Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libocas-0.97+dfsg/features_single.c
Examining data/libocas-0.97+dfsg/features_bool.h
Examining data/libocas-0.97+dfsg/libqp.h
Examining data/libocas-0.97+dfsg/ocas_helper.h
Examining data/libocas-0.97+dfsg/ocas_lbp_helper.h
Examining data/libocas-0.97+dfsg/svmocas_mex.c
Examining data/libocas-0.97+dfsg/libocas.c
Examining data/libocas-0.97+dfsg/svmocas_light_mex.c
Examining data/libocas-0.97+dfsg/version.h
Examining data/libocas-0.97+dfsg/svmocas_nnw_mex.c
Examining data/libocas-0.97+dfsg/libocas.h
Examining data/libocas-0.97+dfsg/compute_auc_mex.c
Examining data/libocas-0.97+dfsg/msvmocas.c
Examining data/libocas-0.97+dfsg/features_double.h
Examining data/libocas-0.97+dfsg/features_double.c
Examining data/libocas-0.97+dfsg/liblbp.c
Examining data/libocas-0.97+dfsg/features_bool.c
Examining data/libocas-0.97+dfsg/libqp_splx.c
Examining data/libocas-0.97+dfsg/sparse_mat.h
Examining data/libocas-0.97+dfsg/lib_svmlight_format.h
Examining data/libocas-0.97+dfsg/sparse_mat.c
Examining data/libocas-0.97+dfsg/load_svmlight_file.c
Examining data/libocas-0.97+dfsg/features_single.h
Examining data/libocas-0.97+dfsg/features_int8.c
Examining data/libocas-0.97+dfsg/ocas_helper.c
Examining data/libocas-0.97+dfsg/msvmocas_mex.c
Examining data/libocas-0.97+dfsg/lib_svmlight_format.c
Examining data/libocas-0.97+dfsg/svmocas.c
Examining data/libocas-0.97+dfsg/svmocas_lbp_mex.c
Examining data/libocas-0.97+dfsg/ocas_lbp_helper.c
Examining data/libocas-0.97+dfsg/svmocas_bool_mex.c
Examining data/libocas-0.97+dfsg/features_int8.h
Examining data/libocas-0.97+dfsg/lbppyr_features_mex.c
Examining data/libocas-0.97+dfsg/linclassif_light_mex.c
Examining data/libocas-0.97+dfsg/liblbp.h
Examining data/libocas-0.97+dfsg/msvmocas_light_mex.c
Examining data/libocas-0.97+dfsg/linclassif.c
FINAL RESULTS:
data/libocas-0.97+dfsg/linclassif.c:216:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output_fname, argv[i+1]);
data/libocas-0.97+dfsg/linclassif.c:233:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_fname, argv[argc-2]);
data/libocas-0.97+dfsg/linclassif.c:237:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model_fname, argv[argc-1]);
data/libocas-0.97+dfsg/msvmocas.c:302:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_fname, argv[argc-2]);
data/libocas-0.97+dfsg/msvmocas.c:306:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model_fname, argv[argc-1]);
data/libocas-0.97+dfsg/sparse_mat.h:12:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mexPrintf(x...) printf(x)
data/libocas-0.97+dfsg/svmocas.c:181:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(regconst_fname, argv[i+1]);
data/libocas-0.97+dfsg/svmocas.c:372:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_fname, argv[argc-2]);
data/libocas-0.97+dfsg/svmocas.c:376:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model_fname, argv[argc-1]);
data/libocas-0.97+dfsg/lib_svmlight_format.c:24:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*label = (int32_t)atol(line);
data/libocas-0.97+dfsg/lib_svmlight_format.c:33:32: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
feat_idx[nnzf] = (uint32_t)atol(&line[beg]);
data/libocas-0.97+dfsg/lib_svmlight_format.c:76:32: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
feat_idx[nnzf] = (uint32_t)atol(&line[beg]);
data/libocas-0.97+dfsg/libocas.c:365:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( old_output, output, sizeof(double)*nData );
data/libocas-0.97+dfsg/libocas.c:791:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( old_output, output, sizeof(double)*nData );
data/libocas-0.97+dfsg/libocas.c:1231:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( old_output, output, sizeof(double)*nData );
data/libocas-0.97+dfsg/libocas.c:1757:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( old_output, output, sizeof(double)*nData*nY );
data/libocas-0.97+dfsg/linclassif.c:175:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(argv[i+1]);
data/libocas-0.97+dfsg/linclassif.c:194:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
output_type = atoi(argv[i+1]);
data/libocas-0.97+dfsg/linclassif.c:261:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(model_fname, "r");
data/libocas-0.97+dfsg/linclassif.c:449:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(input_fname, "r");
