Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gfan-0.6.2/src/traverser_resultantfan.h
Examining data/gfan-0.6.2/src/bergmanBackup.cpp
Examining data/gfan-0.6.2/src/singular.cpp
Examining data/gfan-0.6.2/src/nbody.h
Examining data/gfan-0.6.2/src/traverser_resultantfan.cpp
Examining data/gfan-0.6.2/src/traverser_sphere.h
Examining data/gfan-0.6.2/src/app_lpsolve.cpp
Examining data/gfan-0.6.2/src/tropicaltraverse.h
Examining data/gfan-0.6.2/src/app_genericlinearchange.cpp
Examining data/gfan-0.6.2/src/field.h
Examining data/gfan-0.6.2/src/vektor.h
Examining data/gfan-0.6.2/src/regularsubdivision.cpp
Examining data/gfan-0.6.2/src/app_homogeneityspace.cpp
Examining data/gfan-0.6.2/src/padic.cpp
Examining data/gfan-0.6.2/src/parser.h
Examining data/gfan-0.6.2/src/latticeideal.cpp
Examining data/gfan-0.6.2/src/gfanlib_symmetriccomplex.cpp
Examining data/gfan-0.6.2/src/sage.cpp
Examining data/gfan-0.6.2/src/app_main.cpp
Examining data/gfan-0.6.2/src/polynomialgcd.cpp
Examining data/gfan-0.6.2/src/continuedfractions.h
Examining data/gfan-0.6.2/src/printer.h
Examining data/gfan-0.6.2/src/tropicalcurve.cpp
Examining data/gfan-0.6.2/src/app_minimalassociatedprimes.cpp
Examining data/gfan-0.6.2/src/app_tropicallifting.cpp
Examining data/gfan-0.6.2/src/gfanlib_field.cpp
Examining data/gfan-0.6.2/src/gfanlib_circuittableint.cpp
Examining data/gfan-0.6.2/src/app_tropicalhypersurface.cpp
Examining data/gfan-0.6.2/src/polyhedral.h
Examining data/gfan-0.6.2/src/app_tropicalcurve.cpp
Examining data/gfan-0.6.2/src/app_tropicalfunction.cpp
Examining data/gfan-0.6.2/src/polynomialring.h
Examining data/gfan-0.6.2/src/saturation.cpp
Examining data/gfan-0.6.2/src/app_tolatex.cpp
Examining data/gfan-0.6.2/src/polynomial.h
Examining data/gfan-0.6.2/src/integergb.cpp
Examining data/gfan-0.6.2/src/ep_xfig.h
Examining data/gfan-0.6.2/src/polymakefile.h
Examining data/gfan-0.6.2/src/app_traversetropicalintersection.cpp
Examining data/gfan-0.6.2/src/matrix.h
Examining data/gfan-0.6.2/src/linalgfloat.h
Examining data/gfan-0.6.2/src/macaulay2.cpp
Examining data/gfan-0.6.2/src/scarf.h
Examining data/gfan-0.6.2/src/gfanlib_symmetry.h
Examining data/gfan-0.6.2/src/app_render.cpp
Examining data/gfan-0.6.2/src/app_polytopealgebra.cpp
Examining data/gfan-0.6.2/src/tropicalbasis.cpp
Examining data/gfan-0.6.2/src/halfopencone.backup.cpp
Examining data/gfan-0.6.2/src/application.cpp
Examining data/gfan-0.6.2/src/traverser_secondaryfan.h
Examining data/gfan-0.6.2/src/subspace.cpp
Examining data/gfan-0.6.2/src/restrictedgfan.cpp
Examining data/gfan-0.6.2/src/lattice.cpp
Examining data/gfan-0.6.2/src/gfanlib_field.h
Examining data/gfan-0.6.2/src/termorder.cpp
Examining data/gfan-0.6.2/src/app_padic.cpp
