Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/populations-1.2.33+svn0120106+dfsg/CMakeFiles/CompilerIdC/CMakeCCompilerId.c Examining data/populations-1.2.33+svn0120106+dfsg/CMakeFiles/CompilerIdCXX/CMakeCXXCompilerId.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/allele.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/allele.h Examining data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/applications.h Examining data/populations-1.2.33+svn0120106+dfsg/src/applpop.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/applpop.h Examining data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.h Examining data/populations-1.2.33+svn0120106+dfsg/src/arbre.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/arbre.h Examining data/populations-1.2.33+svn0120106+dfsg/src/arbreplus.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/arbreplus.h Examining data/populations-1.2.33+svn0120106+dfsg/src/chaineficpop.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/chaineficpop.h Examining data/populations-1.2.33+svn0120106+dfsg/src/config.h Examining data/populations-1.2.33+svn0120106+dfsg/src/couleur.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/couleur.h Examining data/populations-1.2.33+svn0120106+dfsg/src/distgnt.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/distgnt.h Examining data/populations-1.2.33+svn0120106+dfsg/src/fstat.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/fstat.h Examining data/populations-1.2.33+svn0120106+dfsg/src/individu.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/individu.h Examining data/populations-1.2.33+svn0120106+dfsg/src/internat.h Examining data/populations-1.2.33+svn0120106+dfsg/src/jeupop.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/jeupop.h Examining data/populations-1.2.33+svn0120106+dfsg/src/jeupopexp.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/jeupopexp.h Examining data/populations-1.2.33+svn0120106+dfsg/src/locus.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/locus.h Examining data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/matrices.h Examining data/populations-1.2.33+svn0120106+dfsg/src/metapop.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/metapop.h Examining data/populations-1.2.33+svn0120106+dfsg/src/population.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/population.h Examining data/populations-1.2.33+svn0120106+dfsg/src/populations.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/qtpop/qtpopulations.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/strucpop.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/strucpop.h Examining data/populations-1.2.33+svn0120106+dfsg/src/vecteurs.cpp Examining data/populations-1.2.33+svn0120106+dfsg/src/vecteurs.h FINAL RESULTS: data/populations-1.2.33+svn0120106+dfsg/src/arbre.h:134:42: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). void set_reference(const string & ref) {strcpy(_reference, ref.c_str());}; data/populations-1.2.33+svn0120106+dfsg/src/arbre.h:135:39: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). void set_reference(const char * ref){strcpy(_reference, ref);}; data/populations-1.2.33+svn0120106+dfsg/src/distgnt.cpp:415:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand ((unsigned) time( NULL ) ); data/populations-1.2.33+svn0120106+dfsg/src/distgnt.cpp:496:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand ((unsigned) time( NULL ) ); data/populations-1.2.33+svn0120106+dfsg/src/allele.cpp:52:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _nbrepet = atoi(nom.c_str()); data/populations-1.2.33+svn0120106+dfsg/src/allele.cpp:62:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _nbrepet = atoi(nom); data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:145:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _fichier.open(_nomFichier.c_str(), ios::in); data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:167:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzfichier.open(_nomFichier.c_str(), ios::in); data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:220:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sortie.open(nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:324:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). entier = atoi(rep.c_str()); data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:347:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). entier = atoi(mot.c_str()); data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:370:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _fichier.open(_nomFichier.c_str(), ios::in); data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:416:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:440:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _fichier.open(nomfichier.c_str(), ios::in); data/populations-1.2.33+svn0120106+dfsg/src/applpop.cpp:79:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _fichier.open(_nomFichier.c_str(), ios::in); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:512:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:528:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open("correspondances.txt", ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:533:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:549:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:564:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open("correspondances.txt", ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:569:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:584:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:862:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:877:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open("correspondances.txt", ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:882:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:912:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:956:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:961:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(fichier_mtx.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:985:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1227:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1258:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _fichier.open(tab_commandes[0].c_str(), ios::in); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1283:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(tab_commandes[pos + 1].c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1631:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _fichier.open("toutc2.txt", ios::in); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1767:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1783:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1819:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _fichier.open(_nomFichier.c_str(), ios::in); data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1849:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _sortie.open(_nomFichier.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/arbre.cpp:622:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nomcar[50]; data/populations-1.2.33+svn0120106+dfsg/src/arbre.cpp:701:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; //ATTENTION à la taille de temp !!!!! data/populations-1.2.33+svn0120106+dfsg/src/arbre.cpp:733:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[15]; //ATTENTION à la taille de temp !!!!! data/populations-1.2.33+svn0120106+dfsg/src/arbre.h:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _reference[50]; data/populations-1.2.33+svn0120106+dfsg/src/jeupopexp.cpp:216:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char crlf[3]; data/populations-1.2.33+svn0120106+dfsg/src/jeupopexp.cpp:290:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char crlf[3]; data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:665:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). type = atoi(sousmot.c_str()); data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:678:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nl = atoi(sousmot.c_str()); data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:689:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nc = atoi(sousmot.c_str()); data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:695:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). miss = atoi(mot.c_str()); data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:794:7: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nl = atol(sousmot.c_str()); data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:805:8: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nc = atol(sousmot.c_str()); data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:1618:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fichier.open(fnomplus.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:1634:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fichier.open(fnomplus.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:1647:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fichier.open(fnomplus.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:1661:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fichier.open(fnomplus.c_str(), ios::out); data/populations-1.2.33+svn0120106+dfsg/src/vecteurs.h:122:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (atoi(c_str())); data/populations-1.2.33+svn0120106+dfsg/src/vecteurs.h:126:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (atoi(c_str())); ANALYSIS SUMMARY: Hits = 55 Lines analyzed = 17906 in approximately 0.44 seconds (40709 lines/second) Physical Source Lines of Code (SLOC) = 10960 Hits@level = [0] 0 [1] 0 [2] 51 [3] 2 [4] 2 [5] 0 Hits@level+ = [0+] 55 [1+] 55 [2+] 55 [3+] 4 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 5.01825 [1+] 5.01825 [2+] 5.01825 [3+] 0.364964 [4+] 0.182482 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.