Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/itk4-4.1.0/generic/itkStubInit.c
Examining data/itk4-4.1.0/generic/itkArchetype.c
Examining data/itk4-4.1.0/generic/itkArchBase.c
Examining data/itk4-4.1.0/generic/itkOption.c
Examining data/itk4-4.1.0/generic/itkUtil.c
Examining data/itk4-4.1.0/generic/itkDecls.h
Examining data/itk4-4.1.0/generic/itkStubLib.c
Examining data/itk4-4.1.0/generic/itkHelpers.c
Examining data/itk4-4.1.0/generic/itkCmd.c
Examining data/itk4-4.1.0/generic/itkInt.h
Examining data/itk4-4.1.0/generic/itkIntDecls.h
Examining data/itk4-4.1.0/generic/itk.h
Examining data/itk4-4.1.0/generic/itkBase.c
Examining data/itk4-4.1.0/win/nmakehlp.c
Examining data/itk4-4.1.0/win/dllEntryPoint.c

FINAL RESULTS:

data/itk4-4.1.0/generic/itkArchBase.c:315:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(path, resultStr);
data/itk4-4.1.0/generic/itkArchBase.c:1771:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(lastval, v);
data/itk4-4.1.0/generic/itkArchBase.c:1916:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(archOpt->init, init);
data/itk4-4.1.0/generic/itkArchBase.c:1940:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(archComp->pathName, wname);
data/itk4-4.1.0/generic/itkArchBase.c:2010:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(name+1, switchName);
data/itk4-4.1.0/generic/itkArchBase.c:2026:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(archOpt->resName, resName);
data/itk4-4.1.0/generic/itkArchBase.c:2039:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(archOpt->resClass, resClass);
data/itk4-4.1.0/generic/itkArchBase.c:2067:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(archOpt->switchName, name);
data/itk4-4.1.0/generic/itkArchBase.c:2071:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(archOpt->resName, resName);
data/itk4-4.1.0/generic/itkArchBase.c:2078:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(archOpt->resClass, resClass);
data/itk4-4.1.0/generic/itkArchBase.c:2172:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(archOpt->init, ival);
data/itk4-4.1.0/generic/itkArchBase.c:2375:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(name+1, switchName);
data/itk4-4.1.0/generic/itkArchBase.c:2447:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(name+1, switchName);
data/itk4-4.1.0/generic/itkArchBase.c:2818:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(name+1, switchName);
data/itk4-4.1.0/generic/itkOption.c:506:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(opt->resName, resName);
data/itk4-4.1.0/generic/itkOption.c:509:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(opt->resClass, resClass);
data/itk4-4.1.0/generic/itkOption.c:512:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(opt->init, defVal);
data/itk4-4.1.0/win/nmakehlp.c:38:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define   snprintf	_snprintf
data/itk4-4.1.0/win/nmakehlp.c:38:20:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define   snprintf	_snprintf
data/itk4-4.1.0/win/nmakehlp.c:237:5:  [4] (buffer) lstrcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
    lstrcat(cmdline, option);
data/itk4-4.1.0/win/nmakehlp.c:371:5:  [4] (buffer) lstrcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
    lstrcat(cmdline, option);
data/itk4-4.1.0/win/nmakehlp.c:656:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    printf(szBuffer);
data/itk4-4.1.0/win/nmakehlp.c:245:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(
data/itk4-4.1.0/win/nmakehlp.c:245:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(
data/itk4-4.1.0/win/nmakehlp.c:373:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(
data/itk4-4.1.0/win/nmakehlp.c:373:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(
data/itk4-4.1.0/generic/itkArchBase.c:1330:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char msg[256];
data/itk4-4.1.0/generic/itkArchBase.c:1331:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(msg, "\n    (while adding option \"%.100s\")", token);
data/itk4-4.1.0/generic/itkArchBase.c:1498:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char msg[256];
data/itk4-4.1.0/generic/itkArchBase.c:1499:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(msg, "\n    (while removing option \"%.100s\")",
data/itk4-4.1.0/generic/itkArchBase.c:1618:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char msg[256];
data/itk4-4.1.0/generic/itkArchBase.c:1619:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(msg, "\n    (error in configuration of public variable \"%.100s\")", Tcl_GetString(ivPtr->fullNamePtr));
data/itk4-4.1.0/generic/itkArchBase.c:1645:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char msg[256];
data/itk4-4.1.0/generic/itkArchBase.c:1646:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(msg, "\n    (error in configuration of public variable \"%.100s\")", Tcl_GetString(ivPtr->fullNamePtr));
data/itk4-4.1.0/generic/itkArchBase.c:2717:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                info->switchName = (char *)optv[0];
data/itk4-4.1.0/generic/itkArchBase.c:2718:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                info->resName    = (char *)optv[1];
data/itk4-4.1.0/generic/itkArchBase.c:2719:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                info->resClass   = (char *)optv[2];
data/itk4-4.1.0/generic/itkArchBase.c:2720:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                info->init       = (char *)optv[3];
data/itk4-4.1.0/generic/itkArchBase.c:2721:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                info->value      = (char *)optv[4];
data/itk4-4.1.0/generic/itkArchBase.c:2856:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        genericOpt->switchName = (char *)optv[0];
data/itk4-4.1.0/generic/itkArchBase.c:2857:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        genericOpt->resName    = (char *)optv[1];
data/itk4-4.1.0/generic/itkArchBase.c:2858:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        genericOpt->resClass   = (char *)optv[2];
data/itk4-4.1.0/generic/itkArchBase.c:2859:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        genericOpt->init       = (char *)optv[3];