Examining data/gfan-0.6.2/src/tropical_weildivisor.cpp
Examining data/gfan-0.6.2/src/traverser_resultantfanspecialization.h
Examining data/gfan-0.6.2/src/tropicaltraverse.cpp
Examining data/gfan-0.6.2/src/app_minors.cpp
Examining data/gfan-0.6.2/src/field_rationalfunctions2.cpp
Examining data/gfan-0.6.2/src/packedmonomial.h
Examining data/gfan-0.6.2/src/lp_soplexcdd.cpp
Examining data/gfan-0.6.2/src/polyhedralfan.h
Examining data/gfan-0.6.2/src/app_tropicalbruteforce.cpp
Examining data/gfan-0.6.2/src/app_groebnerfan.cpp
Examining data/gfan-0.6.2/src/app_initialdeterminant.cpp
Examining data/gfan-0.6.2/src/division.h
Examining data/gfan-0.6.2/src/traverser_stableintersection.h
Examining data/gfan-0.6.2/src/halfopencone.cpp
Examining data/gfan-0.6.2/src/app_spolynomial.cpp
Examining data/gfan-0.6.2/src/gfanlib_ordering.h
Examining data/gfan-0.6.2/src/tropicalbasis.h
Examining data/gfan-0.6.2/src/continuedfractions.cpp
Examining data/gfan-0.6.2/src/gfanlib_zfan.h
Examining data/gfan-0.6.2/src/app_tropicalvarietyspan.cpp
Examining data/gfan-0.6.2/src/linalgfloat.cpp
Examining data/gfan-0.6.2/src/gfanlib_tropicalhomotopy.h
Examining data/gfan-0.6.2/src/renderer.cpp
Examining data/gfan-0.6.2/src/enumeration.h
Examining data/gfan-0.6.2/src/monomial.h
Examining data/gfan-0.6.2/src/traverser_sphere.cpp
Examining data/gfan-0.6.2/src/gfanlib_q.h
Examining data/gfan-0.6.2/src/app_matrixproduct.cpp
Examining data/gfan-0.6.2/src/app_resultantfan.cpp
Examining data/gfan-0.6.2/src/traverser_tropical.cpp
Examining data/gfan-0.6.2/src/polynomialgcd.h
Examining data/gfan-0.6.2/src/fieldlp.cpp
Examining data/gfan-0.6.2/src/application.h
Examining data/gfan-0.6.2/src/gfanlib_paralleltraverser.h
Examining data/gfan-0.6.2/src/app_substitute.cpp
Examining data/gfan-0.6.2/src/app_tropicalbasis.cpp
Examining data/gfan-0.6.2/src/app_evaluate.cpp
Examining data/gfan-0.6.2/src/subspace.h
Examining data/gfan-0.6.2/src/gfanlib_tropicalintersection.h
Examining data/gfan-0.6.2/src/field_rationals.h
Examining data/gfan-0.6.2/src/app_idealproduct.cpp
Examining data/gfan-0.6.2/src/integer.h
Examining data/gfan-0.6.2/src/gfanlib_mixedvolume.h
Examining data/gfan-0.6.2/src/gfanlib_polymakefile.cpp
Examining data/gfan-0.6.2/src/substitute.h
Examining data/gfan-0.6.2/src/polynomial.cpp
Examining data/gfan-0.6.2/src/app_exponentlattice.cpp
Examining data/gfan-0.6.2/src/app_isgroebnerbasis.cpp
Examining data/gfan-0.6.2/src/app_saturation.cpp
Examining data/gfan-0.6.2/src/gfanlib_z.h
Examining data/gfan-0.6.2/src/singular.h
Examining data/gfan-0.6.2/src/gfanlib_matrix.h
Examining data/gfan-0.6.2/src/app_buchberger.cpp
Examining data/gfan-0.6.2/src/log.cpp
Examining data/gfan-0.6.2/src/app_smalessixth.cpp
Examining data/gfan-0.6.2/src/determinant.h
