Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/nnpack-0.0~git20200414.57616b9/bench/conv1x1.cc Examining data/nnpack-0.0~git20200414.57616b9/bench/convolution-inference.cc Examining data/nnpack-0.0~git20200414.57616b9/bench/convolution.c Examining data/nnpack-0.0~git20200414.57616b9/bench/fully-connected.c Examining data/nnpack-0.0~git20200414.57616b9/bench/gemm.c Examining data/nnpack-0.0~git20200414.57616b9/bench/hxgemm.cc Examining data/nnpack-0.0~git20200414.57616b9/bench/median.c Examining data/nnpack-0.0~git20200414.57616b9/bench/memread.c Examining data/nnpack-0.0~git20200414.57616b9/bench/perf_counter.c Examining data/nnpack-0.0~git20200414.57616b9/bench/perf_counter.h Examining data/nnpack-0.0~git20200414.57616b9/bench/pooling.c Examining data/nnpack-0.0~git20200414.57616b9/bench/relu.c Examining data/nnpack-0.0~git20200414.57616b9/bench/sgemm.cc Examining data/nnpack-0.0~git20200414.57616b9/bench/sxgemm.cc Examining data/nnpack-0.0~git20200414.57616b9/bench/transform.c Examining data/nnpack-0.0~git20200414.57616b9/bench/ugemm.c Examining data/nnpack-0.0~git20200414.57616b9/bench/winograd.cc Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/AlignedAllocator.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/activations.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/arm_neon.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/assembly.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/blas.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/complex.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/fft-constants.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/fft.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/hwinfo.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/macros.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/pooling.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/reference.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/relu.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/softmax.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/system.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/transform.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/utils.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/validation.h Examining data/nnpack-0.0~git20200414.57616b9/include/nnpack/winograd.h Examining data/nnpack-0.0~git20200414.57616b9/src/convolution-inference.c Examining data/nnpack-0.0~git20200414.57616b9/src/convolution-input-gradient.c Examining data/nnpack-0.0~git20200414.57616b9/src/convolution-kernel-gradient.c Examining data/nnpack-0.0~git20200414.57616b9/src/convolution-output.c Examining data/nnpack-0.0~git20200414.57616b9/src/fully-connected-inference.c Examining data/nnpack-0.0~git20200414.57616b9/src/fully-connected-output.c Examining data/nnpack-0.0~git20200414.57616b9/src/init.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/2d-winograd-8x8-3x3-fp16.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/2d-winograd-8x8-3x3.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/blas/c4gemm-conjb-transc.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/blas/c4gemm-conjb.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/blas/c4gemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/blas/conv1x1.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/blas/h4gemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/blas/s4c2gemm-conjb-transc.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/blas/s4c2gemm-conjb.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/blas/s4c2gemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/blas/s4gemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/blas/sdotxf.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/blas/sgemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/relu.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/transpose.h Examining data/nnpack-0.0~git20200414.57616b9/src/neon/winograd-f6k3.c Examining data/nnpack-0.0~git20200414.57616b9/src/neon/winograd/f6x6k3x3.h Examining data/nnpack-0.0~git20200414.57616b9/src/pooling-output.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/2d-fourier-16x16.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/2d-fourier-8x8.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/2d-winograd-8x8-3x3.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/blas/c4gemm-conjb-transc.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/blas/c4gemm-conjb.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/blas/c4gemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/blas/conv1x1.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/blas/s4c2gemm-conjb-transc.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/blas/s4c2gemm-conjb.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/blas/s4c2gemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/blas/s4gemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/blas/sdotxf.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/blas/sgemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/blas/shdotxf.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/butterfly.h Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/exp.