Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/h5utils-1.13.1/arrayh4.c
Examining data/h5utils-1.13.1/arrayh4.h
Examining data/h5utils-1.13.1/arrayh5.c
Examining data/h5utils-1.13.1/arrayh5.h
Examining data/h5utils-1.13.1/copyright.h
Examining data/h5utils-1.13.1/h4fromh5.c
Examining data/h5utils-1.13.1/h5cyl2cart.c
Examining data/h5utils-1.13.1/h5fromh4.c
Examining data/h5utils-1.13.1/h5fromtxt.c
Examining data/h5utils-1.13.1/h5math.c
Examining data/h5utils-1.13.1/h5read.cc
Examining data/h5utils-1.13.1/h5topng.c
Examining data/h5utils-1.13.1/h5totxt.c
Examining data/h5utils-1.13.1/h5tov5d.c
Examining data/h5utils-1.13.1/h5tovtk.c
Examining data/h5utils-1.13.1/h5utils.c
Examining data/h5utils-1.13.1/h5utils.h
Examining data/h5utils-1.13.1/writepng.c
Examining data/h5utils-1.13.1/writepng.h

FINAL RESULTS:

data/h5utils-1.13.1/arrayh5.c:173:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(*dname, name);
data/h5utils-1.13.1/arrayh5.c:218:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(dname, datapath);
data/h5utils-1.13.1/arrayh5.c:414:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(dname, datapath);
data/h5utils-1.13.1/h4fromh5.c:67:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		   printf("h4fromh5 " PACKAGE_VERSION " by Steven G. Johnson\n" 
data/h5utils-1.13.1/h5cyl2cart.c:116:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		   printf("h5cyl2cart " PACKAGE_VERSION 
data/h5utils-1.13.1/h5cyl2cart.c:159:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(tmp, dname);
data/h5utils-1.13.1/h5cyl2cart.c:224:31:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	       strcpy(tmp, "cart-"); strcat(tmp, dname);
data/h5utils-1.13.1/h5cyl2cart.c:228:31:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	       strcpy(tmp, "cart-"); strcat(tmp, dnamei);
data/h5utils-1.13.1/h5fromh4.c:68:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		   printf("h5fromh4 " PACKAGE_VERSION " by Steven G. Johnson\n" 
data/h5utils-1.13.1/h5fromtxt.c:77:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		   printf("h5fromtxt " PACKAGE_VERSION " by Steven G. Johnson\n" 
data/h5utils-1.13.1/h5math.c:97:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		   printf("h5totxt " PACKAGE_VERSION " by Steven G. Johnson\n" 
data/h5utils-1.13.1/h5math.c:266:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	       strcat(expr_string, buf);
data/h5utils-1.13.1/h5topng.c:152:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
     strcpy(cmap_fname, CMAP_DIR); strcat(cmap_fname, colormap);
data/h5utils-1.13.1/h5topng.c:152:36:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
     strcpy(cmap_fname, CMAP_DIR); strcat(cmap_fname, colormap);
data/h5utils-1.13.1/h5topng.c:268:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		   printf("h5topng " PACKAGE_VERSION " by Steven G. Johnson\n"
data/h5utils-1.13.1/h5topng.c:515:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			 strcat(suff, s);
data/h5utils-1.13.1/h5totxt.c:82:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		   printf("h5totxt " PACKAGE_VERSION " by Steven G. Johnson\n" 
data/h5utils-1.13.1/h5tovtk.c:198:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		   printf("h5tovtk " PACKAGE_VERSION " by Steven G. Johnson\n" 
data/h5utils-1.13.1/h5utils.c:36:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
     strcpy(sd, s);
data/h5utils-1.13.1/h5utils.c:52:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
     strcpy(new_s, s);
data/h5utils-1.13.1/h5utils.c:56:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
     strcat(new_s, new_suff);
data/h5utils-1.13.1/h5utils.c:82:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(filename, fname);
data/h5utils-1.13.1/h4fromh5.c:61:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while ((c = getopt(argc, argv, "hd:vTo:V")) != -1)
data/h5utils-1.13.1/h5cyl2cart.c:110:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while ((c = getopt(argc, argv, "hVvm:o:r:d:i:")) != -1)
data/h5utils-1.13.1/h5fromh4.c:62:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while ((c = getopt(argc, argv, "hd:vo:aV")) != -1)
data/h5utils-1.13.1/h5fromtxt.c:71:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while ((c = getopt(argc, argv, "hn:d:vTaV")) != -1)
data/h5utils-1.13.1/h5math.c:91:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while ((c = getopt(argc, argv, "hVvan:f:e:x:y:z:t:0d:r:")) != -1)
data/h5utils-1.13.1/h5topng.c:262:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while ((c = getopt(argc, argv, "ho:x:y:z:t:0c:m:M:RC:b:d:vX:Y:S:TrZs:Va:A:8")) != -1)
