Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/alglib-3.16.0/tests/test_i.cpp
Examining data/alglib-3.16.0/tests/test_xne.cpp
Examining data/alglib-3.16.0/tests/test_x.cpp
Examining data/alglib-3.16.0/tests/test_xpart0.cpp
Examining data/alglib-3.16.0/tests/test_c.cpp
Examining data/alglib-3.16.0/src/fasttransforms.h
Examining data/alglib-3.16.0/src/fasttransforms.cpp
Examining data/alglib-3.16.0/src/ap.cpp
Examining data/alglib-3.16.0/src/optimization.cpp
Examining data/alglib-3.16.0/src/ap.h
Examining data/alglib-3.16.0/src/linalg.cpp
Examining data/alglib-3.16.0/src/dataanalysis.h
Examining data/alglib-3.16.0/src/integration.cpp
Examining data/alglib-3.16.0/src/integration.h
Examining data/alglib-3.16.0/src/statistics.h
Examining data/alglib-3.16.0/src/dataanalysis.cpp
Examining data/alglib-3.16.0/src/diffequations.cpp
Examining data/alglib-3.16.0/src/specialfunctions.cpp
Examining data/alglib-3.16.0/src/alglibinternal.cpp
Examining data/alglib-3.16.0/src/diffequations.h
Examining data/alglib-3.16.0/src/interpolation.cpp
Examining data/alglib-3.16.0/src/interpolation.h
Examining data/alglib-3.16.0/src/alglibmisc.cpp
Examining data/alglib-3.16.0/src/alglibinternal.h
Examining data/alglib-3.16.0/src/alglibmisc.h
Examining data/alglib-3.16.0/src/optimization.h
Examining data/alglib-3.16.0/src/solvers.cpp
Examining data/alglib-3.16.0/src/specialfunctions.h
Examining data/alglib-3.16.0/src/solvers.h
Examining data/alglib-3.16.0/src/statistics.cpp
Examining data/alglib-3.16.0/src/stdafx.h
Examining data/alglib-3.16.0/src/linalg.h

FINAL RESULTS:

data/alglib-3.16.0/src/ap.cpp:2349:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(alglib_trace_tags, tags, ALGLIB_TRACE_TAGS_LEN);
data/alglib-3.16.0/src/ap.cpp:2388:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(buf, tag, ALGLIB_TRACE_TAGS_LEN);
data/alglib-3.16.0/src/ap.cpp:2416:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(alglib_trace_file, printf_fmt, args);
data/alglib-3.16.0/src/ap.cpp:4880:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(serializer->out_str, buf);
data/alglib-3.16.0/src/ap.cpp:4919:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(serializer->out_str, buf);
data/alglib-3.16.0/src/ap.cpp:4958:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(serializer->out_str, buf);
data/alglib-3.16.0/src/ap.cpp:4997:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(serializer->out_str, buf);
data/alglib-3.16.0/src/ap.cpp:6456:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    if( sprintf(mask, "%%.%d%s", dps, _dps>=0 ? "f" : "e")>=(int)sizeof(mask) )
data/alglib-3.16.0/src/ap.cpp:6460:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    if( sprintf(buf_x, mask, (double)(fabs(x)))>=(int)sizeof(buf_x) )
data/alglib-3.16.0/src/ap.cpp:6462:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    if( sprintf(buf_y, mask, (double)(fabs(y)))>=(int)sizeof(buf_y) )
data/alglib-3.16.0/src/ap.cpp:6464:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    if( sprintf(buf_zero, mask, (double)0)>=(int)sizeof(buf_zero) )
data/alglib-3.16.0/src/ap.cpp:9041:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        if( sprintf(buf, i==0 ? "%ld" : ",%ld", long(ptr[i]))>=(int)sizeof(buf) )
data/alglib-3.16.0/src/ap.cpp:9058:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    if( sprintf(mask1, "%%.%d%s", dps, _dps>=0 ? "f" : "e")>=(int)sizeof(mask1) )
data/alglib-3.16.0/src/ap.cpp:9060:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    if( sprintf(mask2, ",%s", mask1)>=(int)sizeof(mask2) )
data/alglib-3.16.0/src/ap.cpp:9067:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            if( sprintf(buf, i==0 ? mask1 : mask2, double(ptr[i]))>=(int)sizeof(buf) )
data/alglib-3.16.0/src/ap.cpp:9071:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(buf, i==0 ?  "NAN" :  ",NAN");
data/alglib-3.16.0/src/ap.cpp:9073:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(buf, i==0 ? "+INF" : ",+INF");
data/alglib-3.16.0/src/ap.cpp:9075:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(buf, i==0 ? "-INF" : ",-INF");
data/alglib-3.16.0/tests/test_x.cpp:1010:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* 1D arrays", passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:1356:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* 2D arrays", passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:1489:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* CSV support", passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:1649:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* Serialization (kd-tree)", passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:1801:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* Serialization (RBF)", passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:1832:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_str, "* Progress/termination (RBF)", "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:1841:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_str, "* Progress/termination (RBF)", "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:1872:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* Progress/termination (RBF)", passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:1877:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* Progress/termination (RBF)", "??");
