Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vlfeat-0.9.21+dfsg0/src/aib.c
Examining data/vlfeat-0.9.21+dfsg0/src/check.h
Examining data/vlfeat-0.9.21+dfsg0/src/generic-driver.h
Examining data/vlfeat-0.9.21+dfsg0/src/test_gauss_elimination.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_gmm.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_heap-def.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_host.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_imopv.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_kmeans.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_liop.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_mathop.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_mathop_abs.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_nan.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_qsort-def.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_rand.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_sqrti.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_stringop.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_svd2.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_threads.c
Examining data/vlfeat-0.9.21+dfsg0/src/test_vec_comp.c
Examining data/vlfeat-0.9.21+dfsg0/src/mser.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/aib/vl_aib.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/aib/vl_aibhist.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/fisher/vl_fisher.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/geometry/vl_irodr.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/geometry/vl_rodr.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/gmm/vl_gmm.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/imop/vl_imdisttf.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/imop/vl_imintegral.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/imop/vl_imsmooth.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/imop/vl_imwbackwardmx.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/imop/vl_tpsumx.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_hikmeans.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_hikmeanspush.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_ikmeans.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_ikmeanspush.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_kmeans.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/kdtree.h
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/svms_common.h
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_alldist.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_alldist2.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_binsearch.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_binsum.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_cummax.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_getpid.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_hog.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_homkermap.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_ihashfind.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_ihashsum.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_inthist.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_kdtreebuild.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_kdtreequery.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_lbp.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_localmax.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_sampleinthist.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_simdctrl.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_svmtrain.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_threads.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_twister.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_version.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/mser/vl_erfill.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/mser/vl_mser.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/quickshift/vl_quickshift.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/slic/vl_slic.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/vlad/vl_vlad.c
Examining data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h
Examining data/vlfeat-0.9.21+dfsg0/vl/aib.c
Examining data/vlfeat-0.9.21+dfsg0/vl/aib.h
Examining data/vlfeat-0.9.21+dfsg0/vl/array.c
