Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/newmat-1.10.4/boolean.h
Examining data/newmat-1.10.4/controlw.h
Examining data/newmat-1.10.4/example.cpp
Examining data/newmat-1.10.4/garch.cpp
Examining data/newmat-1.10.4/myexcept.h
Examining data/newmat-1.10.4/newfft.cpp
Examining data/newmat-1.10.4/newmat1.cpp
Examining data/newmat-1.10.4/newmatap.h
Examining data/newmat-1.10.4/newmatio.h
Examining data/newmat-1.10.4/newmatnl.h
Examining data/newmat-1.10.4/newmatrc.h
Examining data/newmat-1.10.4/newmatrm.cpp
Examining data/newmat-1.10.4/newmatrm.h
Examining data/newmat-1.10.4/nl_ex.cpp
Examining data/newmat-1.10.4/precisio.h
Examining data/newmat-1.10.4/solution.h
Examining data/newmat-1.10.4/test_exc.cpp
Examining data/newmat-1.10.4/tmt.h
Examining data/newmat-1.10.4/tmtl.cpp
Examining data/newmat-1.10.4/newmat.h
Examining data/newmat-1.10.4/tmtm.cpp
Examining data/newmat-1.10.4/newmatnl.cpp
Examining data/newmat-1.10.4/include.h
Examining data/newmat-1.10.4/bandmat.cpp
Examining data/newmat-1.10.4/cholesky.cpp
Examining data/newmat-1.10.4/evalue.cpp
Examining data/newmat-1.10.4/fft.cpp
Examining data/newmat-1.10.4/hholder.cpp
Examining data/newmat-1.10.4/jacobi.cpp
Examining data/newmat-1.10.4/myexcept.cpp
Examining data/newmat-1.10.4/newmat2.cpp
Examining data/newmat-1.10.4/newmat3.cpp
Examining data/newmat-1.10.4/newmat4.cpp
Examining data/newmat-1.10.4/newmat5.cpp
Examining data/newmat-1.10.4/newmat6.cpp
Examining data/newmat-1.10.4/newmat7.cpp
Examining data/newmat-1.10.4/newmat8.cpp
Examining data/newmat-1.10.4/newmat9.cpp
Examining data/newmat-1.10.4/newmatex.cpp
Examining data/newmat-1.10.4/sl_ex.cpp
Examining data/newmat-1.10.4/solution.cpp
Examining data/newmat-1.10.4/sort.cpp
Examining data/newmat-1.10.4/submat.cpp
Examining data/newmat-1.10.4/svd.cpp
Examining data/newmat-1.10.4/tmt.cpp
Examining data/newmat-1.10.4/tmt1.cpp
Examining data/newmat-1.10.4/tmt2.cpp
Examining data/newmat-1.10.4/tmt3.cpp
Examining data/newmat-1.10.4/tmt4.cpp
Examining data/newmat-1.10.4/tmt5.cpp
Examining data/newmat-1.10.4/tmt6.cpp
Examining data/newmat-1.10.4/tmt7.cpp
Examining data/newmat-1.10.4/tmt8.cpp
Examining data/newmat-1.10.4/tmt9.cpp
Examining data/newmat-1.10.4/tmta.cpp
Examining data/newmat-1.10.4/tmtb.cpp
Examining data/newmat-1.10.4/tmtc.cpp
Examining data/newmat-1.10.4/tmtd.cpp
Examining data/newmat-1.10.4/tmte.cpp
Examining data/newmat-1.10.4/tmtf.cpp
Examining data/newmat-1.10.4/tmtg.cpp
Examining data/newmat-1.10.4/tmth.cpp
Examining data/newmat-1.10.4/tmti.cpp
Examining data/newmat-1.10.4/tmtj.cpp
Examining data/newmat-1.10.4/tmtk.cpp
FINAL RESULTS:
data/newmat-1.10.4/myexcept.cpp:78:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (l < r) { strcpy(what_error+SoFar, a_what); SoFar += l; }
data/newmat-1.10.4/myexcept.cpp:77:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(a_what); int r = LastOne - SoFar;
data/newmat-1.10.4/myexcept.cpp:81:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(what_error+SoFar, a_what, r);
ANALYSIS SUMMARY:
Hits = 3
Lines analyzed = 21801 in approximately 0.63 seconds (34738 lines/second)
Physical Source Lines of Code (SLOC) = 16978
Hits@level = [0] 0 [1] 2 [2] 0 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 3 [1+] 3 [2+] 1 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 0.176699 [1+] 0.176699 [2+] 0.0588998 [3+] 0.0588998 [4+] 0.0588998 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.