Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-spatstat-1.64-1/src/idw.c
Examining data/r-cran-spatstat-1.64-1/src/linvknndist.c
Examining data/r-cran-spatstat-1.64-1/src/periodic.c
Examining data/r-cran-spatstat-1.64-1/src/nndist.h
Examining data/r-cran-spatstat-1.64-1/src/ripleypoly.h
Examining data/r-cran-spatstat-1.64-1/src/Ediggatsti.c
Examining data/r-cran-spatstat-1.64-1/src/heatapprox.c
Examining data/r-cran-spatstat-1.64-1/src/constants.h
Examining data/r-cran-spatstat-1.64-1/src/discs.c
Examining data/r-cran-spatstat-1.64-1/src/uniquemap.c
Examining data/r-cran-spatstat-1.64-1/src/maxnnd.h
Examining data/r-cran-spatstat-1.64-1/src/rthin.c
Examining data/r-cran-spatstat-1.64-1/src/linknnd.h
Examining data/r-cran-spatstat-1.64-1/src/dist2dpath.c
Examining data/r-cran-spatstat-1.64-1/src/fardist.c
Examining data/r-cran-spatstat-1.64-1/src/knngrid.c
Examining data/r-cran-spatstat-1.64-1/src/geom3.h
Examining data/r-cran-spatstat-1.64-1/src/dist2dpath.h
Examining data/r-cran-spatstat-1.64-1/src/sphevol.c
Examining data/r-cran-spatstat-1.64-1/src/xyseg.c
Examining data/r-cran-spatstat-1.64-1/src/lookup.c
Examining data/r-cran-spatstat-1.64-1/src/linSpairdist.h
Examining data/r-cran-spatstat-1.64-1/src/Kborder.h
Examining data/r-cran-spatstat-1.64-1/src/KrectFunDec.h
Examining data/r-cran-spatstat-1.64-1/src/metricPdist.h
Examining data/r-cran-spatstat-1.64-1/src/KrectIncrem.h
Examining data/r-cran-spatstat-1.64-1/src/linknnd.c
Examining data/r-cran-spatstat-1.64-1/src/getcif.c
Examining data/r-cran-spatstat-1.64-1/src/knndistance.c
Examining data/r-cran-spatstat-1.64-1/src/discarea.c
Examining data/r-cran-spatstat-1.64-1/src/loccumx.h
Examining data/r-cran-spatstat-1.64-1/src/Efiksel.c
Examining data/r-cran-spatstat-1.64-1/src/exactPdist.c
Examining data/r-cran-spatstat-1.64-1/src/mhv1.h
Examining data/r-cran-spatstat-1.64-1/src/closepair.c
Examining data/r-cran-spatstat-1.64-1/src/linvdist.c
Examining data/r-cran-spatstat-1.64-1/src/sumsymouter.h
Examining data/r-cran-spatstat-1.64-1/src/whist.c
Examining data/r-cran-spatstat-1.64-1/src/nngrid.h
Examining data/r-cran-spatstat-1.64-1/src/mhsnoopdef.h
Examining data/r-cran-spatstat-1.64-1/src/crossloop.h
Examining data/r-cran-spatstat-1.64-1/src/call3d.c
Examining data/r-cran-spatstat-1.64-1/src/knnXdist.h
Examining data/r-cran-spatstat-1.64-1/src/sparselinalg.c
Examining data/r-cran-spatstat-1.64-1/src/KrectV3.h
Examining data/r-cran-spatstat-1.64-1/src/linnncross.c
Examining data/r-cran-spatstat-1.64-1/src/Knone.h
Examining data/r-cran-spatstat-1.64-1/src/auctionbf.c
Examining data/r-cran-spatstat-1.64-1/src/corrections.c
Examining data/r-cran-spatstat-1.64-1/src/nnMDdist.c
Examining data/r-cran-spatstat-1.64-1/src/PerfectStraussHard.h
Examining data/r-cran-spatstat-1.64-1/src/loccums.h
Examining data/r-cran-spatstat-1.64-1/src/init.c
Examining data/r-cran-spatstat-1.64-1/src/KrectV4.h
Examining data/r-cran-spatstat-1.64-1/src/lintileindex.c
Examining data/r-cran-spatstat-1.64-1/src/sphefrac.c
Examining data/r-cran-spatstat-1.64-1/src/lennard.c
Examining data/r-cran-spatstat-1.64-1/src/linnncross.h
Examining data/r-cran-spatstat-1.64-1/src/fardist.h
Examining data/r-cran-spatstat-1.64-1/src/dist2.h
Examining data/r-cran-spatstat-1.64-1/src/multihard.c
Examining data/r-cran-spatstat-1.64-1/src/areadiff.c
Examining data/r-cran-spatstat-1.64-1/src/metricPdist.c