Examining data/gfan-0.6.2/src/app_renderstaircase.cpp
Examining data/gfan-0.6.2/src/restrictedautoreduction.cpp
Examining data/gfan-0.6.2/src/tropicaldeterminant.h
Examining data/gfan-0.6.2/src/traverser_stableintersection.cpp
Examining data/gfan-0.6.2/src/app_latticeideal.cpp
Examining data/gfan-0.6.2/src/bergman.cpp
Examining data/gfan-0.6.2/src/log.h
Examining data/gfan-0.6.2/src/app_smalessixth2.cpp
Examining data/gfan-0.6.2/src/app_polynomialsetunion.cpp
Examining data/gfan-0.6.2/src/app_supportindices.cpp
Examining data/gfan-0.6.2/src/gfanlib_mixedvolume.cpp
Examining data/gfan-0.6.2/src/restrictedautoreduction.h
Examining data/gfan-0.6.2/src/xfig.cpp
Examining data/gfan-0.6.2/src/determinantpoly.cpp
Examining data/gfan-0.6.2/src/app_isconnected.cpp
Examining data/gfan-0.6.2/src/graph.h
Examining data/gfan-0.6.2/src/app_volume.cpp
Examining data/gfan-0.6.2/src/term.h
Examining data/gfan-0.6.2/src/tropicalmap.cpp
Examining data/gfan-0.6.2/src/triangulation.h
Examining data/gfan-0.6.2/src/traverser_bsptree.cpp
Examining data/gfan-0.6.2/src/app_tropicalrank.cpp
Examining data/gfan-0.6.2/src/graph.cpp
Examining data/gfan-0.6.2/src/codimoneconnectedness.h
Examining data/gfan-0.6.2/src/polyhedralcone.cpp
Examining data/gfan-0.6.2/src/myassert.h
Examining data/gfan-0.6.2/src/app_scarfcomplex.cpp
Examining data/gfan-0.6.2/src/gfanapplication.cpp
Examining data/gfan-0.6.2/src/saturation.h
Examining data/gfan-0.6.2/src/term.cpp
Examining data/gfan-0.6.2/src/gfanlib_traversal.h
Examining data/gfan-0.6.2/src/tropicalmap.h
Examining data/gfan-0.6.2/src/app_interactive.cpp
Examining data/gfan-0.6.2/src/symmetriccomplex.h
Examining data/gfan-0.6.2/src/app_commonrefinement.cpp
Examining data/gfan-0.6.2/src/enumeration.cpp
Examining data/gfan-0.6.2/src/app_tropicallinearspace.cpp
Examining data/gfan-0.6.2/src/app_debug.cpp
Examining data/gfan-0.6.2/src/gfanlib_zcone.h
Examining data/gfan-0.6.2/src/app_unfold.cpp
Examining data/gfan-0.6.2/src/lll.h
Examining data/gfan-0.6.2/src/app_normalfancleanup.cpp
Examining data/gfan-0.6.2/src/app_walk.cpp
Examining data/gfan-0.6.2/src/lp.h
Examining data/gfan-0.6.2/src/app_randompolynomials.cpp
Examining data/gfan-0.6.2/src/buchberger.cpp
Examining data/gfan-0.6.2/src/symmetriccomplex.cpp
Examining data/gfan-0.6.2/src/ep_standard.cpp
Examining data/gfan-0.6.2/src/minors.cpp
Examining data/gfan-0.6.2/src/lp.cpp
Examining data/gfan-0.6.2/src/symmetry.cpp
Examining data/gfan-0.6.2/src/nbody.cpp
Examining data/gfan-0.6.2/src/app_composepermutations.cpp
Examining data/gfan-0.6.2/src/ge_gfan.cpp
Examining data/gfan-0.6.2/src/field_rationalfunctions.h
Examining data/gfan-0.6.2/src/breadthfirstsearch.h
Examining data/gfan-0.6.2/src/app_scarfvisualize.cpp
