Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/octave-octproj-2.0.1/src/_op_geod2geoc.cc
Examining data/octave-octproj-2.0.1/src/geodgeoc.h
Examining data/octave-octproj-2.0.1/src/_op_transform.cc
Examining data/octave-octproj-2.0.1/src/_op_fwd.cc
Examining data/octave-octproj-2.0.1/src/geodgeoc.c
Examining data/octave-octproj-2.0.1/src/_op_inv.cc
Examining data/octave-octproj-2.0.1/src/_op_geoc2geod.cc
Examining data/octave-octproj-2.0.1/src/projwrap.h
Examining data/octave-octproj-2.0.1/src/projwrap.c
FINAL RESULTS:
data/octave-octproj-2.0.1/src/projwrap.c:59:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errorText,"Error in projection parameters\n\t%s\n\t%s",
data/octave-octproj-2.0.1/src/projwrap.c:73:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errorText,"The parameters does not correspond to a "
data/octave-octproj-2.0.1/src/projwrap.c:144:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errorText,"Error in projection parameters\n\t%s\n\t%s",
data/octave-octproj-2.0.1/src/projwrap.c:158:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errorText,"The parameters does not correspond to a "
data/octave-octproj-2.0.1/src/projwrap.c:173:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errorText,"Inverse step dooes not exists\n\t%s",params);
data/octave-octproj-2.0.1/src/projwrap.c:245:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errorText,"Error in definition parameters\n\t%s\n\t%s\n\t%s",
data/octave-octproj-2.0.1/src/projwrap.c:262:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errorText,"Error in calling "
data/octave-octproj-2.0.1/src/_op_fwd.cc:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorText[ERRORTEXT]="_op_fwd:\n\t";
data/octave-octproj-2.0.1/src/_op_fwd.cc:73:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&errorText[strlen(errorText)],
data/octave-octproj-2.0.1/src/_op_geoc2geod.cc:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorText[ERRORTEXT]="_op_geoc2geod:\n\t";
data/octave-octproj-2.0.1/src/_op_geoc2geod.cc:68:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&errorText[strlen(errorText)],
data/octave-octproj-2.0.1/src/_op_geod2geoc.cc:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorText[ERRORTEXT]="_op_geod2geoc:\n\t";
data/octave-octproj-2.0.1/src/_op_geod2geoc.cc:68:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&errorText[strlen(errorText)],
data/octave-octproj-2.0.1/src/_op_inv.cc:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorText[ERRORTEXT]="_op_inv:\n\t";
data/octave-octproj-2.0.1/src/_op_inv.cc:73:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&errorText[strlen(errorText)],
data/octave-octproj-2.0.1/src/_op_transform.cc:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorText[ERRORTEXT]="_op_transform:\n\t";
data/octave-octproj-2.0.1/src/_op_transform.cc:83:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&errorText[strlen(errorText)],
data/octave-octproj-2.0.1/src/_op_fwd.cc:73:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(&errorText[strlen(errorText)],
data/octave-octproj-2.0.1/src/_op_fwd.cc:115:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&errorText[strlen(errorText)],&projectionError);
data/octave-octproj-2.0.1/src/_op_geoc2geod.cc:68:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(&errorText[strlen(errorText)],
data/octave-octproj-2.0.1/src/_op_geod2geoc.cc:68:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(&errorText[strlen(errorText)],
data/octave-octproj-2.0.1/src/_op_inv.cc:73:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(&errorText[strlen(errorText)],
data/octave-octproj-2.0.1/src/_op_inv.cc:115:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&errorText[strlen(errorText)],&projectionError);
data/octave-octproj-2.0.1/src/_op_transform.cc:83:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(&errorText[strlen(errorText)],
data/octave-octproj-2.0.1/src/_op_transform.cc:151:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&errorText[strlen(errorText)],&projectionError);
ANALYSIS SUMMARY:
Hits = 25
Lines analyzed = 1522 in approximately 0.08 seconds (20054 lines/second)
Physical Source Lines of Code (SLOC) = 617
Hits@level = [0] 0 [1] 8 [2] 10 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 25 [1+] 25 [2+] 17 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 40.5186 [1+] 40.5186 [2+] 27.5527 [3+] 11.3452 [4+] 11.3452 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.