Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libfann-2.2.0+ds/examples/cascade_train.c
Examining data/libfann-2.2.0+ds/examples/momentums.c
Examining data/libfann-2.2.0+ds/examples/mushroom.c
Examining data/libfann-2.2.0+ds/examples/robot.c
Examining data/libfann-2.2.0+ds/examples/scaling_test.c
Examining data/libfann-2.2.0+ds/examples/scaling_train.c
Examining data/libfann-2.2.0+ds/examples/simple_test.c
Examining data/libfann-2.2.0+ds/examples/simple_train.c
Examining data/libfann-2.2.0+ds/examples/steepness_train.c
Examining data/libfann-2.2.0+ds/examples/xor_sample.cpp
Examining data/libfann-2.2.0+ds/examples/xor_test.c
Examining data/libfann-2.2.0+ds/examples/xor_train.c
Examining data/libfann-2.2.0+ds/src/doublefann.c
Examining data/libfann-2.2.0+ds/src/fann.c
Examining data/libfann-2.2.0+ds/src/fann_cascade.c
Examining data/libfann-2.2.0+ds/src/fann_error.c
Examining data/libfann-2.2.0+ds/src/fann_io.c
Examining data/libfann-2.2.0+ds/src/fann_train.c
Examining data/libfann-2.2.0+ds/src/fann_train_data.c
Examining data/libfann-2.2.0+ds/src/fixedfann.c
Examining data/libfann-2.2.0+ds/src/floatfann.c
Examining data/libfann-2.2.0+ds/src/include/compat_time.h
Examining data/libfann-2.2.0+ds/src/include/config.h
Examining data/libfann-2.2.0+ds/src/include/doublefann.h
Examining data/libfann-2.2.0+ds/src/include/fann.h
Examining data/libfann-2.2.0+ds/src/include/fann_activation.h
Examining data/libfann-2.2.0+ds/src/include/fann_cascade.h
Examining data/libfann-2.2.0+ds/src/include/fann_data.h
Examining data/libfann-2.2.0+ds/src/include/fann_error.h
Examining data/libfann-2.2.0+ds/src/include/fann_internal.h
Examining data/libfann-2.2.0+ds/src/include/fann_io.h
Examining data/libfann-2.2.0+ds/src/include/fann_train.h
Examining data/libfann-2.2.0+ds/src/include/fixedfann.h
Examining data/libfann-2.2.0+ds/src/include/floatfann.h
Examining data/libfann-2.2.0+ds/src/include/fann_cpp.h
FINAL RESULTS:
data/libfann-2.2.0+ds/src/fann.c:858:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy->errstr,orig->errstr);
data/libfann-2.2.0+ds/src/fann_error.c:29:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/libfann-2.2.0+ds/src/fann_error.c:30:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libfann-2.2.0+ds/src/fann_error.c:30:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libfann-2.2.0+ds/src/fann_error.c:122:3: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
vsprintf(errstr, "Unable to open configuration file \"%s\" for reading.\n", ap);
data/libfann-2.2.0+ds/src/fann_error.c:125:3: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
vsprintf(errstr, "Unable to open configuration file \"%s\" for writing.\n", ap);
data/libfann-2.2.0+ds/src/fann_error.c:128:3: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
vsprintf(errstr,
data/libfann-2.2.0+ds/src/fann_error.c:133:3: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
vsprintf(errstr, "Error reading \"%s\" from configuration file \"%s\".\n", ap);
data/libfann-2.2.0+ds/src/fann_error.c:136:3: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
vsprintf(errstr, "Error reading neuron info from configuration file \"%s\".\n", ap);
data/libfann-2.2.0+ds/src/fann_error.c:139:3: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
vsprintf(errstr, "Error reading connections from configuration file \"%s\".\n", ap);
data/libfann-2.2.0+ds/src/fann_error.c:145:3: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
vsprintf(errstr, "Unable to open train data file \"%s\" for writing.\n", ap);
data/libfann-2.2.0+ds/src/fann_error.c:148:3: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
vsprintf(errstr, "Unable to open train data file \"%s\" for writing.\n", ap);
data/libfann-2.2.0+ds/src/fann_error.c:151:3: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
vsprintf(errstr, "Error reading info from train data file \"%s\", line: %d.\n", ap);
data/libfann-2.2.0+ds/src/fann_io.c:104:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(conf, FANN_FIX_VERSION "\n");
data/libfann-2.2.0+ds/src/fann_io.c:109:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(conf, FANN_FLO_VERSION "\n");
data/libfann-2.2.0+ds/src/fann_io.c:113:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(conf, FANN_FIX_VERSION "\n");
data/libfann-2.2.0+ds/src/fann_io.c:234:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(conf, FANNPRINTF" ", ann->cascade_activation_steepnesses[i]);
data/libfann-2.2.0+ds/src/fann_io.c:249:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( conf, #what "_" #where "=" ); \
data/libfann-2.2.0+ds/src/fann_io.c:346:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if(fscanf(conf, name"="type"\n", val) != 1) \
