Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/quicktree-2.5/include/align.h
Examining data/quicktree-2.5/include/aln2dist.h
Examining data/quicktree-2.5/include/aln2tree.h
Examining data/quicktree-2.5/include/buildtree.h
Examining data/quicktree-2.5/include/cluster.h
Examining data/quicktree-2.5/include/dist2tree.h
Examining data/quicktree-2.5/include/distancemat.h
Examining data/quicktree-2.5/include/options.h
Examining data/quicktree-2.5/include/sequence.h
Examining data/quicktree-2.5/include/tree.h
Examining data/quicktree-2.5/include/util.h
Examining data/quicktree-2.5/include/version.h
Examining data/quicktree-2.5/src/align.c
Examining data/quicktree-2.5/src/aln2dist.c
Examining data/quicktree-2.5/src/aln2tree.c
Examining data/quicktree-2.5/src/buildtree.c
Examining data/quicktree-2.5/src/cluster.c
Examining data/quicktree-2.5/src/dist2tree.c
Examining data/quicktree-2.5/src/distancemat.c
Examining data/quicktree-2.5/src/options.c
Examining data/quicktree-2.5/src/quicktree.c
Examining data/quicktree-2.5/src/sequence.c
Examining data/quicktree-2.5/src/tree.c
Examining data/quicktree-2.5/src/util.c
FINAL RESULTS:
data/quicktree-2.5/src/align.c:111:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(aln->seqs[aln->numseqs]->name, tempname);
data/quicktree-2.5/src/align.c:285:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( aln->seqs[thisseq]->name, name_ptr );
data/quicktree-2.5/src/distancemat.c:424:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( (*aln_loc)->seqs[i]->name, identifier );
data/quicktree-2.5/src/sequence.c:42:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dest->name, source->name );
data/quicktree-2.5/src/util.c:135:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf( stderr, fmt, args);
data/quicktree-2.5/src/util.c:158:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf( stderr, fmt, args );
data/quicktree-2.5/src/align.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempname[MAX_NAME_LENGTH];
data/quicktree-2.5/src/aln2dist.c:116:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen( fname, "r" )) == NULL)
data/quicktree-2.5/src/aln2tree.c:141:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (strcmp(optname, "-boot") == 0) calc_bootstraps = atoi( optarg );
data/quicktree-2.5/src/aln2tree.c:154:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen( fname, "r" )) == NULL)
data/quicktree-2.5/src/dist2tree.c:83:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((matrixfile = fopen( argv[1], "r" )) == NULL)
data/quicktree-2.5/src/distancemat.c:385:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identifier[MAX_PHYLIP_NAME_LEN + 1];
data/quicktree-2.5/src/quicktree.c:172:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (strcmp(optname, "-boot") == 0) calc_bootstraps = atoi( optarg );
data/quicktree-2.5/src/quicktree.c:217:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input = fopen( fname, "r" )) == NULL)
data/quicktree-2.5/src/align.c:87:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (( c = fgetc(stream)) != EOF) {
data/quicktree-2.5/src/align.c:103:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stream);
data/quicktree-2.5/src/align.c:106:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( isspace(c = fgetc(stream)) );
data/quicktree-2.5/src/align.c:127:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stream);
data/quicktree-2.5/src/align.c:284:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aln->seqs[thisseq]->name = (char *) malloc_util( (strlen( name_ptr ) + 1) * sizeof(char));
data/quicktree-2.5/src/align.c:288:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( last_idx = strlen(seq_ptr) - 1; strchr(whitespace, seq_ptr[last_idx]) != NULL; last_idx--);
data/quicktree-2.5/src/align.c:297:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( last_idx = strlen(seq_ptr) - 1; strchr(whitespace, seq_ptr[last_idx]) != NULL; last_idx--);
data/quicktree-2.5/src/distancemat.c:410:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(c = fgetc(handle)) {
data/quicktree-2.5/src/distancemat.c:423:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*aln_loc)->seqs[i]->name = (char *) malloc_util( (strlen(identifier) + 1) * sizeof(char));
data/quicktree-2.5/src/distancemat.c:432:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(handle);
data/quicktree-2.5/src/options.c:67:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arglen = strlen(argv[optindex]);
data/quicktree-2.5/src/options.c:75:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (matches > 1 && arglen != strlen(opt[opti].name))
data/quicktree-2.5/src/sequence.c:41:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dest->name = (char *) malloc_util( (strlen(source->name)+1) * sizeof(char));
data/quicktree-2.5/src/tree.c:403:9: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (! fscanf( handle, "%1s", &c))
data/quicktree-2.5/src/tree.c:417:11: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (! fscanf( handle, "%1s", &c) || c != ',')
data/quicktree-2.5/src/tree.c:427:11: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (! fscanf( handle, "%1s", &c) || c != ')')
data/quicktree-2.5/src/tree.c:429:11: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (! fscanf( handle, "%1s", &c) || c != ':')
data/quicktree-2.5/src/tree.c:441:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for( index=0; (newseq->name[index] = fgetc( handle )) != ':'; index++);
data/quicktree-2.5/src/tree.c:484:9: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (! fscanf( handle, "%1s", &c ) || c != ',')
data/quicktree-2.5/src/tree.c:492:9: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (! fscanf( handle, "%1s", &c ) || c != ',')
data/quicktree-2.5/src/tree.c:500:9: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (! fscanf( handle, "%1s", &c) || c != ')')
data/quicktree-2.5/src/tree.c:502:9: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (! fscanf( handle, "%1s", &c) || c != ';')
ANALYSIS SUMMARY:
Hits = 36
Lines analyzed = 5439 in approximately 0.21 seconds (26244 lines/second)
Physical Source Lines of Code (SLOC) = 2114
Hits@level = [0] 57 [1] 22 [2] 8 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 93 [1+] 36 [2+] 14 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 43.9924 [1+] 17.0293 [2+] 6.62252 [3+] 2.83822 [4+] 2.83822 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.