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/exp.h Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/fft-aos.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/fft-dualreal.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/fft-real.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/fft-soa.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/fft/aos.h Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/fft/dualreal.h Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/fft/real.h Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/fft/soa.h Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/relu.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/softmax.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/transpose.h Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/winograd-f6k3.c Examining data/nnpack-0.0~git20200414.57616b9/src/psimd/winograd/f6x6k3x3.h Examining data/nnpack-0.0~git20200414.57616b9/src/ref/convolution-input-gradient.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/convolution-kernel.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/convolution-output.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/fft/aos.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/fft/complex.h Examining data/nnpack-0.0~git20200414.57616b9/src/ref/fft/forward-dualreal.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/fft/forward-real.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/fft/inverse-dualreal.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/fft/inverse-real.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/fft/soa.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/fully-connected-output.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/max-pooling-output.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/relu-input-gradient.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/relu-output.c Examining data/nnpack-0.0~git20200414.57616b9/src/ref/softmax-output.c Examining data/nnpack-0.0~git20200414.57616b9/src/relu-input-gradient.c Examining data/nnpack-0.0~git20200414.57616b9/src/relu-output.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/2d-fourier-16x16.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/2d-fourier-8x8.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/2d-winograd-8x8-3x3.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/blas/cgemm-conjb-transc.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/blas/cgemm-conjb.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/blas/cgemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/blas/conv1x1.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/blas/s2gemm-transc.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/blas/s2gemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/blas/sdotxf.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/blas/sgemm.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/blas/shdotxf.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/butterfly.h Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/fft-aos.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/fft-dualreal.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/fft-real.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/fft-soa.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/fft/aos.h Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/fft/dualreal.h Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/fft/real.h Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/fft/soa.h Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/relu.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/softmax.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/winograd-f6k3.c Examining data/nnpack-0.0~git20200414.57616b9/src/scalar/winograd/f6x6k3x3.h Examining data/nnpack-0.0~git20200414.57616b9/src/softmax-output.c Examining data/nnpack-0.0~git20200414.57616b9/src/x86_64-fma/exp.c Examining data/nnpack-0.0~git20200414.57616b9/src/x86_64-fma/softmax.c Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-inference/alexnet.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-inference/overfeat-fast.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-inference/smoke.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-inference/vgg-a.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-input-gradient/alexnet.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-input-gradient/overfeat-fast.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-input-gradient/smoke.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-input-gradient/vgg-a.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-kernel-gradient/alexnet.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-kernel-gradient/overfeat-fast.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-kernel-gradient/smoke.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-kernel-gradient/vgg-a.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-output/alexnet.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-output/overfeat-fast.