data/libfann-2.2.0+ds/src/fann_io.c:356:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if(fscanf(conf, name) != 0) \
data/libfann-2.2.0+ds/src/fann_io.c:515:6: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if(fscanf(conf, FANNSCANF" ", &ann->cascade_activation_steepnesses[i]) != 1)
data/libfann-2.2.0+ds/src/fann_train_data.c:726:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(file, FANNPRINTF " ", data->input[i][j]);
data/libfann-2.2.0+ds/src/fann_train_data.c:751:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(file, FANNPRINTF " ", data->output[i][j]);
data/libfann-2.2.0+ds/src/fann_train_data.c:876:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if(fscanf(file, FANNSCANF " ", &data->input[i][j]) != 1)
data/libfann-2.2.0+ds/src/fann_train_data.c:887:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if(fscanf(file, FANNSCANF " ", &data->output[i][j]) != 1)
data/libfann-2.2.0+ds/src/fann.c:1797:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(foo);
data/libfann-2.2.0+ds/src/fann.c:1800:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(GetTickCount());
data/libfann-2.2.0+ds/src/fann.c:894:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->cascade_activation_functions,orig->cascade_activation_functions,
data/libfann-2.2.0+ds/src/fann.c:906:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->cascade_activation_steepnesses,orig->cascade_activation_steepnesses,copy->cascade_activation_steepnesses_count * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann.c:925:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->cascade_candidate_scores,orig->cascade_candidate_scores,fann_get_cascade_num_candidates(copy) * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann.c:942:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->sigmoid_results,orig->sigmoid_results,6*sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann.c:943:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->sigmoid_values,orig->sigmoid_values,6*sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann.c:944:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->sigmoid_symmetric_results,orig->sigmoid_symmetric_results,6*sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann.c:945:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->sigmoid_symmetric_values,orig->sigmoid_symmetric_values,6*sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann.c:990:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->output,orig->output, layer_size * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann.c:996:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy_neuron_it,orig_neuron_it,sizeof(struct fann_neuron));
data/libfann-2.2.0+ds/src/fann.c:1025:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->train_slopes,orig->train_slopes,copy->total_connections_allocated * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann.c:1037:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->prev_steps, orig->prev_steps, copy->total_connections_allocated * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann.c:1049:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->prev_train_slopes,orig->prev_train_slopes, copy->total_connections_allocated * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann.c:1061:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->prev_weights_deltas, orig->prev_weights_deltas,copy->total_connections_allocated * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann.c:1773:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/dev/urandom", "r");
data/libfann-2.2.0+ds/src/fann_error.c:142:3: [2] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
vsprintf(errstr, "ERROR connections_so_far=%d, total_connections=%d\n", ap);
data/libfann-2.2.0+ds/src/fann_error.c:154:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errstr, "Unable to allocate memory.\n");
data/libfann-2.2.0+ds/src/fann_error.c:157:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errstr, "Unable to train with the selected activation function.\n");
data/libfann-2.2.0+ds/src/fann_error.c:160:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errstr, "Unable to use the selected activation function.\n");
data/libfann-2.2.0+ds/src/fann_error.c:163:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errstr, "Training data must be of equivalent structure.\n");
data/libfann-2.2.0+ds/src/fann_error.c:166:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errstr, "Unable to use the selected training algorithm.\n");
