Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hepmc-2.06.09/test/testPrintBug.cc
Examining data/hepmc-2.06.09/test/testUnits.cc
Examining data/hepmc-2.06.09/test/testPolarization.cc
Examining data/hepmc-2.06.09/test/testHepMCIteration.h
Examining data/hepmc-2.06.09/test/list_of_examples.cc
Examining data/hepmc-2.06.09/test/testHepMCMethods.h
Examining data/hepmc-2.06.09/test/IsGoodEvent.h
Examining data/hepmc-2.06.09/test/testWeights.cc
Examining data/hepmc-2.06.09/test/testHepMCMethods.cc
Examining data/hepmc-2.06.09/test/testFlow.cc
Examining data/hepmc-2.06.09/test/testSimpleVector.cc
Examining data/hepmc-2.06.09/fio/HerwigWrapper.cc
Examining data/hepmc-2.06.09/fio/IO_HEPEVT.cc
Examining data/hepmc-2.06.09/fio/IO_HERWIG.cc
Examining data/hepmc-2.06.09/fio/HEPEVT_Wrapper.cc
Examining data/hepmc-2.06.09/HepMC/enable_if.h
Examining data/hepmc-2.06.09/HepMC/is_arithmetic.h
Examining data/hepmc-2.06.09/HepMC/Units.h
Examining data/hepmc-2.06.09/HepMC/GenCrossSection.h
Examining data/hepmc-2.06.09/HepMC/CompareGenEvent.h
Examining data/hepmc-2.06.09/HepMC/GenParticle.h
Examining data/hepmc-2.06.09/HepMC/StreamInfo.h
Examining data/hepmc-2.06.09/HepMC/Polarization.h
Examining data/hepmc-2.06.09/HepMC/IO_AsciiParticles.h
Examining data/hepmc-2.06.09/HepMC/PythiaWrapper.h
Examining data/hepmc-2.06.09/HepMC/SearchVector.h
Examining data/hepmc-2.06.09/HepMC/IO_GenEvent.h
Examining data/hepmc-2.06.09/HepMC/PdfInfo.h
Examining data/hepmc-2.06.09/HepMC/StreamHelpers.h
Examining data/hepmc-2.06.09/HepMC/IO_HERWIG.h
Examining data/hepmc-2.06.09/HepMC/GenEvent.h
Examining data/hepmc-2.06.09/HepMC/TempParticleMap.h
Examining data/hepmc-2.06.09/HepMC/HEPEVT_Wrapper.h
Examining data/hepmc-2.06.09/HepMC/WeightContainer.h
Examining data/hepmc-2.06.09/HepMC/HeavyIon.h
Examining data/hepmc-2.06.09/HepMC/PythiaWrapper6_4_WIN32.h
Examining data/hepmc-2.06.09/HepMC/IO_Exception.h
Examining data/hepmc-2.06.09/HepMC/Flow.h
Examining data/hepmc-2.06.09/HepMC/Version.h
Examining data/hepmc-2.06.09/HepMC/PythiaWrapper6_4.h
Examining data/hepmc-2.06.09/HepMC/HerwigWrapper.h
Examining data/hepmc-2.06.09/HepMC/GenVertex.h
Examining data/hepmc-2.06.09/HepMC/GenRanges.h
Examining data/hepmc-2.06.09/HepMC/HepMCDefs.h
Examining data/hepmc-2.06.09/HepMC/IO_BaseClass.h
Examining data/hepmc-2.06.09/HepMC/IO_HEPEVT.h
Examining data/hepmc-2.06.09/HepMC/IteratorRange.h
Examining data/hepmc-2.06.09/HepMC/SimpleVector.h
Examining data/hepmc-2.06.09/src/GenEvent.cc
Examining data/hepmc-2.06.09/src/GenParticle.cc
Examining data/hepmc-2.06.09/src/Flow.cc
Examining data/hepmc-2.06.09/src/Polarization.cc
Examining data/hepmc-2.06.09/src/CompareGenEvent.cc
Examining data/hepmc-2.06.09/src/filterEvent.cc
Examining data/hepmc-2.06.09/src/StreamInfo.cc
Examining data/hepmc-2.06.09/src/GenRanges.cc
Examining data/hepmc-2.06.09/src/PdfInfo.cc
Examining data/hepmc-2.06.09/src/HeavyIon.cc
Examining data/hepmc-2.06.09/src/GenVertex.cc
Examining data/hepmc-2.06.09/src/IO_GenEvent.cc
Examining data/hepmc-2.06.09/src/GenEventStreamIO.cc
Examining data/hepmc-2.06.09/src/GenCrossSection.cc
Examining data/hepmc-2.06.09/src/StreamHelpers.cc
Examining data/hepmc-2.06.09/src/SearchVector.cc
Examining data/hepmc-2.06.09/src/WeightContainer.cc
Examining data/hepmc-2.06.09/src/IO_AsciiParticles.cc
Examining data/hepmc-2.06.09/examples/example_UsingIterators.cc
Examining data/hepmc-2.06.09/examples/example_VectorConversion.cc
Examining data/hepmc-2.06.09/examples/fio/example_MyPythiaOnlyToHepMC.cc
Examining data/hepmc-2.06.09/examples/fio/initPythia.cc
Examining data/hepmc-2.06.09/examples/fio/PythiaHelper.h
Examining data/hepmc-2.06.09/examples/fio/testPythiaCopies.cc
Examining data/hepmc-2.06.09/examples/fio/example_MyPythia.cc
Examining data/hepmc-2.06.09/examples/fio/example_PythiaStreamIO.cc
Examining data/hepmc-2.06.09/examples/fio/example_MyHerwig.cc
Examining data/hepmc-2.06.09/examples/fio/testHerwigCopies.cc
Examining data/hepmc-2.06.09/examples/list_of_examples.cc
Examining data/hepmc-2.06.09/examples/example_EventSelection.cc
Examining data/hepmc-2.06.09/examples/example_BuildEventFromScratch.cc