data/h5utils-1.13.1/h5totxt.c:76:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while ((c = getopt(argc, argv, "ho:x:y:z:t:0ad:vTs:.:V")) != -1)
data/h5utils-1.13.1/h5tov5d.c:302:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while ((c = getopt(argc, argv, "ho:d:vTV124x:y:z:t:0")) != -1)
data/h5utils-1.13.1/h5tovtk.c:192:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while ((c = getopt(argc, argv, "ho:d:vV124mMZranx:y:z:t:0")) != -1)
data/h5utils-1.13.1/arrayh5.c:82:18:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
     if (a.data) memcpy(b.data, a.data, sizeof(double) * a.N);
data/h5utils-1.13.1/h5cyl2cart.c:124:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   m = atoi(optarg);
data/h5utils-1.13.1/h5cyl2cart.c:160:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(tmp, ".r");
data/h5utils-1.13.1/h5cyl2cart.c:224:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	       strcpy(tmp, "cart-"); strcat(tmp, dname);
data/h5utils-1.13.1/h5cyl2cart.c:228:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	       strcpy(tmp, "cart-"); strcat(tmp, dnamei);
data/h5utils-1.13.1/h5math.c:135:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[0] = atoi(optarg);
data/h5utils-1.13.1/h5math.c:139:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[1] = atoi(optarg);
data/h5utils-1.13.1/h5math.c:143:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[2] = atoi(optarg);
data/h5utils-1.13.1/h5math.c:147:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[3] = atoi(optarg);
data/h5utils-1.13.1/h5math.c:242:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(vars[i], "d%d", i + 1);
data/h5utils-1.13.1/h5math.c:252:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char buf[1024] = "";
data/h5utils-1.13.1/h5math.c:254:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	  FILE *f = expr_filename ? fopen(expr_filename, "r") : stdin;
data/h5utils-1.13.1/h5topng.c:154:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	 || !(cmap_f = fopen(cmap_fname, "r"))) {
data/h5utils-1.13.1/h5topng.c:157:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	  if (!(cmap_f = fopen(cmap_fname, "r"))) {
data/h5utils-1.13.1/h5topng.c:510:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			 char s[128];
data/h5utils-1.13.1/h5topng.c:511:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			 sprintf(s, ".%c%0*d", dimname[dim],
data/h5utils-1.13.1/h5topng.c:517:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	       strcat(suff, ".png");
data/h5utils-1.13.1/h5totxt.c:107:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   dec = atoi(optarg);
data/h5utils-1.13.1/h5totxt.c:110:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[0] = atoi(optarg);
data/h5utils-1.13.1/h5totxt.c:114:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[1] = atoi(optarg);
data/h5utils-1.13.1/h5totxt.c:118:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[2] = atoi(optarg);
data/h5utils-1.13.1/h5totxt.c:122:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[3] = atoi(optarg);
data/h5utils-1.13.1/h5totxt.c:184:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    f = fopen(txt_fname, "w");
data/h5utils-1.13.1/h5tov5d.c:84:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     char VarName[MAXVARS][10];         /* names of variables */
data/h5utils-1.13.1/h5tov5d.c:219:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			 sprintf(VarName[iv], "%d", iv);
data/h5utils-1.13.1/h5tov5d.c:221:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			 strcpy(VarName[iv], "Infinity");
data/h5utils-1.13.1/h5tov5d.c:329:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[0] = atoi(optarg);
data/h5utils-1.13.1/h5tov5d.c:333:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[1] = atoi(optarg);
data/h5utils-1.13.1/h5tov5d.c:337:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[2] = atoi(optarg);
data/h5utils-1.13.1/h5tov5d.c:341:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[3] = atoi(optarg);
data/h5utils-1.13.1/h5tovtk.c:205:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[0] = atoi(optarg);
data/h5utils-1.13.1/h5tovtk.c:209:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[1] = atoi(optarg);
data/h5utils-1.13.1/h5tovtk.c:213:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[2] = atoi(optarg);
data/h5utils-1.13.1/h5tovtk.c:217:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		   islice[3] = atoi(optarg);
data/h5utils-1.13.1/h5tovtk.c:335:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    f = fopen(vtk_fname, "w");
data/h5utils-1.13.1/h5tovtk.c:375:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	       f = fopen(vtk_fname, "w");
