Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/waili-19990723/lib/LChannel.C
Examining data/waili-19990723/lib/Wavelet_CDF_1_x.C
Examining data/waili-19990723/lib/myLifting.C
Examining data/waili-19990723/lib/LChannelR.C
Examining data/waili-19990723/lib/Image.C
Examining data/waili-19990723/lib/Color.C
Examining data/waili-19990723/lib/Channel.C
Examining data/waili-19990723/lib/Wavelet_bin.C
Examining data/waili-19990723/lib/Storage.C
Examining data/waili-19990723/lib/Wavelet_CDF_2_x.C
Examining data/waili-19990723/lib/LChannelCR.C
Examining data/waili-19990723/lib/Wavelet_CDF_4_x.C
Examining data/waili-19990723/lib/Wavelet_JPEG2000.C
Examining data/waili-19990723/lib/Wavelet.C
Examining data/waili-19990723/lib/NTChannel.C
Examining data/waili-19990723/lib/LChannelC.C
Examining data/waili-19990723/lib/Wavelet_gain.C
Examining data/waili-19990723/lib/Timer.C
Examining data/waili-19990723/lib/Lifting.C
Examining data/waili-19990723/lib/Util.C
Examining data/waili-19990723/include/waili/Color.h
Examining data/waili-19990723/include/waili/Compiler.h
Examining data/waili-19990723/include/waili/Lifting.inline.h
Examining data/waili-19990723/include/waili/Timer.h
Examining data/waili-19990723/include/waili/Lifting.h
Examining data/waili-19990723/include/waili/Wavelet.h
Examining data/waili-19990723/include/waili/Blit.h
Examining data/waili-19990723/include/waili/Storage.h
Examining data/waili-19990723/include/waili/Wavelet_gain.h
Examining data/waili-19990723/include/waili/Channel.h
Examining data/waili-19990723/include/waili/NTChannel.h
Examining data/waili-19990723/include/waili/Util.h
Examining data/waili-19990723/include/waili/Wavelet_bin.h
Examining data/waili-19990723/include/waili/Image.h
Examining data/waili-19990723/include/waili/LChannel.h
Examining data/waili-19990723/include/waili/LChannelCR.h
Examining data/waili-19990723/include/waili/LChannelC.h
Examining data/waili-19990723/include/waili/LChannelR.h
Examining data/waili-19990723/include/waili/Types.h
Examining data/waili-19990723/include/waili/gtk.h
Examining data/waili-19990723/test/Histogram.C
Examining data/waili-19990723/test/Proof.C
Examining data/waili-19990723/test/Example.C
Examining data/waili-19990723/test/Test.C
Examining data/waili-19990723/test/Rangecheck.C
Examining data/waili-19990723/test/Demo.C
FINAL RESULTS:
data/waili-19990723/include/waili/Storage.h:94:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3)))
data/waili-19990723/include/waili/Util.h:39:35: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((noreturn, format (printf, 1, 2)))
data/waili-19990723/lib/Storage.C:75:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "zcat %s", name);
data/waili-19990723/lib/Storage.C:79:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "gzip > %s", name);
data/waili-19990723/lib/Storage.C:83:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "gzip >> %s", name);
data/waili-19990723/lib/Storage.C:87:15: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(File = popen(cmd, pmode)))
data/waili-19990723/lib/Storage.C:98:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Name, name);
data/waili-19990723/lib/Storage.C:100:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Mode, mode);
data/waili-19990723/lib/Storage.C:147:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(File, fmt, args);
data/waili-19990723/lib/Timer.C:38:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
static inline void CurrentTime(time_t &real, time_t &user, time_t &system)
data/waili-19990723/lib/Timer.C:52:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
time_t real, user, system;
data/waili-19990723/lib/Timer.C:55:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
CurrentTime(real, user, system);
data/waili-19990723/lib/Timer.C:68:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
time_t real, user, system;
data/waili-19990723/lib/Timer.C:71:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
CurrentTime(real, user, system);
data/waili-19990723/lib/Timer.C:95:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
time_t real, user, system;
data/waili-19990723/lib/Timer.C:98:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
CurrentTime(real, user, system);
data/waili-19990723/lib/Timer.C:111:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
time_t real, user, system;
data/waili-19990723/lib/Timer.C:114:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
CurrentTime(real, user, system);
data/waili-19990723/lib/Timer.C:127:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
time_t real, user, system;
data/waili-19990723/lib/Timer.C:130:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
CurrentTime(real, user, system);
data/waili-19990723/lib/Timer.C:135:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return((f32)system/CLOCKS_PER_SEC);
data/waili-19990723/lib/Timer.C:144:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
time_t real, user, system;
data/waili-19990723/lib/Timer.C:147:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
CurrentTime(real, user, system);
data/waili-19990723/lib/Util.C:44:28: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if(strlen(ERRSTR)<511) vsnprintf(ERRSTR+strlen(ERRSTR), 512-strlen(ERRSTR), fmt, args);
data/waili-19990723/test/Demo.C:320:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(File, argv[0]);
data/waili-19990723/test/Demo.C:360:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(File, argv[0]);
data/waili-19990723/test/Demo.C:413:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(File, argv[0]);
data/waili-19990723/test/Demo.C:431:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(File, argv[0]);
data/waili-19990723/test/Demo.C:455:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "if which xv >/dev/null ; then xv %s & else display %s & fi", filename,filename);
data/waili-19990723/test/Demo.C:456:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/waili-19990723/test/Demo.C:789:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "xterm -iconic -ut -T gnuplot -e gnuplot -name \"Level "
data/waili-19990723/test/Demo.C:792:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/waili-19990723/test/Histogram.C:60:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(epsfile, "%s_%02d_%02d_%1d.eps", Prefix, channel, level, subband);
data/waili-19990723/test/Histogram.C:89:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "gnuplot %s", plotscript);