Examining data/hepmc-2.06.09/examples/pythia8/main31.cc
Examining data/hepmc-2.06.09/examples/pythia8/main32.cc
Examining data/hepmc-2.06.09/examples/VectorConversion.h
FINAL RESULTS:
data/hepmc-2.06.09/fio/HEPEVT_Wrapper.cc:58:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( outline,"%4s %4s %4s %5s %10s, %9s, %9s, %9s, %10s",
data/hepmc-2.06.09/fio/HEPEVT_Wrapper.cc:62:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( outline,"%9s %4s %4s %10s, %9s, %9s, %9s) %9s",
data/hepmc-2.06.09/HepMC/HEPEVT_Wrapper.h:73:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[hepevt_bytes_allocation];
data/hepmc-2.06.09/HepMC/HEPEVT_Wrapper.h:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[hepevt_bytes_allocation];
data/hepmc-2.06.09/HepMC/HerwigWrapper.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PART1[8],PART2[8];
data/hepmc-2.06.09/fio/HEPEVT_Wrapper.cc:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outline[81];
data/hepmc-2.06.09/fio/HEPEVT_Wrapper.cc:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outline[81];
data/hepmc-2.06.09/fio/HEPEVT_Wrapper.cc:75:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( outline,
data/hepmc-2.06.09/fio/HEPEVT_Wrapper.cc:80:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( outline,"%+9d %4d %4d (%9.3g, %9.3g, %9.3g, %9.3g)",
data/hepmc-2.06.09/fio/HEPEVT_Wrapper.cc:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[81];
data/hepmc-2.06.09/fio/HEPEVT_Wrapper.cc:94:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( header,
data/hepmc-2.06.09/HepMC/GenCrossSection.h:77:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::istream & read( std::istream & );
data/hepmc-2.06.09/HepMC/GenCrossSection.h:93:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ return xs.read(is); }
data/hepmc-2.06.09/HepMC/GenEvent.h:263:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::istream& read(std::istream&);
data/hepmc-2.06.09/HepMC/PythiaWrapper6_4.h:262:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ pyinit( frame,beam,target,&win,strlen(frame),strlen(beam),strlen(target) ); }
data/hepmc-2.06.09/HepMC/PythiaWrapper6_4.h:262:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ pyinit( frame,beam,target,&win,strlen(frame),strlen(beam),strlen(target) ); }
data/hepmc-2.06.09/HepMC/PythiaWrapper6_4.h:262:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ pyinit( frame,beam,target,&win,strlen(frame),strlen(beam),strlen(target) ); }
data/hepmc-2.06.09/HepMC/PythiaWrapper6_4_WIN32.h:152:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ PYINIT( frame,strlen(frame),beam,strlen(beam),target,strlen(target),&win); }
data/hepmc-2.06.09/HepMC/PythiaWrapper6_4_WIN32.h:152:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ PYINIT( frame,strlen(frame),beam,strlen(beam),target,strlen(target),&win); }
data/hepmc-2.06.09/HepMC/PythiaWrapper6_4_WIN32.h:152:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ PYINIT( frame,strlen(frame),beam,strlen(beam),target,strlen(target),&win); }
data/hepmc-2.06.09/examples/fio/example_PythiaStreamIO.cc:130:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
evt.read( is );
data/hepmc-2.06.09/src/GenCrossSection.cc:76:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::istream & GenCrossSection::read( std::istream & is )
data/hepmc-2.06.09/src/GenEventStreamIO.cc:155:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::istream& GenEvent::read( std::istream& is )
data/hepmc-2.06.09/src/GenEventStreamIO.cc:235:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xs.read(is);
data/hepmc-2.06.09/src/GenEventStreamIO.cc:364:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
evt.read(is);
ANALYSIS SUMMARY:
Hits = 25
Lines analyzed = 14709 in approximately 0.41 seconds (35719 lines/second)
Physical Source Lines of Code (SLOC) = 8797
Hits@level = [0] 0 [1] 14 [2] 9 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 25 [1+] 25 [2+] 11 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 2.84188 [1+] 2.84188 [2+] 1.25043 [3+] 0.22735 [4+] 0.22735 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.