data/alglib-3.16.0/tests/test_x.cpp:1999:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* Exceptions in constructors", were_exceptions ? (passed ? "OK" : "FAILED") : "..");
data/alglib-3.16.0/tests/test_x.cpp:2004:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* Exceptions in constructors", "??");
data/alglib-3.16.0/tests/test_x.cpp:2162:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_speedup, "* default speedup",     time_glob_ser/time_glob_ser);
data/alglib-3.16.0/tests/test_x.cpp:2163:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_speedup, "* serial (global)",     time_glob_ser/time_default);
data/alglib-3.16.0/tests/test_x.cpp:2164:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_speedup, "* serial (local)",      time_glob_ser/time_glob_ser_loc_ser);
data/alglib-3.16.0/tests/test_x.cpp:2165:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_speedup, "* serial (nworkers=1)", time_glob_ser/time_glob_smp_nw1);
data/alglib-3.16.0/tests/test_x.cpp:2166:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_speedup, "* parallel (global)",   time_glob_ser/time_glob_smp);
data/alglib-3.16.0/tests/test_x.cpp:2167:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_speedup, "* parallel (local) v1", time_glob_ser/time_glob_ser_loc_smp);
data/alglib-3.16.0/tests/test_x.cpp:2176:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_str, "* test result", passed ? "OK" : "FAILED (soft failure)");
data/alglib-3.16.0/tests/test_x.cpp:2186:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_str, "* test skipped (no SMP)", "??");
data/alglib-3.16.0/tests/test_x.cpp:2238:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* issue 505", issue505_passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:2302:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_str, "* issue 478", issue478_passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:2312:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_str, "* issue 478", "OK (skipped in 32-bit mode)");
data/alglib-3.16.0/tests/test_x.cpp:2384:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* issue 528", issue528_passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:2389:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* issue 528", "??");
data/alglib-3.16.0/tests/test_x.cpp:2424:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* issue 591", issue591_passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:2461:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* issue 594", issue594_passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:2498:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* issue 764", issue764_passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:2503:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* issue 764", "??");
data/alglib-3.16.0/tests/test_x.cpp:2526:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_str, "* issue 813", issue813_passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_x.cpp:2578:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(fmt_str, "* issue 824", issue824_passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_xne.cpp:59:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* default flag value", passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_xne.cpp:126:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* 1D arrays", passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_xne.cpp:189:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* 2D arrays", passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_xne.cpp:262:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* ALGLIB objects", passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_xne.cpp:287:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(fmt_str, "* ALGLIB functions", passed ? "OK" : "FAILED");
data/alglib-3.16.0/tests/test_c.cpp:128993:5:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
    EnterCriticalSection(p_lock);
data/alglib-3.16.0/tests/test_c.cpp:129129:5:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
    InitializeCriticalSection(&tests_lock);
data/alglib-3.16.0/tests/test_c.cpp:129130:5:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
    InitializeCriticalSection(&print_lock);
data/alglib-3.16.0/tests/test_c.cpp:129149:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(seed);
data/alglib-3.16.0/src/ap.cpp:154:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[sizeof(ae_int_t)+AE_LOCK_ALIGNMENT];
data/alglib-3.16.0/src/ap.cpp:252:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char      alglib_trace_tags[ALGLIB_TRACE_BUFFER_LEN];
data/alglib-3.16.0/src/ap.cpp:275:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char     _ae_bool_must_be_8_bits_wide [1-2*((int)(sizeof(ae_bool))-1)*((int)(sizeof(ae_bool))-1)];