data/waili-19990723/test/Histogram.C:90:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/waili-19990723/test/Demo.C:567:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
x = (double)random()/INT_MAX;
data/waili-19990723/test/Demo.C:589:6: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/waili-19990723/lib/Image.C:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/waili-19990723/lib/Storage.C:93:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(File = fopen(name, mode)))
data/waili-19990723/lib/Util.C:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ERRSTR[512];
data/waili-19990723/test/Demo.C:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CommandLine[MAX_CMD_LINE];
data/waili-19990723/test/Demo.C:61:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "/var/tmp/Demo.%05d.%05d", getpid(), cnt++);
data/waili-19990723/test/Demo.C:63:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char **list = new const char *[DeleteListLen];
data/waili-19990723/test/Demo.C:337:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int w = atoi(argv[0]);
data/waili-19990723/test/Demo.C:338:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int h = atoi(argv[1]);
data/waili-19990723/test/Demo.C:339:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int ch = atoi(argv[2]);
data/waili-19990723/test/Demo.C:449:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[512];
data/waili-19990723/test/Demo.C:466:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int np = atoi(argv[0]);
data/waili-19990723/test/Demo.C:467:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int nd = atoi(argv[1]);
data/waili-19990723/test/Demo.C:471:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int n = atoi(argv[0]);
data/waili-19990723/test/Demo.C:714:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int level = atoi(argv[0]);
data/waili-19990723/test/Demo.C:722:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int subband = atoi(argv[0]);
data/waili-19990723/test/Demo.C:732:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ch = atoi(argv[0]);
data/waili-19990723/test/Demo.C:788:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[160];
data/waili-19990723/test/Histogram.C:67:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(plotdata, "/tmp/tmp.%05d.data", getpid());
data/waili-19990723/test/Histogram.C:78:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(plotscript, "/tmp/tmp.%05d.script", getpid());
data/waili-19990723/test/Histogram.C:116:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
np = atoi(argv[1]);
data/waili-19990723/test/Histogram.C:123:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nd = atoi(argv[1]);
data/waili-19990723/test/Histogram.C:130:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxlevels = atoi(argv[1]);
data/waili-19990723/test/Proof.C:99:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
np = atoi(argv[1]);
data/waili-19990723/test/Proof.C:106:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nd = atoi(argv[1]);
data/waili-19990723/test/Proof.C:113:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
levels = atoi(argv[1]);
data/waili-19990723/test/Rangecheck.C:174:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
np = atoi(argv[1]);
data/waili-19990723/test/Rangecheck.C:181:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nd = atoi(argv[1]);
data/waili-19990723/test/Rangecheck.C:188:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numlevels = atoi(argv[1]);
data/waili-19990723/test/Rangecheck.C:195:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minval = atoi(argv[1]);
data/waili-19990723/test/Rangecheck.C:202:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxval = atoi(argv[1]);
data/waili-19990723/test/Test.C:91:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
np = atoi(argv[1]);
data/waili-19990723/test/Test.C:98:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nd = atoi(argv[1]);
data/waili-19990723/test/Test.C:105:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxlevels = atoi(argv[1]);
data/waili-19990723/include/waili/Storage.h:291:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RawWrite(s, strlen(s));
data/waili-19990723/lib/Storage.C:66:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int nlen = strlen(name);
data/waili-19990723/lib/Storage.C:99:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Mode = new char[strlen(mode)+1];
data/waili-19990723/lib/Util.C:44:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ERRSTR)<511) vsnprintf(ERRSTR+strlen(ERRSTR), 512-strlen(ERRSTR), fmt, args);
data/waili-19990723/lib/Util.C:44:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ERRSTR)<511) vsnprintf(ERRSTR+strlen(ERRSTR), 512-strlen(ERRSTR), fmt, args);
data/waili-19990723/lib/Util.C:44:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ERRSTR)<511) vsnprintf(ERRSTR+strlen(ERRSTR), 512-strlen(ERRSTR), fmt, args);
data/waili-19990723/test/Demo.C:89:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int last = strlen(CommandLine)-1;
data/waili-19990723/test/Demo.C:319:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
File = new char[strlen(argv[0])+1];
data/waili-19990723/test/Demo.C:359:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
File = new char[strlen(argv[0])+1];
data/waili-19990723/test/Demo.C:412:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
File = new char[strlen(argv[0])+1];
data/waili-19990723/test/Demo.C:430:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
File = new char[strlen(argv[0])+1];
data/waili-19990723/test/Demo.C:923:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l=strlen(line);
data/waili-19990723/test/Histogram.C:59:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *epsfile = new char[strlen(Prefix)+sizeof("_xx_xx_x.eps")];
data/waili-19990723/test/Histogram.C:88:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *command = new char[strlen(plotscript)+sizeof("gnuplot ")];
ANALYSIS SUMMARY:
Hits = 84
Lines analyzed = 13941 in approximately 0.30 seconds (45960 lines/second)
Physical Source Lines of Code (SLOC) = 10237
Hits@level = [0] 35 [1] 14 [2] 33 [3] 2 [4] 35 [5] 0
Hits@level+ = [0+] 119 [1+] 84 [2+] 70 [3+] 37 [4+] 35 [5+] 0
Hits/KSLOC@level+ = [0+] 11.6245 [1+] 8.20553 [2+] 6.83794 [3+] 3.61434 [4+] 3.41897 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.