data/h5utils-1.13.1/writepng.c:286:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
     fp = fopen(filename, "wb");
data/h5utils-1.13.1/arrayh5.c:172:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  CHK_MALLOC(*dname, char, strlen(name) + 1);
data/h5utils-1.13.1/arrayh5.c:217:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  CHK_MALLOC(dname, char, strlen(datapath) + 1);
data/h5utils-1.13.1/arrayh5.c:413:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  CHK_MALLOC(dname, char, strlen(datapath) + 1);
data/h5utils-1.13.1/h5cyl2cart.c:155:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       size_t len = strlen(dname);
data/h5utils-1.13.1/h5cyl2cart.c:182:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    size_t len = strlen(dname);
data/h5utils-1.13.1/h5cyl2cart.c:200:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    size_t len = strlen(dnamei);
data/h5utils-1.13.1/h5cyl2cart.c:223:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       tmp = (char*) malloc(sizeof(char) * (strlen(dname)+6));
data/h5utils-1.13.1/h5cyl2cart.c:227:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       tmp = (char*) malloc(sizeof(char) * (strlen(dnamei)+6));
data/h5utils-1.13.1/h5fromh4.c:115:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       if (strlen(dname) >= strlen(".hdf") &&
data/h5utils-1.13.1/h5fromh4.c:115:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       if (strlen(dname) >= strlen(".hdf") &&
data/h5utils-1.13.1/h5fromh4.c:116:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   !strcmp(dname + strlen(dname)-strlen(".hdf"),
data/h5utils-1.13.1/h5fromh4.c:116:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   !strcmp(dname + strlen(dname)-strlen(".hdf"),
data/h5utils-1.13.1/h5fromh4.c:118:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    dname[strlen(dname) - strlen(".hdf")] = 0;
data/h5utils-1.13.1/h5fromh4.c:118:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    dname[strlen(dname) - strlen(".hdf")] = 0;
data/h5utils-1.13.1/h5fromtxt.c:138:23:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  while (isspace(c = getc(stdin)));
data/h5utils-1.13.1/h5fromtxt.c:158:13:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	       c = getc(stdin);
data/h5utils-1.13.1/h5math.c:262:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  len = strlen(buf) + 1;
data/h5utils-1.13.1/h5math.c:264:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       len += strlen(buf);
data/h5utils-1.13.1/h5topng.c:94:23:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  while (isspace(c = fgetc(f)));
data/h5utils-1.13.1/h5topng.c:96:28:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	       while (isspace(c = fgetc(f)) && c != '\n' && c != EOF);
data/h5utils-1.13.1/h5topng.c:98:29:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	       while ('\n' != (c = fgetc(f)) && c != EOF)
data/h5utils-1.13.1/h5topng.c:145:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					(strlen(CMAP_DIR)
data/h5utils-1.13.1/h5topng.c:146:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					 + strlen(colormap) + 1));
data/h5utils-1.13.1/h5tov5d.c:207:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    int suff = strlen(v5d_fname) - 4;
data/h5utils-1.13.1/h5utils.c:34:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     char *sd = (char *) malloc(sizeof(char) * (strlen(s) + 1));
data/h5utils-1.13.1/h5utils.c:45:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     s_len = strlen(s);
data/h5utils-1.13.1/h5utils.c:46:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     old_suff_len = strlen(old_suff);
data/h5utils-1.13.1/h5utils.c:47:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     new_suff_len = strlen(new_suff);
data/h5utils-1.13.1/h5utils.c:69:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     fname_len = strlen(fname);
data/h5utils-1.13.1/h5utils.c:72:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          int colon_len = strlen(colon);
data/h5utils-1.13.1/h5utils.c:75:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
          strncpy(filename, fname, fname_len-colon_len+1);

ANALYSIS SUMMARY:

Hits = 99
Lines analyzed = 4385 in approximately 0.20 seconds (22229 lines/second)
Physical Source Lines of Code (SLOC) = 3406
Hits@level = [0] 114 [1]  31 [2]  37 [3]   9 [4]  22 [5]   0
Hits@level+ = [0+] 213 [1+]  99 [2+]  68 [3+]  31 [4+]  22 [5+]   0
Hits/KSLOC@level+ = [0+] 62.5367 [1+] 29.0664 [2+] 19.9648 [3+] 9.10159 [4+] 6.45919 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.