Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mptp-0.2.4/src/aic.c
Examining data/mptp-0.2.4/src/arch.c
Examining data/mptp-0.2.4/src/auto.c
Examining data/mptp-0.2.4/src/dp.c
Examining data/mptp-0.2.4/src/fasta.c
Examining data/mptp-0.2.4/src/hash.c
Examining data/mptp-0.2.4/src/likelihood.c
Examining data/mptp-0.2.4/src/list.c
Examining data/mptp-0.2.4/src/maps.c
Examining data/mptp-0.2.4/src/mptp.c
Examining data/mptp-0.2.4/src/mptp.h
Examining data/mptp-0.2.4/src/multirun.c
Examining data/mptp-0.2.4/src/output.c
Examining data/mptp-0.2.4/src/random.c
Examining data/mptp-0.2.4/src/rtree.c
Examining data/mptp-0.2.4/src/svg.c
Examining data/mptp-0.2.4/src/svg_landscape.c
Examining data/mptp-0.2.4/src/util.c
Examining data/mptp-0.2.4/src/utree.c
FINAL RESULTS:
data/mptp-0.2.4/src/mptp.c:574:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmdline, argv[i]);
data/mptp-0.2.4/src/util.c:39:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, argptr);
data/mptp-0.2.4/src/util.c:134:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(p,s);
data/mptp-0.2.4/src/arch.c:129:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(GetTickCount());
data/mptp-0.2.4/src/arch.c:137:7: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/mptp-0.2.4/src/arch.c:143:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/mptp-0.2.4/src/arch.c:145:7: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/mptp-0.2.4/src/arch.c:155:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random();
data/mptp-0.2.4/src/arch.c:131:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/urandom", O_RDONLY);
data/mptp-0.2.4/src/fasta.c:45:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd->fp = fopen(filename, "r");
data/mptp-0.2.4/src/fasta.c:176:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*head, fd->line + 1, (size_t)headerlen);
data/mptp-0.2.4/src/mptp.c:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char progheader[80];
data/mptp-0.2.4/src/mptp.c:29:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[200] = {0};
data/mptp-0.2.4/src/mptp.c:217:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_svg_width = atoi(optarg);
data/mptp-0.2.4/src/mptp.c:221:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_svg_fontsize = atol(optarg);
data/mptp-0.2.4/src/mptp.c:225:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_svg_tipspace = atol(optarg);
data/mptp-0.2.4/src/mptp.c:237:30: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_svg_marginleft = atol(optarg);
data/mptp-0.2.4/src/mptp.c:241:31: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_svg_marginright = atol(optarg);
data/mptp-0.2.4/src/mptp.c:245:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_svg_margintop = atol(optarg);
data/mptp-0.2.4/src/mptp.c:249:32: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_svg_marginbottom = atol(optarg);
data/mptp-0.2.4/src/mptp.c:253:32: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_svg_inner_radius = atol(optarg);
data/mptp-0.2.4/src/mptp.c:257:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_precision = atoi(optarg);
data/mptp-0.2.4/src/mptp.c:261:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_mcmc_sample = atol(optarg);
data/mptp-0.2.4/src/mptp.c:269:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_seed = atol(optarg);
data/mptp-0.2.4/src/mptp.c:277:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_mcmc_burnin = atol(optarg);
data/mptp-0.2.4/src/mptp.c:285:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_mcmc_runs = atol(optarg);
data/mptp-0.2.4/src/mptp.c:303:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_mcmc_steps = atol(optarg);
data/mptp-0.2.4/src/mptp.h:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LINEALLOC];
data/mptp-0.2.4/src/mptp.h:291:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char errmsg[200];
data/mptp-0.2.4/src/rtree.c:416:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone,node,sizeof(rtree_t));
data/mptp-0.2.4/src/svg_landscape.c:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[LINEALLOC];
data/mptp-0.2.4/src/util.c:154:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * out = fopen(filename, mode);
data/mptp-0.2.4/src/arch.c:134:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, & seed, sizeof(seed)) < 0)
data/mptp-0.2.4/src/mptp.c:567:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(argv[i]);
data/mptp-0.2.4/src/mptp.c:575:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmdline, " ");
data/mptp-0.2.4/src/rtree.c:441:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(tipstring); ++i)
data/mptp-0.2.4/src/svg.c:304:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(node_list[i]->label ? strlen(node_list[i]->label) : 0);
data/mptp-0.2.4/src/util.c:127:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (char *)s + strlen(s);
data/mptp-0.2.4/src/util.c:132:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/mptp-0.2.4/src/util.c:140:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p,s,len);
data/mptp-0.2.4/src/utree.c:474:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(tipstring); ++i)
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 6573 in approximately 0.19 seconds (34847 lines/second)
Physical Source Lines of Code (SLOC) = 4465
Hits@level = [0] 153 [1] 9 [2] 24 [3] 5 [4] 3 [5] 0
Hits@level+ = [0+] 194 [1+] 41 [2+] 32 [3+] 8 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 43.449 [1+] 9.18253 [2+] 7.16685 [3+] 1.79171 [4+] 0.671892 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.