Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/netcdf-cxx-legacy-4.2/examples/sfc_pres_temp_rd.cpp
Examining data/netcdf-cxx-legacy-4.2/examples/pres_temp_4D_rd.cpp
Examining data/netcdf-cxx-legacy-4.2/examples/simple_xy_rd.cpp
Examining data/netcdf-cxx-legacy-4.2/examples/sfc_pres_temp_wr.cpp
Examining data/netcdf-cxx-legacy-4.2/examples/simple_xy_wr.cpp
Examining data/netcdf-cxx-legacy-4.2/examples/pres_temp_4D_wr.cpp
Examining data/netcdf-cxx-legacy-4.2/cxx/netcdfcpp.h
Examining data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp
Examining data/netcdf-cxx-legacy-4.2/cxx/ncvalues.cpp
Examining data/netcdf-cxx-legacy-4.2/cxx/tst_many_writes.cpp
Examining data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp
Examining data/netcdf-cxx-legacy-4.2/cxx/tst_failure.cpp
Examining data/netcdf-cxx-legacy-4.2/cxx/ncvalues.h
FINAL RESULTS:
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:472:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_name, newname);
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:492:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_name, nam);
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:507:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_name, nam);
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:521:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_name, name);
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1410:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_name, newname);
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1437:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_name, nam);
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1456:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_name, nam);
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1487:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rname, aname);
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1503:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_name, name);
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1510:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_name, name);
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:343:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char np[NC_MAX_NAME];
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:491:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[NUM_FORMATS][NC_MAX_NAME] =
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nam[NC_MAX_NAME];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:502:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nam[NC_MAX_NAME];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nam[NC_MAX_NAME];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nam[NC_MAX_NAME];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1467:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aname[NC_MAX_NAME];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1481:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aname[NC_MAX_NAME];
data/netcdf-cxx-legacy-4.2/cxx/tst_many_writes.cpp:14:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/netcdf-cxx-legacy-4.2/cxx/tst_many_writes.cpp:26:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pf = fopen(buf, "r")))
data/netcdf-cxx-legacy-4.2/cxx/tst_many_writes.cpp:92:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charName[NC_MAX_NAME+1];
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:70:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!att->is_valid() || strncmp(att->name(), theName, strlen(theName)) ||
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:71:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att->type() != ncChar || att->num_vals() != (long)strlen(value))
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:75:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(value_in, value, strlen(value)))
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:106:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(const char* path, NcFile::FileFormat format)
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:143:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!latDim->is_valid() || strncmp(latDim->name(), LAT, strlen(LAT)) ||
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:149:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!lonDim->is_valid() || strncmp(lonDim->name(), LON, strlen(LON)) ||
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:155:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!frtimeDim->is_valid() || strncmp(frtimeDim->name(), FRTIME, strlen(FRTIME)) ||
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:161:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!timeLenDim->is_valid() || strncmp(timeLenDim->name(), TIMELEN1, strlen(TIMELEN1)) ||
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:213:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!att->is_valid() || strncmp(att->name(), VALID_RANGE, strlen(VALID_RANGE)) ||
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:224:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!att->is_valid() || strncmp(att->name(), FILL_VALUE, strlen(FILL_VALUE)) ||
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:248:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!att->is_valid() || strncmp(att->name(), SCALAR_ATT, strlen(SCALAR_ATT)) ||
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:317:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reftime->put(s, strlen(s));
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:339:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* cp = path + strlen(path);
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:344:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&np[0], cp, NC_MAX_NAME);
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:346:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* ep = np + strlen(np);
data/netcdf-cxx-legacy-4.2/cxx/nctst.cpp:502:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(file_name[i], format[i]))
data/netcdf-cxx-legacy-4.2/cxx/ncvalues.cpp:239:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, (const char*)the_values + n, (int)the_number);
data/netcdf-cxx-legacy-4.2/cxx/ncvalues.cpp:247:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, (const char*)the_values + n, (int)the_number);
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:462:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) > strlen(the_name)) {
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:462:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) > strlen(the_name)) {
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:471:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
the_name = new char[1 + strlen(newname)];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:491:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
the_name = new char[strlen(nam) + 1];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:506:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
the_name = new char[strlen(nam) + 1];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:520:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
the_name = new char[strlen(name) + 1];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1350:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(val), val) != NC_NOERR)
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1400:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) > strlen(the_name)) {
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1400:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) > strlen(the_name)) {
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1409:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
the_name = new char [1 + strlen(newname)];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1436:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
the_name = new char[1 + strlen(nam)];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1455:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
the_name = new char[1 + strlen(nam)];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1486:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* rname = new char[1 + strlen(aname)];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1502:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
the_name = new char[1 + strlen(name)];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1509:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
the_name = new char[1 + strlen(name)];
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1605:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) > strlen(the_name)) {
data/netcdf-cxx-legacy-4.2/cxx/netcdf.cpp:1605:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) > strlen(the_name)) {
data/netcdf-cxx-legacy-4.2/examples/sfc_pres_temp_rd.cpp:124:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(units, "degrees_north", strlen("degrees_north")))
data/netcdf-cxx-legacy-4.2/examples/sfc_pres_temp_rd.cpp:134:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(units, "degrees_east", strlen("degrees_east")))
data/netcdf-cxx-legacy-4.2/examples/sfc_pres_temp_rd.cpp:142:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(units, "hPa", strlen("hPa")))
data/netcdf-cxx-legacy-4.2/examples/sfc_pres_temp_rd.cpp:150:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(units, "celsius", strlen("celsius")))
ANALYSIS SUMMARY:
Hits = 60
Lines analyzed = 4149 in approximately 0.11 seconds (37118 lines/second)
Physical Source Lines of Code (SLOC) = 3133
Hits@level = [0] 2 [1] 39 [2] 11 [3] 0 [4] 10 [5] 0
Hits@level+ = [0+] 62 [1+] 60 [2+] 21 [3+] 10 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 19.7893 [1+] 19.151 [2+] 6.70284 [3+] 3.19183 [4+] 3.19183 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.