Examining data/r-cran-spatstat-1.64-1/src/quasirandom.c
Examining data/r-cran-spatstat-1.64-1/src/closefuns.h
Examining data/r-cran-spatstat-1.64-1/src/nearestpix.c
Examining data/r-cran-spatstat-1.64-1/src/localpcf.c
Examining data/r-cran-spatstat-1.64-1/src/linearradius.c
Examining data/r-cran-spatstat-1.64-1/src/areapair.c
Examining data/r-cran-spatstat-1.64-1/src/g3.c
Examining data/r-cran-spatstat-1.64-1/src/sftcr.c
Examining data/r-cran-spatstat-1.64-1/src/veegraf.c
Examining data/r-cran-spatstat-1.64-1/src/mhsnoop.c
Examining data/r-cran-spatstat-1.64-1/src/PerfectHardcore.h
Examining data/r-cran-spatstat-1.64-1/src/Knone.c
Examining data/r-cran-spatstat-1.64-1/src/segdens.c
Examining data/r-cran-spatstat-1.64-1/src/f3.c
Examining data/r-cran-spatstat-1.64-1/src/diggra.c
Examining data/r-cran-spatstat-1.64-1/src/uniquemap.h
Examining data/r-cran-spatstat-1.64-1/src/loccum.c
Examining data/r-cran-spatstat-1.64-1/src/nn3Ddist.c
Examining data/r-cran-spatstat-1.64-1/src/geyer.c
Examining data/r-cran-spatstat-1.64-1/src/straushm.c
Examining data/r-cran-spatstat-1.64-1/src/pairloop.h
Examining data/r-cran-spatstat-1.64-1/src/proto.h
Examining data/r-cran-spatstat-1.64-1/src/distmapbin.c
Examining data/r-cran-spatstat-1.64-1/src/yesno.h
Examining data/r-cran-spatstat-1.64-1/src/KrectV2.h
Examining data/r-cran-spatstat-1.64-1/src/Perfect.cc
Examining data/r-cran-spatstat-1.64-1/src/KrectV1.h
Examining data/r-cran-spatstat-1.64-1/src/nn3Ddist.h
Examining data/r-cran-spatstat-1.64-1/src/PerfectDGS.h
Examining data/r-cran-spatstat-1.64-1/src/badgey.c
Examining data/r-cran-spatstat-1.64-1/src/hasclose.c
Examining data/r-cran-spatstat-1.64-1/src/dwpure.c
Examining data/r-cran-spatstat-1.64-1/src/PerfectPenttinen.h
Examining data/r-cran-spatstat-1.64-1/src/pcf3.c
Examining data/r-cran-spatstat-1.64-1/src/minnnd.h
Examining data/r-cran-spatstat-1.64-1/src/looptest.h
Examining data/r-cran-spatstat-1.64-1/src/poly2im.c
Examining data/r-cran-spatstat-1.64-1/src/lineardisc.c
Examining data/r-cran-spatstat-1.64-1/src/straussm.c
Examining data/r-cran-spatstat-1.64-1/src/linequad.c
Examining data/r-cran-spatstat-1.64-1/src/knn3Ddist.h
Examining data/r-cran-spatstat-1.64-1/src/fiksel.c
Examining data/r-cran-spatstat-1.64-1/src/mhv5.h
Examining data/r-cran-spatstat-1.64-1/src/methas.c
Examining data/r-cran-spatstat-1.64-1/src/exactdist.c
Examining data/r-cran-spatstat-1.64-1/src/localpcf.h
Examining data/r-cran-spatstat-1.64-1/src/KrectBody.h
Examining data/r-cran-spatstat-1.64-1/src/scan.c
Examining data/r-cran-spatstat-1.64-1/src/straush.c
Examining data/r-cran-spatstat-1.64-1/src/chunkloop.h
Examining data/r-cran-spatstat-1.64-1/src/methas.h
Examining data/r-cran-spatstat-1.64-1/src/knn3DdistX.h
Examining data/r-cran-spatstat-1.64-1/src/triplets.c
Examining data/r-cran-spatstat-1.64-1/src/distan3.c
Examining data/r-cran-spatstat-1.64-1/src/dgs.c
Examining data/r-cran-spatstat-1.64-1/src/mhloop.h
Examining data/r-cran-spatstat-1.64-1/src/knngrid.h
Examining data/r-cran-spatstat-1.64-1/src/hardcore.c
Examining data/r-cran-spatstat-1.64-1/src/nngrid.c
Examining data/r-cran-spatstat-1.64-1/src/PerfectStrauss.h
Examining data/r-cran-spatstat-1.64-1/src/distances.c
Examining data/r-cran-spatstat-1.64-1/src/linnndist.c
Examining data/r-cran-spatstat-1.64-1/src/seg2pix.h
Examining data/r-cran-spatstat-1.64-1/src/densptcross.c
