Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.H
Examining data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_io.C
Examining data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C
Examining data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_io.H
Examining data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_2_bmp.C
Examining data/phipack-0.0.20160614/src/queue.c
Examining data/phipack-0.0.20160614/src/stats.h
Examining data/phipack-0.0.20160614/src/maxChi.h
Examining data/phipack-0.0.20160614/src/normal.h
Examining data/phipack-0.0.20160614/src/misc.h
Examining data/phipack-0.0.20160614/src/normal.c
Examining data/phipack-0.0.20160614/src/seqManip.h
Examining data/phipack-0.0.20160614/src/global.h
Examining data/phipack-0.0.20160614/src/options.h
Examining data/phipack-0.0.20160614/src/profile_options.h
Examining data/phipack-0.0.20160614/src/graphCode.c
Examining data/phipack-0.0.20160614/src/maxChi.c
Examining data/phipack-0.0.20160614/src/phylip.h
Examining data/phipack-0.0.20160614/src/fasta.h
Examining data/phipack-0.0.20160614/src/queue.h
Examining data/phipack-0.0.20160614/src/pairScore.h
Examining data/phipack-0.0.20160614/src/pairScore.c
Examining data/phipack-0.0.20160614/src/graphCode.h
Examining data/phipack-0.0.20160614/src/mem.h
Examining data/phipack-0.0.20160614/src/stats.c
Examining data/phipack-0.0.20160614/src/fasta.c
Examining data/phipack-0.0.20160614/src/global.c
Examining data/phipack-0.0.20160614/src/main.c
Examining data/phipack-0.0.20160614/src/mem.c
Examining data/phipack-0.0.20160614/src/misc.c
Examining data/phipack-0.0.20160614/src/phylip.c
Examining data/phipack-0.0.20160614/src/profile.c
Examining data/phipack-0.0.20160614/src/seqManip.c
FINAL RESULTS:
data/phipack-0.0.20160614/src/fasta.c:187:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"Could not open file %s",file_name);
data/phipack-0.0.20160614/src/fasta.c:260:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"Number of sites read does not match number of sites expected for seq %s",(*taxa_names)[i]);
data/phipack-0.0.20160614/src/mem.c:90:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"Could not open file %s",name);
data/phipack-0.0.20160614/src/phylip.c:221:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"Could not open file %s",file_name);
data/phipack-0.0.20160614/src/phylip.c:290:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"Number of sites read does not match number of sites expected for seq %s",(*taxa_names)[cur_seq]);
data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_2_bmp.C:84:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( file_in_name, argv[1] );
data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_2_bmp.C:106:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( file_out_name, argv[2] );
data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_io.C:462:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
count = sscanf ( next, "%s%n", word, &width );
data/phipack-0.0.20160614/src/main.c:324:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/phipack-0.0.20160614/src/profile.c:300:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/phipack-0.0.20160614/src/fasta.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[250];
data/phipack-0.0.20160614/src/fasta.c:131:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"Illegal state encountered: %c\n",ch);
data/phipack-0.0.20160614/src/fasta.c:171:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[250];
data/phipack-0.0.20160614/src/fasta.c:184:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_file=fopen(file_name,"r");
data/phipack-0.0.20160614/src/graphCode.c:262:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file=fopen("profile.ppm","w");
data/phipack-0.0.20160614/src/graphCode.c:454:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file=fopen("matrix.ppm","w");
data/phipack-0.0.20160614/src/main.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAX_SIZE+1];
data/phipack-0.0.20160614/src/main.c:205:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt->ntrials=atoi(temp);
data/phipack-0.0.20160614/src/main.c:227:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt->breakWindow=atoi(temp);
data/phipack-0.0.20160614/src/mem.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_SIZE+1];
data/phipack-0.0.20160614/src/mem.c:86:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(name,mod);
data/phipack-0.0.20160614/src/mem.c:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_SIZE+1];
data/phipack-0.0.20160614/src/mem.c:106:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"Could not close file hanlde ");
data/phipack-0.0.20160614/src/options.h:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqFile[MAX_SIZE+1];
data/phipack-0.0.20160614/src/phylip.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[250];
data/phipack-0.0.20160614/src/phylip.c:154:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"Illegal state encountered: %c\n",ch);
data/phipack-0.0.20160614/src/phylip.c:177:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"Seems like too many bases in seq %d.\nMake sure file is in Phylip file format.\nTry also using the strict and relaxed options (-s and -r)",(index+1));
data/phipack-0.0.20160614/src/phylip.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[250];
data/phipack-0.0.20160614/src/phylip.c:218:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_file=fopen(file_name,"r");
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:1538:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open ( file_in_name, ios::in | ios::binary );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:1752:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open ( file_in_name, ios::in | ios::binary );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:2053:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out.open ( file_out_name, ios::out | ios::binary );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:2304:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out.open ( file_out_name, ios::out | ios::binary );
data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_2_bmp.C:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_in_name[80];
data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_2_bmp.C:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_out_name[80];
data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_2_bmp.C:361:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char time_buffer[TIME_SIZE];
data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_io.C:287:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open ( file_in_name );
data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_io.C:433:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255];
data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_io.C:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[255];
data/phipack-0.0.20160614/src/ppma_2_bmp/ppma_io.C:654:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out.open ( file_out_name );
data/phipack-0.0.20160614/src/profile.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAX_SIZE+1];
data/phipack-0.0.20160614/src/profile.c:194:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt->breakWindow=atoi(temp);
data/phipack-0.0.20160614/src/profile.c:201:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt->stepSize=atoi(temp);
data/phipack-0.0.20160614/src/profile_options.h:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqFile[MAX_SIZE+1];
data/phipack-0.0.20160614/src/seqManip.c:194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_SIZE+1];
data/phipack-0.0.20160614/src/seqManip.c:203:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"Error %c (%d) is not a valid state for this type of sequence\n",ch+CHAR_START,(int)ch+CHAR_START);
data/phipack-0.0.20160614/src/seqManip.c:259:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[250];
data/phipack-0.0.20160614/src/seqManip.c:303:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"Invalid state %c\n",(char_A+CHAR_START));
data/phipack-0.0.20160614/src/fasta.c:41:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/fasta.c:45:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/fasta.c:51:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/fasta.c:103:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/fasta.c:145:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/misc.c:51:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/misc.c:53:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/misc.c:66:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/misc.c:68:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/misc.c:81:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/misc.c:83:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/misc.c:95:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/misc.c:97:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/phylip.c:36:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/phylip.c:59:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/phylip.c:65:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
next_ch=fgetc(in_file);
data/phipack-0.0.20160614/src/phylip.c:135:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/phylip.c:168:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(in_file);
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:154:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:176:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:365:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:381:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:397:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:419:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:1324:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:1339:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:1354:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:1369:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:2771:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:2778:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:2787:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
data/phipack-0.0.20160614/src/ppma_2_bmp/bmp_io.C:2794:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_in.read ( &c, 1 );
ANALYSIS SUMMARY:
Hits = 80
Lines analyzed = 8803 in approximately 0.20 seconds (43492 lines/second)
Physical Source Lines of Code (SLOC) = 4742
Hits@level = [0] 217 [1] 32 [2] 38 [3] 2 [4] 8 [5] 0
Hits@level+ = [0+] 297 [1+] 80 [2+] 48 [3+] 10 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 62.6318 [1+] 16.8705 [2+] 10.1223 [3+] 2.10881 [4+] 1.68705 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.