Examining data/gfan-0.6.2/src/wallideal.cpp
Examining data/gfan-0.6.2/src/binomial.h
Examining data/gfan-0.6.2/src/field_zmodpz.h
Examining data/gfan-0.6.2/src/primarydecomposition.cpp
Examining data/gfan-0.6.2/src/termorder.h
Examining data/gfan-0.6.2/src/lp_soplexcdd.h
Examining data/gfan-0.6.2/src/traverser_groebnerfan.cpp
Examining data/gfan-0.6.2/src/app_tropicalstartingcone.cpp
Examining data/gfan-0.6.2/src/app_tropicaltraverse.cpp
Examining data/gfan-0.6.2/src/lll.cpp
Examining data/gfan-0.6.2/src/renderer.h
Examining data/gfan-0.6.2/src/field_zmodpz.cpp
Examining data/gfan-0.6.2/src/gfanlib_vector.h
Examining data/gfan-0.6.2/src/gfanlib_polyhedralfan.h
Examining data/gfan-0.6.2/src/app_fancoarsening.cpp
Examining data/gfan-0.6.2/src/gfanlib_traversal.cpp
Examining data/gfan-0.6.2/src/app_pointconfiguration.cpp
Examining data/gfan-0.6.2/src/lattice.h
Examining data/gfan-0.6.2/src/app_fancones.cpp
Examining data/gfan-0.6.2/src/wallideal.h
Examining data/gfan-0.6.2/src/traverser_tropical.h
Examining data/gfan-0.6.2/src/timer.h
Examining data/gfan-0.6.2/src/app_librarytest.cpp
Examining data/gfan-0.6.2/src/multiplicity.cpp
Examining data/gfan-0.6.2/src/tropical.cpp
Examining data/gfan-0.6.2/src/app_fiberpolytope.cpp
Examining data/gfan-0.6.2/src/app_stats.cpp
Examining data/gfan-0.6.2/src/gfanlib_polymakefile.h
Examining data/gfan-0.6.2/src/dimension.h
Examining data/gfan-0.6.2/src/symmetrictraversal.cpp
Examining data/gfan-0.6.2/src/breadthfirstsearch.cpp
Examining data/gfan-0.6.2/src/printer.cpp
Examining data/gfan-0.6.2/src/singularconversion.cpp
Examining data/gfan-0.6.2/src/bsptree.h
Examining data/gfan-0.6.2/src/app_lattice.cpp
Examining data/gfan-0.6.2/src/gfanlib_polyhedralfan.cpp
Examining data/gfan-0.6.2/src/tropicalcurve.h
Examining data/gfan-0.6.2/src/gfanlib_paralleltraverser.cpp
Examining data/gfan-0.6.2/src/app_tropicalhypersurfacereconstruction.cpp
Examining data/gfan-0.6.2/src/traverser_secondaryfan.cpp
Examining data/gfan-0.6.2/src/dimension.cpp
Examining data/gfan-0.6.2/src/regularsubdivision.h
Examining data/gfan-0.6.2/src/app_tropicalevaluation.cpp
Examining data/gfan-0.6.2/src/gfanlib_ordering.cpp
Examining data/gfan-0.6.2/src/determinant.cpp
Examining data/gfan-0.6.2/src/gfanlib_symmetry.cpp
Examining data/gfan-0.6.2/src/app_tropicalhomotopyFAILS.cpp
Examining data/gfan-0.6.2/src/field.cpp
Examining data/gfan-0.6.2/src/linalg.h
Examining data/gfan-0.6.2/src/gmpallocator.cpp
Examining data/gfan-0.6.2/src/matrix.cpp
Examining data/gfan-0.6.2/src/fieldlp.h
Examining data/gfan-0.6.2/src/bergman.h
Examining data/gfan-0.6.2/src/binomial.cpp
Examining data/gfan-0.6.2/src/integergb.h
Examining data/gfan-0.6.2/src/tropical.h
Examining data/gfan-0.6.2/src/buchberger.h
