Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/edge-addition-planarity-suite-3.0.1.0/c/appconst.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graph.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphDFSUtils.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar.private.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphEmbed.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphExtensions.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphExtensions.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphExtensions.private.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphFunctionTable.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphIsolator.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK23Search.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK23Search.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK23Search.private.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK23Search_Extensions.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK33Search.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK33Search.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK33Search.private.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK33Search_Extensions.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK4Search.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK4Search.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK4Search.private.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphK4Search_Extensions.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphNonplanar.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphOuterplanarObstruction.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphStructures.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphTests.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/graphUtils.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/listcoll.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/listcoll.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/planarity.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/planarity.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/platformTime.h
Examining data/edge-addition-planarity-suite-3.0.1.0/c/stack.c
Examining data/edge-addition-planarity-suite-3.0.1.0/c/stack.h
FINAL RESULTS:
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:568:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "<%s>", DRAWPLANAR_NAME);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:640:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "<%s>\n", DRAWPLANAR_NAME);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:641:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(extraData+extraDataPos, line);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:650:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(extraData+extraDataPos, line);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:663:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(extraData+extraDataPos, line);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:668:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "</%s>\n", DRAWPLANAR_NAME);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:669:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(extraData+extraDataPos, line);
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:728:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(LogStr, format, one);
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:734:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(LogStr, format, one, two);
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:740:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(LogStr, format, one, two, three);
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:746:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(LogStr, format, one, two, three, four);
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:752:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(LogStr, format, one, two, three, four, five);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c:80:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Line, "Failed to read graph %s\n", argv[1]);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:84:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Line, "Failed to write graph %s\nMake the directory if not present\n", theFileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:109:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Line, "Failed to write graph %s\nMake the directory if not present\n", theFileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:121:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Line, "Failed to write graph %s\nMake the directory if not present\n", theFileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:157:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Line, "Failed to write graph %s\nMake the directory if not present\n", theFileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:173:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Line, "Failed to write graph %s\nMake the directory if not present\n", theFileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:433:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Line, "Saving edge list format to '%s'\n", theFileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:157:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Line, "The graph '%s' ", infileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:163:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 'p' : sprintf(Line, "is%s planar.\n", Result==OK ? "" : " not"); break;
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:164:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 'd' : sprintf(Line, "is%s planar.\n", Result==OK ? "" : " not"); break;
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:165:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 'o' : sprintf(Line, "is%s outerplanar.\n", Result==OK ? "" : " not"); break;
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:166:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case '2' : sprintf(Line, "has %s subgraph homeomorphic to K_{2,3}.\n", Result==OK ? "no" : "a"); break;
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:167:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case '3' : sprintf(Line, "has %s subgraph homeomorphic to K_{3,3}.\n", Result==OK ? "no" : "a"); break;
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:168:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case '4' : sprintf(Line, "has %s subgraph homeomorphic to K_4.\n", Result==OK ? "no" : "a"); break;
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:173:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Line, "Algorithm '%s' executed in %.3lf seconds.\n",
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:102:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Line, "Failed to write to %s\nMake the directory if not present\n", filename);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:331:3: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf(" %s", theFileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:343:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(theFileName, infileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:367:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(theFileName, infileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:374:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(theFileName, algorithmName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:387:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(theFileName, infileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:392:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(theFileName, algorithmName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:395:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Line, "Outfile filename is too long. Result placed in %s", theFileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:401:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(theFileName, outfileName);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:56:6: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:370:6: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar.c:800:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numBuffer[32];