Examining data/vlfeat-0.9.21+dfsg0/vl/array.h
Examining data/vlfeat-0.9.21+dfsg0/vl/covdet.c
Examining data/vlfeat-0.9.21+dfsg0/vl/covdet.h
Examining data/vlfeat-0.9.21+dfsg0/vl/fisher.c
Examining data/vlfeat-0.9.21+dfsg0/vl/fisher.h
Examining data/vlfeat-0.9.21+dfsg0/vl/generic.h
Examining data/vlfeat-0.9.21+dfsg0/vl/gmm.c
Examining data/vlfeat-0.9.21+dfsg0/vl/gmm.h
Examining data/vlfeat-0.9.21+dfsg0/vl/heap-def.h
Examining data/vlfeat-0.9.21+dfsg0/vl/hikmeans.c
Examining data/vlfeat-0.9.21+dfsg0/vl/hikmeans.h
Examining data/vlfeat-0.9.21+dfsg0/vl/hog.c
Examining data/vlfeat-0.9.21+dfsg0/vl/hog.h
Examining data/vlfeat-0.9.21+dfsg0/vl/homkermap.c
Examining data/vlfeat-0.9.21+dfsg0/vl/homkermap.h
Examining data/vlfeat-0.9.21+dfsg0/vl/host.c
Examining data/vlfeat-0.9.21+dfsg0/vl/ikmeans.c
Examining data/vlfeat-0.9.21+dfsg0/vl/ikmeans.h
Examining data/vlfeat-0.9.21+dfsg0/vl/imopv.c
Examining data/vlfeat-0.9.21+dfsg0/vl/imopv.h
Examining data/vlfeat-0.9.21+dfsg0/vl/imopv_sse2.c
Examining data/vlfeat-0.9.21+dfsg0/vl/imopv_sse2.h
Examining data/vlfeat-0.9.21+dfsg0/vl/kdtree.c
Examining data/vlfeat-0.9.21+dfsg0/vl/kdtree.h
Examining data/vlfeat-0.9.21+dfsg0/vl/kmeans.h
Examining data/vlfeat-0.9.21+dfsg0/vl/lbp.c
Examining data/vlfeat-0.9.21+dfsg0/vl/lbp.h
Examining data/vlfeat-0.9.21+dfsg0/vl/liop.c
Examining data/vlfeat-0.9.21+dfsg0/vl/liop.h
Examining data/vlfeat-0.9.21+dfsg0/vl/mathop.c
Examining data/vlfeat-0.9.21+dfsg0/vl/mathop.h
Examining data/vlfeat-0.9.21+dfsg0/vl/mathop_avx.c
Examining data/vlfeat-0.9.21+dfsg0/vl/mathop_avx.h
Examining data/vlfeat-0.9.21+dfsg0/vl/mathop_sse2.c
Examining data/vlfeat-0.9.21+dfsg0/vl/mathop_sse2.h
Examining data/vlfeat-0.9.21+dfsg0/vl/mser.c
Examining data/vlfeat-0.9.21+dfsg0/vl/mser.h
Examining data/vlfeat-0.9.21+dfsg0/vl/pgm.c
Examining data/vlfeat-0.9.21+dfsg0/vl/pgm.h
Examining data/vlfeat-0.9.21+dfsg0/vl/qsort-def.h
Examining data/vlfeat-0.9.21+dfsg0/vl/quickshift.c
Examining data/vlfeat-0.9.21+dfsg0/vl/quickshift.h
Examining data/vlfeat-0.9.21+dfsg0/vl/random.c
Examining data/vlfeat-0.9.21+dfsg0/vl/random.h
Examining data/vlfeat-0.9.21+dfsg0/vl/rodrigues.c
Examining data/vlfeat-0.9.21+dfsg0/vl/rodrigues.h
Examining data/vlfeat-0.9.21+dfsg0/vl/scalespace.c
Examining data/vlfeat-0.9.21+dfsg0/vl/scalespace.h
Examining data/vlfeat-0.9.21+dfsg0/vl/shuffle-def.h
Examining data/vlfeat-0.9.21+dfsg0/vl/slic.c
Examining data/vlfeat-0.9.21+dfsg0/vl/slic.h
Examining data/vlfeat-0.9.21+dfsg0/vl/stringop.c
Examining data/vlfeat-0.9.21+dfsg0/vl/stringop.h
Examining data/vlfeat-0.9.21+dfsg0/vl/svm.c
Examining data/vlfeat-0.9.21+dfsg0/vl/svm.h
Examining data/vlfeat-0.9.21+dfsg0/vl/svmdataset.c
Examining data/vlfeat-0.9.21+dfsg0/vl/svmdataset.h
Examining data/vlfeat-0.9.21+dfsg0/vl/vlad.c
Examining data/vlfeat-0.9.21+dfsg0/vl/vlad.h
Examining data/vlfeat-0.9.21+dfsg0/vl/generic.c
Examining data/vlfeat-0.9.21+dfsg0/vl/host.h
Examining data/vlfeat-0.9.21+dfsg0/vl/kmeans.c
FINAL RESULTS:
data/vlfeat-0.9.21+dfsg0/src/check.h:23:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args) ;
data/vlfeat-0.9.21+dfsg0/src/mser.c:113:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(err_msg, sizeof(err_msg), msg, arg) ; \
data/vlfeat-0.9.21+dfsg0/src/mser.c:119:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(err_msg, sizeof(err_msg), msg) ; \
data/vlfeat-0.9.21+dfsg0/src/mser.c:150:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (help_message, argv [0]) ;
data/vlfeat-0.9.21+dfsg0/src/mser.c:316:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(err_msg, sizeof(err_msg), \
data/vlfeat-0.9.21+dfsg0/src/mser.c:320:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(err_msg, sizeof(err_msg), \
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:28:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:28:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:29:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:219:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(formattedErrorId, \
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:221:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(formattedErrorMessage, \
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:230:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(formattedErrorId, \
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:233:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(formattedErrorMessage, \
