stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-wgcna-1.69/src/networkFunctions.c
Examining data/r-cran-wgcna-1.69/src/pivot.h
Examining data/r-cran-wgcna-1.69/src/arrayGeneric.h
Examining data/r-cran-wgcna-1.69/src/parallelQuantile.cc
Examining data/r-cran-wgcna-1.69/src/corFunctions.c
Examining data/r-cran-wgcna-1.69/src/corFunctions-utils.c
Examining data/r-cran-wgcna-1.69/src/parallelQuantile.h
Examining data/r-cran-wgcna-1.69/src/parallelQuantile_stdC.h
Examining data/r-cran-wgcna-1.69/src/array.h
Examining data/r-cran-wgcna-1.69/src/pivot.c
Examining data/r-cran-wgcna-1.69/src/corFunctions.h
Examining data/r-cran-wgcna-1.69/src/myMatrixMultiplication.h
Examining data/r-cran-wgcna-1.69/src/compiling.h
Examining data/r-cran-wgcna-1.69/src/exceptions.h
Examining data/r-cran-wgcna-1.69/src/corFunctions-utils.h
Examining data/r-cran-wgcna-1.69/src/myMatrixMultiplication.c
Examining data/r-cran-wgcna-1.69/src/pivot_declarations.h
Examining data/r-cran-wgcna-1.69/src/conditionalThreading.h
Examining data/r-cran-wgcna-1.69/src/corFunctions-typeDefs.h

FINAL RESULTS:

data/r-cran-wgcna-1.69/src/array.h:34:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          s[100];
data/r-cran-wgcna-1.69/src/array.h:36:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(s, "%d", n);
data/r-cran-wgcna-1.69/src/corFunctions-utils.c:52:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)xx, (void *)x, n * sizeof(double));
data/r-cran-wgcna-1.69/src/corFunctions-utils.c:111:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)xx, (void *)x, n * sizeof(double));
data/r-cran-wgcna-1.69/src/corFunctions-utils.c:239:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((void *)res, (void *)col, nr * sizeof(double));
data/r-cran-wgcna-1.69/src/corFunctions-utils.c:305:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)aux2, (void *)aux, nr * sizeof(double));
data/r-cran-wgcna-1.69/src/corFunctions-utils.c:308:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)aux2, (void *)aux, nr * sizeof(double));
data/r-cran-wgcna-1.69/src/corFunctions-utils.c:802:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)xx, (void *)(x + i*nr), nr * sizeof(double));
data/r-cran-wgcna-1.69/src/corFunctions-utils.c:803:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)yy, (void *)(x + j*nr), nr * sizeof(double));
data/r-cran-wgcna-1.69/src/corFunctions-utils.c:826:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy((void *) xxx, (void *) (multMat + i * nr),  nr * sizeof(double));
data/r-cran-wgcna-1.69/src/corFunctions-utils.c:833:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy((void *) yyy, (void *) (multMat + j * nr),  nr * sizeof(double));
data/r-cran-wgcna-1.69/src/corFunctions-utils.c:1086:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)xx, (void *)(x + i*nr), nr * sizeof(double));
data/r-cran-wgcna-1.69/src/corFunctions-utils.c:1087:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)yy, (void *)(y + j*nr), nr * sizeof(double));
data/r-cran-wgcna-1.69/src/corFunctions.c:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          spaces[2* *indent+1];
data/r-cran-wgcna-1.69/src/corFunctions.c:352:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          spaces[2* *indent+1];
data/r-cran-wgcna-1.69/src/corFunctions.c:630:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          spaces[2* *indent+1];
data/r-cran-wgcna-1.69/src/corFunctions.c:1074:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          spaces[2* *indent+1];
data/r-cran-wgcna-1.69/src/networkFunctions.c:60:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char	plString[MxStr];
data/r-cran-wgcna-1.69/src/networkFunctions.c:225:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		spaces[2* *indent+1];
data/r-cran-wgcna-1.69/src/networkFunctions.c:450:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		spaces[2* *indent+1];

ANALYSIS SUMMARY:

Hits = 20
Lines analyzed = 5670 in approximately 0.18 seconds (31127 lines/second)
Physical Source Lines of Code (SLOC) = 3762
Hits@level = [0]   0 [1]   0 [2]  20 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  20 [1+]  20 [2+]  20 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 5.31632 [1+] 5.31632 [2+] 5.31632 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.