data/itk4-4.1.0/generic/itkArchBase.c:2860:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        genericOpt->value      = (char *)optv[4];
data/itk4-4.1.0/generic/itkUtil.c:98:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((VOID*)newOrder, (VOID*)olist->list, (size_t)size);
data/itk4-4.1.0/win/nmakehlp.c:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STATICBUFFERSIZE];
data/itk4-4.1.0/win/nmakehlp.c:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[300];
data/itk4-4.1.0/win/nmakehlp.c:188:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[300];
data/itk4-4.1.0/win/nmakehlp.c:191:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmdline[100];
data/itk4-4.1.0/win/nmakehlp.c:231:5:  [2] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
    lstrcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X -Fp.\\_junk.pch ");
data/itk4-4.1.0/win/nmakehlp.c:243:5:  [2] (buffer) lstrcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant string.
    lstrcat(cmdline, " .\\nul");
data/itk4-4.1.0/win/nmakehlp.c:322:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[300];
data/itk4-4.1.0/win/nmakehlp.c:325:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmdline[100];
data/itk4-4.1.0/win/nmakehlp.c:365:5:  [2] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
    lstrcpy(cmdline, "link.exe -nologo ");
data/itk4-4.1.0/win/nmakehlp.c:486:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char szBuffer[100];
data/itk4-4.1.0/win/nmakehlp.c:488:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen(filename, "rt");
data/itk4-4.1.0/win/nmakehlp.c:519:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(szBuffer, p, q - p);
data/itk4-4.1.0/win/nmakehlp.c:594:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char szBuffer[1024], szCopy[1024];
data/itk4-4.1.0/win/nmakehlp.c:599:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(filename, "rt");
data/itk4-4.1.0/win/nmakehlp.c:606:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	sp = fopen(substitutions, "rt");
data/itk4-4.1.0/win/nmakehlp.c:653:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(szBuffer, szCopy, sizeof(szCopy));
data/itk4-4.1.0/win/nmakehlp.c:677:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCwd[MAX_PATH + 1];
data/itk4-4.1.0/win/nmakehlp.c:678:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[MAX_PATH + 1];
data/itk4-4.1.0/generic/itkArchBase.c:314:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    path = (char*)ckalloc((unsigned)(strlen(resultStr)+1));
data/itk4-4.1.0/generic/itkArchBase.c:1770:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        lastval = (char*)ckalloc((unsigned)(strlen(v)+1));
data/itk4-4.1.0/generic/itkArchBase.c:1915:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                archOpt->init = (char*)ckalloc((unsigned)(strlen(init)+1));
data/itk4-4.1.0/generic/itkArchBase.c:1939:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    archComp->pathName   = (char *) ckalloc((unsigned)(strlen(wname)+1));
data/itk4-4.1.0/generic/itkArchBase.c:2008:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        name = ckalloc((unsigned)(strlen(switchName)+2));
data/itk4-4.1.0/generic/itkArchBase.c:2025:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            archOpt->resName = (char*)ckalloc((unsigned)(strlen(resName)+1));
data/itk4-4.1.0/generic/itkArchBase.c:2038:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            archOpt->resClass = (char*)ckalloc((unsigned)(strlen(resClass)+1));
data/itk4-4.1.0/generic/itkArchBase.c:2066:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    archOpt->switchName = (char*)ckalloc((unsigned)(strlen(name)+1));
data/itk4-4.1.0/generic/itkArchBase.c:2070:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        archOpt->resName = (char*)ckalloc((unsigned)(strlen(resName)+1));
data/itk4-4.1.0/generic/itkArchBase.c:2077:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        archOpt->resClass = (char*)ckalloc((unsigned)(strlen(resClass)+1));
data/itk4-4.1.0/generic/itkArchBase.c:2171:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        archOpt->init = (char*)ckalloc((unsigned)(strlen(ival)+1));
data/itk4-4.1.0/generic/itkArchBase.c:2373:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        name = ckalloc((unsigned)(strlen(switchName)+2));
data/itk4-4.1.0/generic/itkArchBase.c:2445:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        name = ckalloc((unsigned)(strlen(switchName)+2));
data/itk4-4.1.0/generic/itkArchBase.c:2816:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        name = ckalloc((unsigned)(strlen(switchName)+2));
data/itk4-4.1.0/generic/itkArchetype.c:435:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(token);
data/itk4-4.1.0/generic/itkArchetype.c:751:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(token);
data/itk4-4.1.0/generic/itkArchetype.c:881:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(Tcl_GetString(objv[1])) == 0) {
data/itk4-4.1.0/generic/itkArchetype.c:1061:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(Tcl_GetString(objv[1])) == 0) {
data/itk4-4.1.0/generic/itkOption.c:505:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    opt->resName = (char*)ckalloc((unsigned)(strlen(resName)+1));
data/itk4-4.1.0/generic/itkOption.c:508:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    opt->resClass = (char*)ckalloc((unsigned)(strlen(resClass)+1));
data/itk4-4.1.0/generic/itkOption.c:511:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    opt->init = (char*)ckalloc((unsigned)(strlen(defVal)+1));
data/itk4-4.1.0/win/nmakehlp.c:504:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		p += strlen(match);
data/itk4-4.1.0/win/nmakehlp.c:650:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    op += strlen(p->key);

ANALYSIS SUMMARY:

Hits = 86
Lines analyzed = 7094 in approximately 0.30 seconds (23327 lines/second)
Physical Source Lines of Code (SLOC) = 3997
Hits@level = [0]  17 [1]  23 [2]  37 [3]   4 [4]  22 [5]   0
Hits@level+ = [0+] 103 [1+]  86 [2+]  63 [3+]  26 [4+]  22 [5+]   0
Hits/KSLOC@level+ = [0+] 25.7693 [1+] 21.5161 [2+] 15.7618 [3+] 6.50488 [4+] 5.50413 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.