data/vlfeat-0.9.21+dfsg0/vl/generic.c:1244:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(state->lastErrorMessage, errorMessage, args) ;
data/vlfeat-0.9.21+dfsg0/vl/generic.c:1246:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(state->lastErrorMessage,
data/vlfeat-0.9.21+dfsg0/vl/generic.c:1605:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
state->printf_func = printf ;
data/vlfeat-0.9.21+dfsg0/vl/host.c:547:1: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(compilerString, 1024,
data/vlfeat-0.9.21+dfsg0/vl/host.h:316:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/vlfeat-0.9.21+dfsg0/vl/host.h:316:22: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/vlfeat-0.9.21+dfsg0/vl/host.h:337:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/vlfeat-0.9.21+dfsg0/vl/host.h:337:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/vlfeat-0.9.21+dfsg0/src/mser.c:127:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int ch = getopt_long(argc, argv, opts, longopts, 0) ;
data/vlfeat-0.9.21+dfsg0/vl/generic.c:964:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection (&vl_get_state()->mutex) ;
data/vlfeat-0.9.21+dfsg0/vl/generic.c:1589:3: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection (&state->mutex) ;
data/vlfeat-0.9.21+dfsg0/src/generic-driver.h:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern [1024] ; /**< File name pattern */
data/vlfeat-0.9.21+dfsg0/src/generic-driver.h:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [1024] ; /**< Current file name */
data/vlfeat-0.9.21+dfsg0/src/generic-driver.h:131:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
self->file = fopen (self->name, mode) ;
data/vlfeat-0.9.21+dfsg0/src/mser.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg [1024] ;
data/vlfeat-0.9.21+dfsg0/src/mser.c:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename [1024] ;
data/vlfeat-0.9.21+dfsg0/src/mser.c:326:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen (name, "rb") ;
data/vlfeat-0.9.21+dfsg0/src/test_gmm.c:239:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofp = fopen(dataFileData, mode);
data/vlfeat-0.9.21+dfsg0/src/test_gmm.c:254:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofp = fopen(dataFileResults, mode);
data/vlfeat-0.9.21+dfsg0/src/test_stringop.c:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [buf_len] ;
data/vlfeat-0.9.21+dfsg0/src/test_stringop.c:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sml [sml_len] ;
data/vlfeat-0.9.21+dfsg0/toolbox/aib/vl_aib.c:275:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parents, aparents, sizeof(vl_uint32)*(2*nvalues-1));
data/vlfeat-0.9.21+dfsg0/toolbox/aib/vl_aib.c:277:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cost, acost, sizeof(double)*nvalues);
data/vlfeat-0.9.21+dfsg0/toolbox/aib/vl_aibhist.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [buflen] ;
data/vlfeat-0.9.21+dfsg0/toolbox/aib/vl_aibhist.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/gmm/vl_gmm.c:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/gmm/vl_gmm.c:343:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mxGetData(OUT(MEANS)),
data/vlfeat-0.9.21+dfsg0/toolbox/gmm/vl_gmm.c:347:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mxGetData(OUT(COVARIANCES)),
data/vlfeat-0.9.21+dfsg0/toolbox/gmm/vl_gmm.c:351:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mxGetData(OUT(PRIORS)),
data/vlfeat-0.9.21+dfsg0/toolbox/gmm/vl_gmm.c:362:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mxGetData(OUT(POSTERIORS)),
data/vlfeat-0.9.21+dfsg0/toolbox/imop/vl_imsmooth.c:207:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [buflen] ;
data/vlfeat-0.9.21+dfsg0/toolbox/imop/vl_imsmooth.c:241:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [buflen] ;
data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_hikmeans.c:56:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mxGetPr(mcenters), centers, sizeof(*centers) * M * node_K) ;
data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_hikmeans.c:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_hikmeanspush.c:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_ikmeans.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_ikmeans.c:151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mxGetData(OUT(C)),