data/libfann-2.2.0+ds/src/fann_error.c:169:3: [2] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
vsprintf(errstr, "Subset from %d of length %d not valid in training set of length %d.\n", ap);
data/libfann-2.2.0+ds/src/fann_error.c:172:3: [2] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
vsprintf(errstr, "Index %d is out of bound.\n", ap);
data/libfann-2.2.0+ds/src/fann_error.c:175:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errstr, "Scaling parameters not present.\n");
data/libfann-2.2.0+ds/src/fann_error.c:178:6: [2] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
vsprintf(errstr, "The number of input neurons in the ann (%d) and data (%d) don't match\n", ap);
data/libfann-2.2.0+ds/src/fann_error.c:181:7: [2] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
vsprintf(errstr, "The number of output neurons in the ann (%d) and data (%d) don't match\n", ap);
data/libfann-2.2.0+ds/src/fann_io.c:34:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *conf = fopen(configuration_file, "r");
data/libfann-2.2.0+ds/src/fann_io.c:66:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *conf = fopen(configuration_file, "w+");
data/libfann-2.2.0+ds/src/fann_train_data.c:34:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(configuration_file, "r");
data/libfann-2.2.0+ds/src/fann_train_data.c:488:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_input, data1->input[0], dest->num_input * data1->num_data * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann_train_data.c:489:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_input + (dest->num_input*data1->num_data),
data/libfann-2.2.0+ds/src/fann_train_data.c:499:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_output, data1->output[0], dest->num_output * data1->num_data * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann_train_data.c:500:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_output + (dest->num_output*data1->num_data),
data/libfann-2.2.0+ds/src/fann_train_data.c:559:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_input, data->input[0], dest->num_input * dest->num_data * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann_train_data.c:568:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_output, data->output[0], dest->num_output * dest->num_data * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann_train_data.c:630:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_input, data->input[pos], dest->num_input * dest->num_data * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann_train_data.c:639:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_output, data->output[pos], dest->num_output * dest->num_data * sizeof(fann_type));
data/libfann-2.2.0+ds/src/fann_train_data.c:673:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(filename, "w");
data/libfann-2.2.0+ds/src/fann_io.c:383:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read_version = (char *) calloc(strlen(FANN_CONF_VERSION "\n"), 1);
data/libfann-2.2.0+ds/src/fann_io.c:390:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fread(read_version, 1, strlen(FANN_CONF_VERSION "\n"), conf) == 1)
data/libfann-2.2.0+ds/src/fann_io.c:397:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(read_version, FANN_CONF_VERSION "\n", strlen(FANN_CONF_VERSION "\n")) != 0)
data/libfann-2.2.0+ds/src/fann_io.c:400:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(read_version, "FANN_FIX_1.1\n", strlen("FANN_FIX_1.1\n")) == 0)
data/libfann-2.2.0+ds/src/fann_io.c:403:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(read_version, "FANN_FLO_1.1\n", strlen("FANN_FLO_1.1\n")) == 0)
data/libfann-2.2.0+ds/src/fann_io.c:412:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(read_version, "FANN_FLO_2.0\n", strlen("FANN_FLO_2.0\n")) != 0 &&
data/libfann-2.2.0+ds/src/fann_io.c:413:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(read_version, "FANN_FLO_2.1\n", strlen("FANN_FLO_2.1\n")) != 0)
data/libfann-2.2.0+ds/src/fann_io.c:415:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(read_version, "FANN_FIX_2.0\n", strlen("FANN_FIX_2.0\n")) != 0 &&
data/libfann-2.2.0+ds/src/fann_io.c:416:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(read_version, "FANN_FIX_2.1\n", strlen("FANN_FIX_2.1\n")) != 0)
ANALYSIS SUMMARY:
Hits = 73
Lines analyzed = 15116 in approximately 0.44 seconds (34623 lines/second)
Physical Source Lines of Code (SLOC) = 7472
Hits@level = [0] 232 [1] 9 [2] 37 [3] 2 [4] 25 [5] 0
Hits@level+ = [0+] 305 [1+] 73 [2+] 64 [3+] 27 [4+] 25 [5+] 0
Hits/KSLOC@level+ = [0+] 40.8191 [1+] 9.76981 [2+] 8.56531 [3+] 3.61349 [4+] 3.34582 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.