data/alglib-3.16.0/src/ap.cpp:276:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char  _ae_int32_t_must_be_32_bits_wide[1-2*((int)(sizeof(ae_int32_t))-4)*((int)(sizeof(ae_int32_t))-4)];
data/alglib-3.16.0/src/ap.cpp:277:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char  _ae_int64_t_must_be_64_bits_wide[1-2*((int)(sizeof(ae_int64_t))-8)*((int)(sizeof(ae_int64_t))-8)];
data/alglib-3.16.0/src/ap.cpp:278:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char _ae_uint64_t_must_be_64_bits_wide[1-2*((int)(sizeof(ae_uint64_t))-8)*((int)(sizeof(ae_uint64_t))-8)];
data/alglib-3.16.0/src/ap.cpp:279:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char  _ae_int_t_must_be_pointer_sized [1-2*((int)(sizeof(ae_int_t))-(int)sizeof(void*))*((int)(sizeof(ae_int_t))-(int)(sizeof(void*)))];  
data/alglib-3.16.0/src/ap.cpp:2358:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    alglib_trace_file = fopen(filename, "ab");
data/alglib-3.16.0/src/ap.cpp:2379:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[ALGLIB_TRACE_BUFFER_LEN];
data/alglib-3.16.0/src/ap.cpp:3372:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char _sixbits2char_tbl[64] = { 
data/alglib-3.16.0/src/ap.cpp:3532:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char bytes[9];
data/alglib-3.16.0/src/ap.cpp:3590:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char bytes[9];
data/alglib-3.16.0/src/ap.cpp:3652:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char bytes[9];
data/alglib-3.16.0/src/ap.cpp:3710:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char bytes[9];
data/alglib-3.16.0/src/ap.cpp:3769:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char bytes[9];
data/alglib-3.16.0/src/ap.cpp:3843:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char bytes[9];
data/alglib-3.16.0/src/ap.cpp:4855:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[AE_SER_ENTRY_LENGTH+2+1];
data/alglib-3.16.0/src/ap.cpp:4865:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buf, "\r\n");
data/alglib-3.16.0/src/ap.cpp:4894:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[AE_SER_ENTRY_LENGTH+2+1];
data/alglib-3.16.0/src/ap.cpp:4904:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buf, "\r\n");
data/alglib-3.16.0/src/ap.cpp:4933:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[AE_SER_ENTRY_LENGTH+2+1];
data/alglib-3.16.0/src/ap.cpp:4943:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buf, "\r\n");
data/alglib-3.16.0/src/ap.cpp:4972:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[AE_SER_ENTRY_LENGTH+2+1];
data/alglib-3.16.0/src/ap.cpp:4982:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buf, "\r\n");
data/alglib-3.16.0/src/ap.cpp:5041:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[AE_SER_ENTRY_LENGTH+2+1];
data/alglib-3.16.0/src/ap.cpp:5059:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[AE_SER_ENTRY_LENGTH+2+1];
data/alglib-3.16.0/src/ap.cpp:5077:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[AE_SER_ENTRY_LENGTH+2+1];
data/alglib-3.16.0/src/ap.cpp:5095:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[AE_SER_ENTRY_LENGTH+2+1];
data/alglib-3.16.0/src/ap.cpp:5169:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[2];
data/alglib-3.16.0/src/ap.cpp:6441:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mask[32];
data/alglib-3.16.0/src/ap.cpp:6442:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf_x[32];
data/alglib-3.16.0/src/ap.cpp:6443:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf_y[32];
data/alglib-3.16.0/src/ap.cpp:6444:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf_zero[32];
data/alglib-3.16.0/src/ap.cpp:7648:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr->ptr.p_ptr, rhs.ptr->ptr.p_ptr, ptr->cnt*alglib_impl::ae_sizeof(ptr->datatype));
data/alglib-3.16.0/src/ap.cpp:8276:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr->ptr.pp_void[i], rhs.ptr->ptr.pp_void[i], ptr->cols*alglib_impl::ae_sizeof(ptr->datatype));
data/alglib-3.16.0/src/ap.cpp:8810:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8];
data/alglib-3.16.0/src/ap.cpp:8863:16:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    long_val = atol(s);
data/alglib-3.16.0/src/ap.cpp:8875:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/alglib-3.16.0/src/ap.cpp:9037:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/alglib-3.16.0/src/ap.cpp:9053:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/alglib-3.16.0/src/ap.cpp:9054:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mask1[64];
data/alglib-3.16.0/src/ap.cpp:9055:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mask2[64];
data/alglib-3.16.0/src/ap.cpp:9254:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f_in = fopen(filename, "rb");
data/alglib-3.16.0/tests/test_c.cpp:129122:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        seed = (unsigned)atoi(argv[1]);
data/alglib-3.16.0/tests/test_x.cpp:279:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(filename, "wb");
