Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libocas-0.97+dfsg/features_single.c Examining data/libocas-0.97+dfsg/features_bool.h Examining data/libocas-0.97+dfsg/libqp.h Examining data/libocas-0.97+dfsg/ocas_helper.h Examining data/libocas-0.97+dfsg/ocas_lbp_helper.h Examining data/libocas-0.97+dfsg/svmocas_mex.c Examining data/libocas-0.97+dfsg/libocas.c Examining data/libocas-0.97+dfsg/svmocas_light_mex.c Examining data/libocas-0.97+dfsg/version.h Examining data/libocas-0.97+dfsg/svmocas_nnw_mex.c Examining data/libocas-0.97+dfsg/libocas.h Examining data/libocas-0.97+dfsg/compute_auc_mex.c Examining data/libocas-0.97+dfsg/msvmocas.c Examining data/libocas-0.97+dfsg/features_double.h Examining data/libocas-0.97+dfsg/features_double.c Examining data/libocas-0.97+dfsg/liblbp.c Examining data/libocas-0.97+dfsg/features_bool.c Examining data/libocas-0.97+dfsg/libqp_splx.c Examining data/libocas-0.97+dfsg/sparse_mat.h Examining data/libocas-0.97+dfsg/lib_svmlight_format.h Examining data/libocas-0.97+dfsg/sparse_mat.c Examining data/libocas-0.97+dfsg/load_svmlight_file.c Examining data/libocas-0.97+dfsg/features_single.h Examining data/libocas-0.97+dfsg/features_int8.c Examining data/libocas-0.97+dfsg/ocas_helper.c Examining data/libocas-0.97+dfsg/msvmocas_mex.c Examining data/libocas-0.97+dfsg/lib_svmlight_format.c Examining data/libocas-0.97+dfsg/svmocas.c Examining data/libocas-0.97+dfsg/svmocas_lbp_mex.c Examining data/libocas-0.97+dfsg/ocas_lbp_helper.c Examining data/libocas-0.97+dfsg/svmocas_bool_mex.c Examining data/libocas-0.97+dfsg/features_int8.h Examining data/libocas-0.97+dfsg/lbppyr_features_mex.c Examining data/libocas-0.97+dfsg/linclassif_light_mex.c Examining data/libocas-0.97+dfsg/liblbp.h Examining data/libocas-0.97+dfsg/msvmocas_light_mex.c Examining data/libocas-0.97+dfsg/linclassif.c FINAL RESULTS: data/libocas-0.97+dfsg/linclassif.c:216:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output_fname, argv[i+1]); data/libocas-0.97+dfsg/linclassif.c:233:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(input_fname, argv[argc-2]); data/libocas-0.97+dfsg/linclassif.c:237:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(model_fname, argv[argc-1]); data/libocas-0.97+dfsg/msvmocas.c:302:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(input_fname, argv[argc-2]); data/libocas-0.97+dfsg/msvmocas.c:306:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(model_fname, argv[argc-1]); data/libocas-0.97+dfsg/sparse_mat.h:12:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define mexPrintf(x...) printf(x) data/libocas-0.97+dfsg/svmocas.c:181:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(regconst_fname, argv[i+1]); data/libocas-0.97+dfsg/svmocas.c:372:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(input_fname, argv[argc-2]); data/libocas-0.97+dfsg/svmocas.c:376:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(model_fname, argv[argc-1]); data/libocas-0.97+dfsg/lib_svmlight_format.c:24:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *label = (int32_t)atol(line); data/libocas-0.97+dfsg/lib_svmlight_format.c:33:32: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). feat_idx[nnzf] = (uint32_t)atol(&line[beg]); data/libocas-0.97+dfsg/lib_svmlight_format.c:76:32: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). feat_idx[nnzf] = (uint32_t)atol(&line[beg]); data/libocas-0.97+dfsg/libocas.c:365:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( old_output, output, sizeof(double)*nData ); data/libocas-0.97+dfsg/libocas.c:791:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( old_output, output, sizeof(double)*nData ); data/libocas-0.97+dfsg/libocas.c:1231:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( old_output, output, sizeof(double)*nData ); data/libocas-0.97+dfsg/libocas.c:1757:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( old_output, output, sizeof(double)*nData*nY ); data/libocas-0.97+dfsg/linclassif.c:175:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). verb = atoi(argv[i+1]); data/libocas-0.97+dfsg/linclassif.c:194:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). output_type = atoi(argv[i+1]); data/libocas-0.97+dfsg/linclassif.c:261:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(model_fname, "r"); data/libocas-0.97+dfsg/linclassif.c:449:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(input_fname, "r"); data/libocas-0.97+dfsg/linclassif.c:460:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(output_fname, "w+"); data/libocas-0.97+dfsg/linclassif_light_mex.c:112:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[200]; data/libocas-0.97+dfsg/linclassif_light_mex.c:183:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(fname, "r"); data/libocas-0.97+dfsg/load_svmlight_file.c:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1000]; data/libocas-0.97+dfsg/load_svmlight_file.c:79:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(fname, "r"); data/libocas-0.97+dfsg/load_svmlight_file.c:183:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(fname, "r"); data/libocas-0.97+dfsg/msvmocas.c:165:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nData = atol(argv[i+1]); data/libocas-0.97+dfsg/msvmocas.c:182:17: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). BufSize = atol(argv[i+1]); data/libocas-0.97+dfsg/msvmocas.c:200:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Method = atoi(argv[i+1]); data/libocas-0.97+dfsg/msvmocas.c:217:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). verb = atoi(argv[i+1]); data/libocas-0.97+dfsg/msvmocas.c:487:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(model_fname, "w+"); data/libocas-0.97+dfsg/ocas_helper.c:143:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oldW, W, sizeof(double)*nDim ); data/libocas-0.97+dfsg/ocas_helper.c:187:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oldW, W, sizeof(double)*nY*nDim ); data/libocas-0.97+dfsg/ocas_helper.c:270:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oldW, W, sizeof(double)*nDim*nY ); data/libocas-0.97+dfsg/ocas_helper.c:440:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oldW, W, sizeof(double)*nDim ); data/libocas-0.97+dfsg/ocas_helper.c:977:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(fname, "r"); data/libocas-0.97+dfsg/ocas_helper.c:1100:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(fname, "r"); data/libocas-0.97+dfsg/ocas_helper.c:1242:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(fname, "r"); data/libocas-0.97+dfsg/ocas_helper.c:1361:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sorted_score,score,sizeof(double)*nData); data/libocas-0.97+dfsg/ocas_lbp_helper.c:272:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oldW, W, sizeof(double)*nDim ); data/libocas-0.97+dfsg/ocas_lbp_helper.c:389:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sorted_score,score,sizeof(double)*nData); data/libocas-0.97+dfsg/svmocas.c:194:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). number_of_threads = atoi(argv[i+1]); data/libocas-0.97+dfsg/svmocas.c:224:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nData = atol(argv[i+1]); data/libocas-0.97+dfsg/svmocas.c:241:17: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). BufSize = atol(argv[i+1]); data/libocas-0.97+dfsg/svmocas.c:259:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Method = atoi(argv[i+1]); data/libocas-0.97+dfsg/svmocas.c:276:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). verb = atoi(argv[i+1]); data/libocas-0.97+dfsg/svmocas.c:666:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(model_fname, "w+"); data/libocas-0.97+dfsg/linclassif.c:214:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[i+1]); data/libocas-0.97+dfsg/linclassif.c:231:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[argc-2]); data/libocas-0.97+dfsg/linclassif.c:235:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[argc-1]); data/libocas-0.97+dfsg/msvmocas.c:300:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[argc-2]); data/libocas-0.97+dfsg/msvmocas.c:304:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[argc-1]); data/libocas-0.97+dfsg/svmocas.c:179:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( argv[i+1] ); data/libocas-0.97+dfsg/svmocas.c:370:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[argc-2]); data/libocas-0.97+dfsg/svmocas.c:374:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[argc-1]); ANALYSIS SUMMARY: Hits = 55 Lines analyzed = 11289 in approximately 0.34 seconds (32921 lines/second) Physical Source Lines of Code (SLOC) = 7956 Hits@level = [0] 162 [1] 8 [2] 38 [3] 0 [4] 9 [5] 0 Hits@level+ = [0+] 217 [1+] 55 [2+] 47 [3+] 9 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 27.275 [1+] 6.91302 [2+] 5.90749 [3+] 1.13122 [4+] 1.13122 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.