Examining data/gfan-0.6.2/src/app_integerfactorization.cpp
Examining data/gfan-0.6.2/src/app_initialforms.cpp
Examining data/gfan-0.6.2/src/minors.h
Examining data/gfan-0.6.2/src/tropical2.h
Examining data/gfan-0.6.2/src/singularconversion.h
Examining data/gfan-0.6.2/src/bsptree.cpp
Examining data/gfan-0.6.2/src/polynomialring.cpp
Examining data/gfan-0.6.2/src/padic.h
Examining data/gfan-0.6.2/src/intsinpolytope.h
Examining data/gfan-0.6.2/src/ep_standard.h
Examining data/gfan-0.6.2/src/symmetrictraversal.h
Examining data/gfan-0.6.2/src/macaulay2.h
Examining data/gfan-0.6.2/src/genericwalk.h
Examining data/gfan-0.6.2/src/app_groebnercone.cpp
Examining data/gfan-0.6.2/src/app_regularsubdivision.cpp
Examining data/gfan-0.6.2/src/parser.cpp
Examining data/gfan-0.6.2/src/traverser_groebnerfan.h
Examining data/gfan-0.6.2/src/rational.h
Examining data/gfan-0.6.2/src/polymakefile.cpp
Examining data/gfan-0.6.2/src/determinantpoly.h
Examining data/gfan-0.6.2/src/groebnerengine.h
Examining data/gfan-0.6.2/src/lp_cdd.h
Examining data/gfan-0.6.2/src/app_markpolynomialset.cpp
Examining data/gfan-0.6.2/src/substitute.cpp
Examining data/gfan-0.6.2/src/newtonpolytope.cpp
Examining data/gfan-0.6.2/src/app_transposematrix.cpp
Examining data/gfan-0.6.2/src/app_lll.cpp
Examining data/gfan-0.6.2/src/app_tropicalweildivisor.cpp
Examining data/gfan-0.6.2/src/gfanlib.h
Examining data/gfan-0.6.2/src/newtonpolytope.h
Examining data/gfan-0.6.2/src/app_idealintersection.cpp
Examining data/gfan-0.6.2/src/versioninfo.h
Examining data/gfan-0.6.2/src/timer.cpp
Examining data/gfan-0.6.2/src/app_multiplymatrix.cpp
Examining data/gfan-0.6.2/src/reversesearch.h
Examining data/gfan-0.6.2/src/gfanlib_symmetriccomplex.h
Examining data/gfan-0.6.2/src/app_weightvector.cpp
Examining data/gfan-0.6.2/src/tropical_weildivisor.h
Examining data/gfan-0.6.2/src/field_rationalfunctions2.h
Examining data/gfan-0.6.2/src/app_sturmsequence.cpp
Examining data/gfan-0.6.2/src/symmetry.h
Examining data/gfan-0.6.2/src/app_fanhomology.cpp
Examining data/gfan-0.6.2/src/tropicaldeterminant.cpp
Examining data/gfan-0.6.2/src/primarydecomposition.h
Examining data/gfan-0.6.2/src/app_ismarkedgroebnerbasis.cpp
Examining data/gfan-0.6.2/src/halfopencone.h
Examining data/gfan-0.6.2/src/minkowskidual.cpp
Examining data/gfan-0.6.2/src/traverser_bsptree.h
Examining data/gfan-0.6.2/src/app_tropicalhomotopy.cpp
Examining data/gfan-0.6.2/src/genericwalk.cpp
Examining data/gfan-0.6.2/src/app_combinerays.cpp
Examining data/gfan-0.6.2/src/triangulation.cpp
Examining data/gfan-0.6.2/src/gfanlib_zcone.cpp
Examining data/gfan-0.6.2/src/intsinpolytope.cpp
Examining data/gfan-0.6.2/src/mixedvolume.h
Examining data/gfan-0.6.2/src/xfig.h
Examining data/gfan-0.6.2/src/app_tropicalintersection.cpp