Examining data/r-cran-spatstat-1.64-1/src/k3.c
Examining data/r-cran-spatstat-1.64-1/src/trigraf.c
Examining data/r-cran-spatstat-1.64-1/src/minnnd.c
Examining data/r-cran-spatstat-1.64-1/src/Krect.c
Examining data/r-cran-spatstat-1.64-1/src/linpairdist.c
Examining data/r-cran-spatstat-1.64-1/src/linSnncross.c
Examining data/r-cran-spatstat-1.64-1/src/connect.c
Examining data/r-cran-spatstat-1.64-1/src/linScrossdist.c
Examining data/r-cran-spatstat-1.64-1/src/mhsnoop.h
Examining data/r-cran-spatstat-1.64-1/src/mhv4.h
Examining data/r-cran-spatstat-1.64-1/src/dinfty.c
Examining data/r-cran-spatstat-1.64-1/src/denspt.c
Examining data/r-cran-spatstat-1.64-1/src/penttinen.c
Examining data/r-cran-spatstat-1.64-1/src/Estrauss.c
Examining data/r-cran-spatstat-1.64-1/src/Egeyer.c
Examining data/r-cran-spatstat-1.64-1/src/linSpairdist.c
Examining data/r-cran-spatstat-1.64-1/src/linvdist.h
Examining data/r-cran-spatstat-1.64-1/src/fexitc.c
Examining data/r-cran-spatstat-1.64-1/src/rasterfilter.c
Examining data/r-cran-spatstat-1.64-1/src/linequad.h
Examining data/r-cran-spatstat-1.64-1/src/dist2.c
Examining data/r-cran-spatstat-1.64-1/src/raster.h
Examining data/r-cran-spatstat-1.64-1/src/nn3DdistX.h
Examining data/r-cran-spatstat-1.64-1/src/lincrossdist.c
Examining data/r-cran-spatstat-1.64-1/src/digber.c
Examining data/r-cran-spatstat-1.64-1/src/lixel.c
Examining data/r-cran-spatstat-1.64-1/src/linalg.c
Examining data/r-cran-spatstat-1.64-1/src/hotrod.c
Examining data/r-cran-spatstat-1.64-1/src/Kborder.c
Examining data/r-cran-spatstat-1.64-1/src/Ediggra.c
Examining data/r-cran-spatstat-1.64-1/src/spasumsymout.h
Examining data/r-cran-spatstat-1.64-1/src/areaint.c
Examining data/r-cran-spatstat-1.64-1/src/functable.h
Examining data/r-cran-spatstat-1.64-1/src/nndistX.h
Examining data/r-cran-spatstat-1.64-1/src/tabnum.c
Examining data/r-cran-spatstat-1.64-1/src/mhv3.h
Examining data/r-cran-spatstat-1.64-1/src/seg2pix.c
Examining data/r-cran-spatstat-1.64-1/src/mhv2.h
Examining data/r-cran-spatstat-1.64-1/src/strauss.c
Examining data/r-cran-spatstat-1.64-1/src/PerfectDiggleGratton.h
Examining data/r-cran-spatstat-1.64-1/src/linSnncross.h
Examining data/r-cran-spatstat-1.64-1/src/knndist.h
Examining data/r-cran-spatstat-1.64-1/src/nndistance.c
Examining data/r-cran-spatstat-1.64-1/src/bdrymask.c
Examining data/r-cran-spatstat-1.64-1/src/hasclose.h
Examining data/r-cran-spatstat-1.64-1/src/close3pair.c
FINAL RESULTS:
data/r-cran-spatstat-1.64-1/src/Perfect.cc:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char InLower[2];
data/r-cran-spatstat-1.64-1/src/Perfect.cc:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DirX[10], DirY[10];
data/r-cran-spatstat-1.64-1/src/fexitc.c:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/r-cran-spatstat-1.64-1/src/fexitc.c:7:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nc = strlen(msg);
data/r-cran-spatstat-1.64-1/src/fexitc.c:13:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, msg, nc);
ANALYSIS SUMMARY:
Hits = 5
Lines analyzed = 32104 in approximately 0.82 seconds (38935 lines/second)
Physical Source Lines of Code (SLOC) = 22255
Hits@level = [0] 0 [1] 2 [2] 3 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 5 [1+] 5 [2+] 3 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.224669 [1+] 0.224669 [2+] 0.134801 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.