data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_ikmeanspush.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_kmeans.c:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/kmeans/vl_kmeans.c:313:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mxGetData(OUT(CENTERS)),
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formattedErrorId [512] ; \
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formattedErrorMessage [1024] ; \
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:604:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mxGetData(array), vl_array_get_data(x), typeSize * numElements) ;
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:770:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/mexutils.h:836:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/misc/svms_common.h:108:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempBuffer,svm->model,svm->dimension * sizeof(double)) ;
data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_homkermap.c:138:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_kdtreebuild.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_svmtrain.c:176:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_svmtrain.c:193:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_svmtrain.c:462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_svmtrain.c:621:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mxGetPr(out[OUT_MODEL]),
data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_svmtrain.c:634:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mxGetPr(out[OUT_SCORES]),
data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_twister.c:125:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff [buff_size] ;
data/vlfeat-0.9.21+dfsg0/toolbox/misc/vl_version.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [1024] ;
data/vlfeat-0.9.21+dfsg0/toolbox/mser/vl_erfill.c:117:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80] ;
data/vlfeat-0.9.21+dfsg0/toolbox/quickshift/vl_quickshift.c:150:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dists, vl_quickshift_get_dists(q), sizeof(double)*N1*N2);
data/vlfeat-0.9.21+dfsg0/toolbox/quickshift/vl_quickshift.c:151:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(density, vl_quickshift_get_density(q), sizeof(double)*N1*N2);
data/vlfeat-0.9.21+dfsg0/vl/array.c:57:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->dimensions, dimensions, sizeof(vl_size) * numDimensions) ;
data/vlfeat-0.9.21+dfsg0/vl/array.c:82:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->dimensions, dimensions, sizeof(vl_size) * numDimensions) ;
data/vlfeat-0.9.21+dfsg0/vl/covdet.c:1601:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [200] ;
data/vlfeat-0.9.21+dfsg0/vl/covdet.c:1817:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, (width - 2)*sizeof(float));
data/vlfeat-0.9.21+dfsg0/vl/covdet.c:1836:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, (width - 2)*sizeof(float));
data/vlfeat-0.9.21+dfsg0/vl/covdet.c:2345:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->patch + yi * patchWidth,
data/vlfeat-0.9.21+dfsg0/vl/covdet.c:2350:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->patch + yi * patchWidth,
data/vlfeat-0.9.21+dfsg0/vl/covdet.c:2360:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [200] ;
data/vlfeat-0.9.21+dfsg0/vl/covdet.c:2414:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [200] ;
data/vlfeat-0.9.21+dfsg0/vl/covdet.c:2609:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(A,Ap,4*sizeof(double)) ;
data/vlfeat-0.9.21+dfsg0/vl/generic.c:802:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastErrorMessage [VL_ERR_MSG_LEN] ;
data/vlfeat-0.9.21+dfsg0/vl/gmm.c:658:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->sigmaLowBound, bounds, sizeof(double) * self->dimension) ;
data/vlfeat-0.9.21+dfsg0/vl/gmm.c:1058:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldMeans, means, sizeof(TYPE) * self->dimension * numClusters) ;
data/vlfeat-0.9.21+dfsg0/vl/gmm.c:1441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->means, vl_kmeans_get_centers(kmeans), sizeof(TYPE) * self->dimension * self->numClusters) ;
data/vlfeat-0.9.21+dfsg0/vl/gmm.c:1491:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gmm->means, self->means, size*self->numClusters*self->dimension);
data/vlfeat-0.9.21+dfsg0/vl/gmm.c:1492:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gmm->covariances, self->covariances, size*self->numClusters*self->dimension);