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar.c:833:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numBuffer, "%d", v - zeroBasedVertexOffset);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar.c:836:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) visRep + (2*Pos) * (M+1) + Mid, (char *) numBuffer, strlen(numBuffer));
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar.c:887:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else outfile = fopen(theFileName, WRITETEXT);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:275:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newContext->E, context->E, Esize*sizeof(DrawPlanar_EdgeRec));
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:276:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newContext->VI, context->VI, VIsize*sizeof(DrawPlanar_VertexInfo));
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:566:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[64], tempChar;
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:623:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[64];
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:646:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "%d: %d %d %d\n", v-zeroBasedVertexOffset,
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:659:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "%d: %d %d %d\n", e-zeroBasedEdgeOffset,
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Line[256];
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:325:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((Infile = fopen(FileName, READTEXT)) == NULL)
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:636:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((Outfile = fopen(FileName, WRITETEXT)) == NULL)
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:705:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((logfile = fopen("PLANARITY.LOG", WRITETEXT)) == NULL)
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:724:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char LogStr[512];
data/edge-addition-planarity-suite-3.0.1.0/c/graphK33Search_Extensions.c:332:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newContext->E, context->E, Esize*sizeof(K33Search_EdgeRec));
data/edge-addition-planarity-suite-3.0.1.0/c/graphK33Search_Extensions.c:333:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newContext->VI, context->VI, VIsize*sizeof(K33Search_VertexInfo));
data/edge-addition-planarity-suite-3.0.1.0/c/graphK4Search_Extensions.c:288:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newContext->E, context->E, Esize*sizeof(K4Search_EdgeRec));
data/edge-addition-planarity-suite-3.0.1.0/c/listcoll.h:56:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define LCCopy(dst, src) memcpy(dst->List, src->List, src->N*sizeof(lcnode))
data/edge-addition-planarity-suite-3.0.1.0/c/planarity.h:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char Line[MAXLINE];
data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c:78:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "Failed to read graph\n");
data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char origDir[2049];
data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c:216:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
outfileName = strdup(strcat(outfileName, ".test.txt"));
data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c:258:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
outfileName = strdup(strcat(outfile2Name, ".render.txt"));
data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c:262:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
testfileName = strdup(strcat(testfileName, ".render.txt"));
data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c:307:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
NumGraphs = atoi(argv[3+offset]);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c:308:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SizeOfGraphs = atoi(argv[4+offset]);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c:362:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numVertices = atoi(argv[2+offset]);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c:390:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numVertices = atoi(argv[2+offset]);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:26:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theFileName[256];
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:80:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(theFileName, "random%c%d.txt", FILE_DELIMITER, K%10);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:105:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(theFileName, "embedded%c%d.txt", FILE_DELIMITER, K%10);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:117:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(theFileName, "adjlist%c%d.txt", FILE_DELIMITER, K%10);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:153:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(theFileName, "obstructed%c%d.txt", FILE_DELIMITER, K%10);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:169:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(theFileName, "error%c%d.txt", FILE_DELIMITER, K%10);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:214:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "\nDone (%.3lf seconds).\n", platform_GetDuration(start,end));
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:220:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "Num Embedded=%d.\n", MainStatistic);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:229:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "Minor %c = %d\n", K+'A', ObstructionMinorFreqs[K]);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:235:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "\nNote: E1 are added to C, E2 are added to A, and E=E3+E4+K5 homeomorphs.\n");
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:240:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "Minor E%d = %d\n", K-4, ObstructionMinorFreqs[K]);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:249:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "Num Graphs Embedded and Drawn=%d.\n", MainStatistic);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:256:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "Of the generated graphs, %d did not contain a K_{2,3} homeomorph as a subgraph.\n", MainStatistic);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:261:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "Of the generated graphs, %d did not contain a K_{3,3} homeomorph as a subgraph.\n", MainStatistic);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:266:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "Of the generated graphs, %d did not contain a K_4 homeomorph as a subgraph.\n", MainStatistic);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:299:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "Number out of range [%d, %d]; changed to %d\n", min, max, *pNum);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:381:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Line, "Created random graph with %d edges in %.3lf seconds. ", theGraph->M, platform_GetDuration(start,end));
