Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/populations-1.2.33+svn0120106+dfsg/CMakeFiles/CompilerIdC/CMakeCCompilerId.c
Examining data/populations-1.2.33+svn0120106+dfsg/CMakeFiles/CompilerIdCXX/CMakeCXXCompilerId.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/allele.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/allele.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/applications.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/applpop.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/applpop.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/arbre.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/arbre.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/arbreplus.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/arbreplus.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/chaineficpop.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/chaineficpop.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/config.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/couleur.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/couleur.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/distgnt.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/distgnt.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/fstat.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/fstat.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/individu.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/individu.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/internat.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/jeupop.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/jeupop.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/jeupopexp.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/jeupopexp.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/locus.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/locus.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/matrices.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/metapop.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/metapop.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/population.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/population.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/populations.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/qtpop/qtpopulations.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/strucpop.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/strucpop.h
Examining data/populations-1.2.33+svn0120106+dfsg/src/vecteurs.cpp
Examining data/populations-1.2.33+svn0120106+dfsg/src/vecteurs.h
FINAL RESULTS:
data/populations-1.2.33+svn0120106+dfsg/src/arbre.h:134:42: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
void set_reference(const string & ref) {strcpy(_reference, ref.c_str());};
data/populations-1.2.33+svn0120106+dfsg/src/arbre.h:135:39: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
void set_reference(const char * ref){strcpy(_reference, ref);};
data/populations-1.2.33+svn0120106+dfsg/src/distgnt.cpp:415:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand ((unsigned) time( NULL ) );
data/populations-1.2.33+svn0120106+dfsg/src/distgnt.cpp:496:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand ((unsigned) time( NULL ) );
data/populations-1.2.33+svn0120106+dfsg/src/allele.cpp:52:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_nbrepet = atoi(nom.c_str());
data/populations-1.2.33+svn0120106+dfsg/src/allele.cpp:62:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_nbrepet = atoi(nom);
data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:145:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_fichier.open(_nomFichier.c_str(), ios::in);
data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:167:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzfichier.open(_nomFichier.c_str(), ios::in);
data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:220:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sortie.open(nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:324:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entier = atoi(rep.c_str());
data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:347:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entier = atoi(mot.c_str());
data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:370:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_fichier.open(_nomFichier.c_str(), ios::in);
data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:416:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applications.cpp:440:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_fichier.open(nomfichier.c_str(), ios::in);
data/populations-1.2.33+svn0120106+dfsg/src/applpop.cpp:79:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_fichier.open(_nomFichier.c_str(), ios::in);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:512:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:528:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open("correspondances.txt", ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:533:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:549:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:564:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open("correspondances.txt", ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:569:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:584:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:862:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:877:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open("correspondances.txt", ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:882:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:912:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:956:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:961:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(fichier_mtx.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:985:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1227:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1258:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_fichier.open(tab_commandes[0].c_str(), ios::in);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1283:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(tab_commandes[pos + 1].c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1631:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_fichier.open("toutc2.txt", ios::in);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1767:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1783:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1819:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_fichier.open(_nomFichier.c_str(), ios::in);
data/populations-1.2.33+svn0120106+dfsg/src/applpopulations.cpp:1849:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_sortie.open(_nomFichier.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/arbre.cpp:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nomcar[50];
data/populations-1.2.33+svn0120106+dfsg/src/arbre.cpp:701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[10]; //ATTENTION à la taille de temp !!!!!
data/populations-1.2.33+svn0120106+dfsg/src/arbre.cpp:733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[15]; //ATTENTION à la taille de temp !!!!!
data/populations-1.2.33+svn0120106+dfsg/src/arbre.h:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _reference[50];
data/populations-1.2.33+svn0120106+dfsg/src/jeupopexp.cpp:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crlf[3];
data/populations-1.2.33+svn0120106+dfsg/src/jeupopexp.cpp:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crlf[3];
data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:665:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type = atoi(sousmot.c_str());
data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:678:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nl = atoi(sousmot.c_str());
data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:689:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nc = atoi(sousmot.c_str());
data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:695:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
miss = atoi(mot.c_str());
data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:794:7: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nl = atol(sousmot.c_str());
data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:805:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nc = atol(sousmot.c_str());
data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:1618:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fichier.open(fnomplus.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:1634:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fichier.open(fnomplus.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:1647:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fichier.open(fnomplus.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/matrices.cpp:1661:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fichier.open(fnomplus.c_str(), ios::out);
data/populations-1.2.33+svn0120106+dfsg/src/vecteurs.h:122:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(c_str()));
data/populations-1.2.33+svn0120106+dfsg/src/vecteurs.h:126:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(c_str()));
ANALYSIS SUMMARY:
Hits = 55
Lines analyzed = 17906 in approximately 0.44 seconds (40709 lines/second)
Physical Source Lines of Code (SLOC) = 10960
Hits@level = [0] 0 [1] 0 [2] 51 [3] 2 [4] 2 [5] 0
Hits@level+ = [0+] 55 [1+] 55 [2+] 55 [3+] 4 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 5.01825 [1+] 5.01825 [2+] 5.01825 [3+] 0.364964 [4+] 0.182482 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.