data/alglib-3.16.0/src/ap.cpp:2348:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(alglib_trace_tags, ",");
data/alglib-3.16.0/src/ap.cpp:2350:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(alglib_trace_tags, ",");
data/alglib-3.16.0/src/ap.cpp:2387:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(buf, ",");
data/alglib-3.16.0/src/ap.cpp:2389:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(buf, "?");
data/alglib-3.16.0/src/ap.cpp:2394:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf[strlen(buf)-1] = ',';
data/alglib-3.16.0/src/ap.cpp:2399:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf[strlen(buf)-1] = '.';
data/alglib-3.16.0/src/ap.cpp:3780:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove(buf, s, strlen(s)+1);
data/alglib-3.16.0/src/ap.cpp:3786:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove(buf, s, strlen(s)+1);
data/alglib-3.16.0/src/ap.cpp:3792:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove(buf, s, strlen(s)+1);
data/alglib-3.16.0/src/ap.cpp:3861:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strncmp(buf, s_nan, strlen(s_nan))==0 )
data/alglib-3.16.0/src/ap.cpp:3863:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            *pasttheend = buf+strlen(s_nan);
data/alglib-3.16.0/src/ap.cpp:3866:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strncmp(buf, s_posinf, strlen(s_posinf))==0 )
data/alglib-3.16.0/src/ap.cpp:3868:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            *pasttheend = buf+strlen(s_posinf);
data/alglib-3.16.0/src/ap.cpp:3871:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strncmp(buf, s_neginf, strlen(s_neginf))==0 )
data/alglib-3.16.0/src/ap.cpp:3873:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            *pasttheend = buf+strlen(s_neginf);
data/alglib-3.16.0/src/ap.cpp:4775:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    stream->write(p_string, strlen(p_string));
data/alglib-3.16.0/src/ap.cpp:4863:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(buf, " ");
data/alglib-3.16.0/src/ap.cpp:4866:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes_appended = (ae_int_t)strlen(buf);
data/alglib-3.16.0/src/ap.cpp:4902:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(buf, " ");
data/alglib-3.16.0/src/ap.cpp:4905:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes_appended = (ae_int_t)strlen(buf);
data/alglib-3.16.0/src/ap.cpp:4941:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(buf, " ");
data/alglib-3.16.0/src/ap.cpp:4944:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes_appended = (ae_int_t)strlen(buf);
data/alglib-3.16.0/src/ap.cpp:4980:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(buf, " ");
data/alglib-3.16.0/src/ap.cpp:4983:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes_appended = (ae_int_t)strlen(buf);
data/alglib-3.16.0/src/ap.cpp:5143:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(serializer->out_str, ".");
data/alglib-3.16.0/src/ap.cpp:8721:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(s);
data/alglib-3.16.0/src/ap.cpp:8815:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buf, s, strlen(p));
data/alglib-3.16.0/src/ap.cpp:8815:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncpy(buf, s, strlen(p));
data/alglib-3.16.0/src/ap.cpp:8818:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( s[strlen(p)]==0 || strchr(delim,s[strlen(p)])==NULL )
data/alglib-3.16.0/src/ap.cpp:8818:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( s[strlen(p)]==0 || strchr(delim,s[strlen(p)])==NULL )
data/alglib-3.16.0/src/ap.cpp:8826:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buf, s, strlen(p));
data/alglib-3.16.0/src/ap.cpp:8826:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncpy(buf, s, strlen(p));
data/alglib-3.16.0/src/ap.cpp:8829:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( s[strlen(p)]==0 || strchr(delim,s[strlen(p)])==NULL )
data/alglib-3.16.0/src/ap.cpp:8829:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( s[strlen(p)]==0 || strchr(delim,s[strlen(p)])==NULL )
data/alglib-3.16.0/src/ap.cpp:8891:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buf, s, 3);
data/alglib-3.16.0/src/ap.cpp:8933:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(buf, p, (size_t)(*new_s-p));
data/alglib-3.16.0/tests/test_x.cpp:282:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( fwrite((void*)contents, 1, strlen(contents), f)!=strlen(contents) )
data/alglib-3.16.0/tests/test_x.cpp:282:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( fwrite((void*)contents, 1, strlen(contents), f)!=strlen(contents) )

ANALYSIS SUMMARY:

Hits = 140
Lines analyzed = 531619 in approximately 14.61 seconds (36377 lines/second)
Physical Source Lines of Code (SLOC) = 328768
Hits@level = [0] 1951 [1]  38 [2]  45 [3]   4 [4]  51 [5]   2
Hits@level+ = [0+] 2091 [1+] 140 [2+] 102 [3+]  57 [4+]  53 [5+]   2
Hits/KSLOC@level+ = [0+] 6.36011 [1+] 0.425832 [2+] 0.310249 [3+] 0.173375 [4+] 0.161208 [5+] 0.00608332
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.