data/vlfeat-0.9.21+dfsg0/vl/gmm.c:1493:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gmm->priors, self->priors, size*self->numClusters);
data/vlfeat-0.9.21+dfsg0/vl/gmm.c:1677:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->means,means,
data/vlfeat-0.9.21+dfsg0/vl/gmm.c:1688:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->covariances,covariances,
data/vlfeat-0.9.21+dfsg0/vl/gmm.c:1699:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->priors,priors,
data/vlfeat-0.9.21+dfsg0/vl/hikmeans.c:78:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data + count * M,
data/vlfeat-0.9.21+dfsg0/vl/host.c:527:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compilerString [1024] ;
data/vlfeat-0.9.21+dfsg0/vl/host.h:562:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string [0x20] ;
data/vlfeat-0.9.21+dfsg0/vl/kmeans.c:457:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (self->centers, kmeans->centers, dataSize) ;
data/vlfeat-0.9.21+dfsg0/vl/kmeans.c:463:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (self->centerDistances, kmeans->centerDistances, dataSize) ;
data/vlfeat-0.9.21+dfsg0/vl/kmeans.c:519:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((TYPE*)self->centers, centers,
data/vlfeat-0.9.21+dfsg0/vl/kmeans.c:574:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((TYPE*)self->centers + dimension * k,
data/vlfeat-0.9.21+dfsg0/vl/kmeans.c:622:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((TYPE*)self->centers + c * dimension,
data/vlfeat-0.9.21+dfsg0/vl/pgm.c:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic [2] ;
data/vlfeat-0.9.21+dfsg0/vl/pgm.c:355:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, data, 2 * data_size) ;
data/vlfeat-0.9.21+dfsg0/vl/pgm.c:397:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (name, "rb") ;
data/vlfeat-0.9.21+dfsg0/vl/pgm.c:484:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (name, "wb") ;
data/vlfeat-0.9.21+dfsg0/vl/scalespace.c:510:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(destination, source, sizeof(float) * width * height) ;
data/vlfeat-0.9.21+dfsg0/vl/scalespace.c:613:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->octaves[o - self->geom.firstOctave],
data/vlfeat-0.9.21+dfsg0/vl/slic.c:381:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
x = open % width ;
data/vlfeat-0.9.21+dfsg0/vl/slic.c:382:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
y = open / width ;
data/vlfeat-0.9.21+dfsg0/vl/slic.c:407:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(segmentation, cleaned, numPixels * sizeof(vl_uint32)) ;
data/vlfeat-0.9.21+dfsg0/vl/svm.c:1393:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->model, model, sizeof(double) * vl_svm_get_dimension(self)) ;
data/vlfeat-0.9.21+dfsg0/src/test_stringop.c:37:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
check (q == strlen(t3), "vl_string_copy") ;
data/vlfeat-0.9.21+dfsg0/src/test_stringop.c:43:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
check (q == strlen(t1), "vl_string_copy") ;
data/vlfeat-0.9.21+dfsg0/src/test_stringop.c:53:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
check (strlen(subst) == q, "vl_string_replace_wildcard") ;
data/vlfeat-0.9.21+dfsg0/src/test_stringop.c:61:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
check (strlen(subst) == q, "vl_string_replace_wildcard") ;
data/vlfeat-0.9.21+dfsg0/src/test_stringop.c:68:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
check (strlen(subst) == q, "vl_string_replace_wildcard") ;
data/vlfeat-0.9.21+dfsg0/vl/pgm.c:58:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f) ;
data/vlfeat-0.9.21+dfsg0/vl/pgm.c:87:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f) ;
data/vlfeat-0.9.21+dfsg0/vl/pgm.c:225:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f) ;
data/vlfeat-0.9.21+dfsg0/vl/stringop.c:178:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen (source) ;
ANALYSIS SUMMARY:
Hits = 118
Lines analyzed = 43739 in approximately 1.23 seconds (35418 lines/second)
Physical Source Lines of Code (SLOC) = 23202
Hits@level = [0] 155 [1] 9 [2] 85 [3] 3 [4] 21 [5] 0
Hits@level+ = [0+] 273 [1+] 118 [2+] 109 [3+] 24 [4+] 21 [5+] 0
Hits/KSLOC@level+ = [0+] 11.7662 [1+] 5.08577 [2+] 4.69787 [3+] 1.03439 [4+] 0.905094 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.