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:426:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theFileName[256];
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:429:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(theFileName, "random%cnonPlanarEdgeList.txt", FILE_DELIMITER);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityRandomGraphs.c:431:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(theFileName, "random%cmaxPlanarEdgeList.txt", FILE_DELIMITER);
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:136:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat((outfile2Name = outfileName), ".render.txt");
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:158:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(Line, "The graph ");
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:169:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
default : sprintf(Line, "has not been processed due to unrecognized command.\n"); break;
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:60:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Line[MAXLINE];
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:97:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *outfile = fopen(filename, WRITETEXT);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:146:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile1 = fopen(file1Name, "r");
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:147:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile2 = fopen(file2Name, "r");
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:208:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile1 = fopen(file1Name, "r");
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:209:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile2 = fopen(file2Name, "r");
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:315:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theFileName[FILENAMEMAXLENGTH+1+ALGORITHMNAMEMAXLENGTH+1+SUFFIXMAXLENGTH+1];
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:334:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(theFileName, ".txt");
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:379:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(theFileName, ".out.txt");
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:394:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(theFileName, ".out.txt");
data/edge-addition-planarity-suite-3.0.1.0/c/stack.c:56:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stackDst->S, stackSrc->S, stackSrc->size*sizeof(int));
data/edge-addition-planarity-suite-3.0.1.0/c/stack.c:71:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newStack->S, theStack->S, theStack->size*sizeof(int));
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar.c:834:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned)(context->VI[v].end - context->VI[v].start + 1) >= strlen(numBuffer))
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar.c:836:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy((char *) visRep + (2*Pos) * (M+1) + Mid, (char *) numBuffer, strlen(numBuffer));
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar.c:841:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(numBuffer)==2)
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar.c:846:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
visRep[(2*Pos+1) * (M+1) + Mid] = numBuffer[strlen(numBuffer)-1];
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:576:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extraData = (void *) ((char *) extraData + strlen(line)+1);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:642:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extraDataPos += (int) strlen(line);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:651:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extraDataPos += (int) strlen(line);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:664:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extraDataPos += (int) strlen(line);
data/edge-addition-planarity-suite-3.0.1.0/c/graphDrawPlanar_Extensions.c:670:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extraDataPos += (int) strlen(line);
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:86:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(Infile); /* Skip the N= */
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:87:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(Infile);
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:117:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(Infile);
data/edge-addition-planarity-suite-3.0.1.0/c/graphIO.c:328:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Ch = (char) fgetc(Infile);
data/edge-addition-planarity-suite-3.0.1.0/c/planarityCommandLine.c:77:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[1]) > MAXLINE - 100)
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:128:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile2Name) == 0)
data/edge-addition-planarity-suite-3.0.1.0/c/planaritySpecificGraph.c:135:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile2Name) == 0)
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:156:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c1 = fgetc(infile1)) != EOF)
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:163:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c2 = fgetc(infile2)) == '\r')
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:187:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c2 = fgetc(infile2)) == '\r')
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:190:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(infile2) != EOF)
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:218:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c1 = fgetc(infile1)) != EOF)
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:222:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c2 = fgetc(infile2)) == EOF)
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:241:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(infile2) != EOF)
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:338:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(infileName) > FILENAMEMAXLENGTH)
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:371:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(algorithmName) <= ALGORITHMNAMEMAXLENGTH)
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:373:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(theFileName, ".");
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:383:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfileName) > FILENAMEMAXLENGTH)
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:389:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(algorithmName) <= ALGORITHMNAMEMAXLENGTH)
data/edge-addition-planarity-suite-3.0.1.0/c/planarityUtils.c:391:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(theFileName, ".");
ANALYSIS SUMMARY:
Hits = 131
Lines analyzed = 19323 in approximately 0.58 seconds (33294 lines/second)
Physical Source Lines of Code (SLOC) = 9997
Hits@level = [0] 57 [1] 29 [2] 64 [3] 2 [4] 36 [5] 0
Hits@level+ = [0+] 188 [1+] 131 [2+] 102 [3+] 38 [4+] 36 [5+] 0
Hits/KSLOC@level+ = [0+] 18.8056 [1+] 13.1039 [2+] 10.2031 [3+] 3.80114 [4+] 3.60108 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.