i]); // get max number of points data/ann-1.1.2+doc/sample/ann_sample.cpp:167:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). k = atoi(argv[++i]); // get number of near neighbors data/ann-1.1.2+doc/sample/ann_sample.cpp:173:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dataStream.open(argv[++i], ios::in);// open data file data/ann-1.1.2+doc/sample/ann_sample.cpp:181:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). queryStream.open(argv[++i], ios::in);// open query file data/ann-1.1.2+doc/src/kd_dump.cpp:265:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[STRING_LEN]; // storage for string data/ann-1.1.2+doc/src/kd_dump.cpp:266:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[STRING_LEN]; // ANN version number data/ann-1.1.2+doc/src/kd_dump.cpp:374:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[STRING_LEN]; // tag (leaf, split, shrink) data/ann-1.1.2+doc/test/ann_test.cpp:308:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char stat_table[N_STAT_LEVELS][STRING_LEN] = { data/ann-1.1.2+doc/test/ann_test.cpp:334:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char distr_table[N_DISTRIBS][STRING_LEN] = { data/ann-1.1.2+doc/test/ann_test.cpp:350:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char split_table[N_SPLIT_RULES][STRING_LEN] = { data/ann-1.1.2+doc/test/ann_test.cpp:363:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char shrink_table[N_SHRINK_RULES][STRING_LEN] = { data/ann-1.1.2+doc/test/ann_test.cpp:403:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char (*table)[STRING_LEN], // name table data/ann-1.1.2+doc/test/ann_test.cpp:631:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char directive[STRING_LEN]; // input directive data/ann-1.1.2+doc/test/ann_test.cpp:632:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arg[STRING_LEN]; // all-purpose argument data/ann-1.1.2+doc/ann2fig/ann2fig.cpp:242:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(caption, " "); ANALYSIS SUMMARY: Hits = 45 Lines analyzed = 11014 in approximately 0.24 seconds (46006 lines/second) Physical Source Lines of Code (SLOC) = 5728 Hits@level = [0] 11 [1] 1 [2] 31 [3] 6 [4] 7 [5] 0 Hits@level+ = [0+] 56 [1+] 45 [2+] 44 [3+] 13 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 9.77654 [1+] 7.85615 [2+] 7.68156 [3+] 2.26955 [4+] 1.22207 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.