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-output/smoke.cc Examining data/nnpack-0.0~git20200414.57616b9/test/convolution-output/vgg-a.cc Examining data/nnpack-0.0~git20200414.57616b9/test/fft-samples.h Examining data/nnpack-0.0~git20200414.57616b9/test/fourier/psimd.cc Examining data/nnpack-0.0~git20200414.57616b9/test/fourier/reference.cc Examining data/nnpack-0.0~git20200414.57616b9/test/fourier/scalar.cc Examining data/nnpack-0.0~git20200414.57616b9/test/fourier/x86_64-avx2.cc Examining data/nnpack-0.0~git20200414.57616b9/test/fully-connected-inference/alexnet.cc Examining data/nnpack-0.0~git20200414.57616b9/test/fully-connected-inference/overfeat-fast.cc Examining data/nnpack-0.0~git20200414.57616b9/test/fully-connected-inference/vgg-a.cc Examining data/nnpack-0.0~git20200414.57616b9/test/fully-connected-output/alexnet.cc Examining data/nnpack-0.0~git20200414.57616b9/test/fully-connected-output/overfeat-fast.cc Examining data/nnpack-0.0~git20200414.57616b9/test/fully-connected-output/smoke.cc Examining data/nnpack-0.0~git20200414.57616b9/test/fully-connected-output/vgg-a.cc Examining data/nnpack-0.0~git20200414.57616b9/test/hxgemm/neon.cc Examining data/nnpack-0.0~git20200414.57616b9/test/max-pooling-output/overfeat-fast.cc Examining data/nnpack-0.0~git20200414.57616b9/test/max-pooling-output/smoke.cc Examining data/nnpack-0.0~git20200414.57616b9/test/max-pooling-output/vgg-a.cc Examining data/nnpack-0.0~git20200414.57616b9/test/models/alexnet.h Examining data/nnpack-0.0~git20200414.57616b9/test/models/overfeat-fast.h Examining data/nnpack-0.0~git20200414.57616b9/test/models/vgg-a.h Examining data/nnpack-0.0~git20200414.57616b9/test/relu-input-gradient/alexnet.cc Examining data/nnpack-0.0~git20200414.57616b9/test/relu-input-gradient/overfeat-fast.cc Examining data/nnpack-0.0~git20200414.57616b9/test/relu-input-gradient/vgg-a.cc Examining data/nnpack-0.0~git20200414.57616b9/test/relu-output/alexnet.cc Examining data/nnpack-0.0~git20200414.57616b9/test/relu-output/overfeat-fast.cc Examining data/nnpack-0.0~git20200414.57616b9/test/relu-output/vgg-a.cc Examining data/nnpack-0.0~git20200414.57616b9/test/sgemm/neon.cc Examining data/nnpack-0.0~git20200414.57616b9/test/sgemm/psimd.cc Examining data/nnpack-0.0~git20200414.57616b9/test/sgemm/scalar.cc Examining data/nnpack-0.0~git20200414.57616b9/test/sgemm/x86_64-fma3.cc Examining data/nnpack-0.0~git20200414.57616b9/test/softmax-output/imagenet.cc Examining data/nnpack-0.0~git20200414.57616b9/test/softmax-output/smoke.cc Examining data/nnpack-0.0~git20200414.57616b9/test/sxgemm/neon.cc Examining data/nnpack-0.0~git20200414.57616b9/test/testers/convolution.h Examining data/nnpack-0.0~git20200414.57616b9/test/testers/fourier.h Examining data/nnpack-0.0~git20200414.57616b9/test/testers/fully-connected.h Examining data/nnpack-0.0~git20200414.57616b9/test/testers/gemm-ukernel.h Examining data/nnpack-0.0~git20200414.57616b9/test/testers/padding.h Examining data/nnpack-0.0~git20200414.57616b9/test/testers/pooling.h Examining data/nnpack-0.0~git20200414.57616b9/test/testers/relu.h Examining data/nnpack-0.0~git20200414.57616b9/test/testers/softmax.h Examining data/nnpack-0.0~git20200414.57616b9/test/testers/winograd.h Examining data/nnpack-0.0~git20200414.57616b9/test/winograd/neon.cc Examining data/nnpack-0.0~git20200414.57616b9/test/winograd/psimd.cc Examining data/nnpack-0.0~git20200414.57616b9/test/winograd/scalar.cc Examining data/nnpack-0.0~git20200414.57616b9/test/winograd/x86_64-fma3.cc FINAL RESULTS: data/nnpack-0.0~git20200414.57616b9/test/testers/padding.h:77:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inputCopy, input, sizeof(input)); data/nnpack-0.0~git20200414.57616b9/test/testers/padding.h:87:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inputCopy, input, sizeof(input)); data/nnpack-0.0~git20200414.57616b9/bench/convolution.c:19:10: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. return memalign(alignment, size); data/nnpack-0.0~git20200414.57616b9/bench/fully-connected.c:267:12: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. memory = memalign(64, cache_size); data/nnpack-0.0~git20200414.57616b9/bench/perf_counter.c:46:10: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). uint8_t umask; data/nnpack-0.0~git20200414.57616b9/bench/perf_counter.c:718:40: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). (((uint32_t) model_specification[i].umask) << 8) | data/nnpack-0.0~git20200414.57616b9/bench/perf_counter.h:50:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(file_descriptor, output, sizeof(*output)) == sizeof(*output); data/nnpack-0.0~git20200414.57616b9/bench/pooling.c:288:12: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. memory = memalign(64, cache_size); data/nnpack-0.0~git20200414.57616b9/bench/relu.c:213:12: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. memory = memalign(64, cache_size); data/nnpack-0.0~git20200414.57616b9/include/nnpack/AlignedAllocator.h:66:19: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. void* memory = memalign(Alignment, n * sizeof(T)); ANALYSIS SUMMARY: Hits = 10 Lines analyzed = 45072 in approximately 1.30 seconds (34666 lines/second) Physical Source Lines of Code (SLOC) = 37733 Hits@level = [0] 291 [1] 8 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 301 [1+] 10 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 7.9771 [1+] 0.26502 [2+] 0.053004 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.