Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/clearcut-1.0.9/clearcut.h
Examining data/clearcut-1.0.9/cmdargs.c
Examining data/clearcut-1.0.9/cmdargs.h
Examining data/clearcut-1.0.9/common.h
Examining data/clearcut-1.0.9/dayhoff.h
Examining data/clearcut-1.0.9/dist.c
Examining data/clearcut-1.0.9/dist.h
Examining data/clearcut-1.0.9/dmat.h
Examining data/clearcut-1.0.9/fasta.c
Examining data/clearcut-1.0.9/fasta.h
Examining data/clearcut-1.0.9/getopt_long.c
Examining data/clearcut-1.0.9/getopt_long.h
Examining data/clearcut-1.0.9/prng.c
Examining data/clearcut-1.0.9/prng.h
Examining data/clearcut-1.0.9/clearcut.c
Examining data/clearcut-1.0.9/dmat.c
FINAL RESULTS:
data/clearcut-1.0.9/clearcut.c:1987:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest->taxaname[i], src->taxaname[i]);
data/clearcut-1.0.9/dmat.c:560:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dmat->taxaname[row], token->buf);
data/clearcut-1.0.9/fasta.c:468:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ptr, "%s", alignment->titles[seq]); /* get the first word and use as the title */
data/clearcut-1.0.9/cmdargs.c:133:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc,
data/clearcut-1.0.9/getopt_long.c:270:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long(int argc, char **argv,
data/clearcut-1.0.9/getopt_long.c:492:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, shortopts, longopts, indexptr);
data/clearcut-1.0.9/getopt_long.h:47:5: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt_long(int argc, char **argv,
data/clearcut-1.0.9/clearcut.c:1485:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(nj_args->outfilename, "w"); /* open for writing */
data/clearcut-1.0.9/clearcut.c:1487:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(nj_args->outfilename, "a"); /* open for appending */
data/clearcut-1.0.9/clearcut.c:1991:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->val, src->valhandle, NJ_NCELLS(src->ntaxa)*sizeof(float));
data/clearcut-1.0.9/clearcut.c:1994:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->r, src->rhandle, src->ntaxa*sizeof(float));
data/clearcut-1.0.9/clearcut.c:1995:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->r2, src->r2handle, src->ntaxa*sizeof(float));
data/clearcut-1.0.9/cmdargs.c:166:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nj_args.seed = atoi(optarg);
data/clearcut-1.0.9/cmdargs.c:174:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nj_args.ntrees = atoi(optarg);
data/clearcut-1.0.9/cmdargs.c:408:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_mode[32];
data/clearcut-1.0.9/cmdargs.c:412:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(input_mode, "Distance Matrix");
data/clearcut-1.0.9/cmdargs.c:415:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(input_mode, "Unaligned Sequences");
data/clearcut-1.0.9/cmdargs.c:418:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(input_mode, "Aligned Sequences");
data/clearcut-1.0.9/cmdargs.c:421:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(input_mode, "UNKNOWN");
data/clearcut-1.0.9/dmat.c:467:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(nj_args->infilename, "r");
data/clearcut-1.0.9/dmat.c:796:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(nj_args->matrixout, "w");
data/clearcut-1.0.9/fasta.c:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char NJ_dna_ambiguity_syms[NJ_NUM_DNA_AMBIGUITY_SYMS] =
data/clearcut-1.0.9/fasta.c:70:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char NJ_protein_ambiguity_syms[NJ_NUM_PROTEIN_AMBIGUITY_SYMS] =
data/clearcut-1.0.9/fasta.c:76:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char NJ_dna_syms[NJ_NUM_DNA_SYMS] =
data/clearcut-1.0.9/fasta.c:83:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char NJ_protein_syms[NJ_NUM_PROTEIN_SYMS] =
data/clearcut-1.0.9/fasta.c:342:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(nj_args->infilename, "r");
data/clearcut-1.0.9/getopt_long.c:471:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[50];
data/clearcut-1.0.9/clearcut.c:1967:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dest->taxaname[i] = (char *)calloc(strlen(src->taxaname[i])+1, sizeof(char));
data/clearcut-1.0.9/dist.c:148:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dmat->taxaname[i] = (char *)calloc(strlen(alignment->titles[i])+1, sizeof(char));
data/clearcut-1.0.9/dist.c:154:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dmat->taxaname[i], alignment->titles[i], strlen(alignment->titles[i]));
data/clearcut-1.0.9/dist.c:154:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(dmat->taxaname[i], alignment->titles[i], strlen(alignment->titles[i]));
data/clearcut-1.0.9/dmat.c:194:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(token) == 1) {
data/clearcut-1.0.9/dmat.c:200:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(token);i++) {
data/clearcut-1.0.9/dmat.c:280:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!NJ_is_number(token[strlen(token)-1])) {
data/clearcut-1.0.9/dmat.c:326:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/clearcut-1.0.9/dmat.c:355:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/clearcut-1.0.9/dmat.c:554:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dmat->taxaname[row] = (char *)calloc(strlen(token->buf)+1, sizeof(char));
data/clearcut-1.0.9/fasta.c:380:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/clearcut-1.0.9/fasta.c:452:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alignment->titles[seq] = (char *)calloc(strlen(buf), sizeof(char));
data/clearcut-1.0.9/getopt_long.c:208:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(arg);
data/clearcut-1.0.9/getopt_long.c:383:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(opt);
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 8376 in approximately 0.26 seconds (32142 lines/second)
Physical Source Lines of Code (SLOC) = 4494
Hits@level = [0] 195 [1] 14 [2] 20 [3] 4 [4] 3 [5] 0
Hits@level+ = [0+] 236 [1+] 41 [2+] 27 [3+] 7 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 52.5145 [1+] 9.12328 [2+] 6.00801 [3+] 1.55763 [4+] 0.667557 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.