data/libocas-0.97+dfsg/linclassif.c:460:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(output_fname, "w+");
data/libocas-0.97+dfsg/linclassif_light_mex.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[200];
data/libocas-0.97+dfsg/linclassif_light_mex.c:183:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fname, "r");
data/libocas-0.97+dfsg/load_svmlight_file.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1000];
data/libocas-0.97+dfsg/load_svmlight_file.c:79:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fname, "r");
data/libocas-0.97+dfsg/load_svmlight_file.c:183:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fname, "r");
data/libocas-0.97+dfsg/msvmocas.c:165:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nData = atol(argv[i+1]);
data/libocas-0.97+dfsg/msvmocas.c:182:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
BufSize = atol(argv[i+1]);
data/libocas-0.97+dfsg/msvmocas.c:200:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Method = atoi(argv[i+1]);
data/libocas-0.97+dfsg/msvmocas.c:217:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(argv[i+1]);
data/libocas-0.97+dfsg/msvmocas.c:487:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(model_fname, "w+");
data/libocas-0.97+dfsg/ocas_helper.c:143:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldW, W, sizeof(double)*nDim );
data/libocas-0.97+dfsg/ocas_helper.c:187:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldW, W, sizeof(double)*nY*nDim );
data/libocas-0.97+dfsg/ocas_helper.c:270:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldW, W, sizeof(double)*nDim*nY );
data/libocas-0.97+dfsg/ocas_helper.c:440:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldW, W, sizeof(double)*nDim );
data/libocas-0.97+dfsg/ocas_helper.c:977:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fname, "r");
data/libocas-0.97+dfsg/ocas_helper.c:1100:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fname, "r");
data/libocas-0.97+dfsg/ocas_helper.c:1242:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fname, "r");
data/libocas-0.97+dfsg/ocas_helper.c:1361:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sorted_score,score,sizeof(double)*nData);
data/libocas-0.97+dfsg/ocas_lbp_helper.c:272:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldW, W, sizeof(double)*nDim );
data/libocas-0.97+dfsg/ocas_lbp_helper.c:389:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sorted_score,score,sizeof(double)*nData);
data/libocas-0.97+dfsg/svmocas.c:194:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number_of_threads = atoi(argv[i+1]);
data/libocas-0.97+dfsg/svmocas.c:224:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nData = atol(argv[i+1]);
data/libocas-0.97+dfsg/svmocas.c:241:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
BufSize = atol(argv[i+1]);
data/libocas-0.97+dfsg/svmocas.c:259:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Method = atoi(argv[i+1]);
data/libocas-0.97+dfsg/svmocas.c:276:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(argv[i+1]);
data/libocas-0.97+dfsg/svmocas.c:666:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(model_fname, "w+");
data/libocas-0.97+dfsg/linclassif.c:214:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[i+1]);
data/libocas-0.97+dfsg/linclassif.c:231:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[argc-2]);
data/libocas-0.97+dfsg/linclassif.c:235:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[argc-1]);
data/libocas-0.97+dfsg/msvmocas.c:300:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[argc-2]);
data/libocas-0.97+dfsg/msvmocas.c:304:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[argc-1]);
data/libocas-0.97+dfsg/svmocas.c:179:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( argv[i+1] );
data/libocas-0.97+dfsg/svmocas.c:370:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[argc-2]);
data/libocas-0.97+dfsg/svmocas.c:374:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[argc-1]);
ANALYSIS SUMMARY:
Hits = 55
Lines analyzed = 11289 in approximately 0.34 seconds (32921 lines/second)
Physical Source Lines of Code (SLOC) = 7956
Hits@level = [0] 162 [1] 8 [2] 38 [3] 0 [4] 9 [5] 0
Hits@level+ = [0+] 217 [1+] 55 [2+] 47 [3+] 9 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 27.275 [1+] 6.91302 [2+] 5.90749 [3+] 1.13122 [4+] 1.13122 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.