Examining data/gfan-0.6.2/src/linalg.cpp
Examining data/gfan-0.6.2/src/latticeideal.h
Examining data/gfan-0.6.2/src/scarf.cpp
Examining data/gfan-0.6.2/src/packedmonomial.cpp
Examining data/gfan-0.6.2/src/triangulation2.h
Examining data/gfan-0.6.2/src/app_doesidealcontain.cpp
Examining data/gfan-0.6.2/src/app_nbody.cpp
Examining data/gfan-0.6.2/src/halfopencone.almostworks.cpp
Examining data/gfan-0.6.2/src/app_homogenize.cpp
Examining data/gfan-0.6.2/src/app_product.cpp
Examining data/gfan-0.6.2/src/minkowskisum.h
Examining data/gfan-0.6.2/src/app_topolyhedralfan.cpp
Examining data/gfan-0.6.2/src/gfanapplication.h
Examining data/gfan-0.6.2/src/field_rationals.cpp
Examining data/gfan-0.6.2/src/gfanlib_zfan.cpp
Examining data/gfan-0.6.2/src/app_secondaryfan.cpp
Examining data/gfan-0.6.2/src/app_leadingterms.cpp
Examining data/gfan-0.6.2/src/app_tropicalmultiplicity.cpp
Examining data/gfan-0.6.2/src/division.cpp
Examining data/gfan-0.6.2/src/polyhedralfan.cpp
Examining data/gfan-0.6.2/src/gfanlib_tableau.h
Examining data/gfan-0.6.2/src/mixedvolume.cpp
Examining data/gfan-0.6.2/src/app_realroots.cpp
Examining data/gfan-0.6.2/src/polyhedralcone.h
Examining data/gfan-0.6.2/src/app_mixedvolume.cpp
Examining data/gfan-0.6.2/src/minkowskidual.h
Examining data/gfan-0.6.2/src/app_isbalanced.cpp
Examining data/gfan-0.6.2/src/multiplicity.h
Examining data/gfan-0.6.2/src/sage_link.cpp
Examining data/gfan-0.6.2/src/app_chowbetti.cpp
Examining data/gfan-0.6.2/src/app_issmooth.cpp
Examining data/gfan-0.6.2/src/app_fansubfan.cpp
Examining data/gfan-0.6.2/src/monomial.cpp
Examining data/gfan-0.6.2/src/app_triangulate.cpp
Examining data/gfan-0.6.2/src/app_integergb.cpp
Examining data/gfan-0.6.2/src/groebnerengine.cpp
Examining data/gfan-0.6.2/src/field_rationalfunctions.cpp
Examining data/gfan-0.6.2/src/app_krulldimension.cpp
Examining data/gfan-0.6.2/src/lp_cdd.cpp
Examining data/gfan-0.6.2/src/codimoneconnectedness.cpp
Examining data/gfan-0.6.2/src/gebauermoeller.h
Examining data/gfan-0.6.2/src/breadthfirstsearch2.cpp
Examining data/gfan-0.6.2/src/app_facets.cpp
Examining data/gfan-0.6.2/src/app_tropicalimage.cpp
Examining data/gfan-0.6.2/src/traverser_resultantfanspecialization.cpp
Examining data/gfan-0.6.2/src/app_minkowski.cpp
Examining data/gfan-0.6.2/src/reversesearch.cpp
Examining data/gfan-0.6.2/src/minkowskisum.cpp
Examining data/gfan-0.6.2/src/app_intsinpolytope.cpp
Examining data/gfan-0.6.2/src/app_link.cpp
Examining data/gfan-0.6.2/src/gfanlib_circuittableint.h
Examining data/gfan-0.6.2/src/ep_xfig.cpp
Examining data/gfan-0.6.2/src/myassert.cpp
Examining data/gfan-0.6.2/src/app_scarfisgeneric.cpp
Examining data/gfan-0.6.2/src/app_symmetries.cpp
Examining data/gfan-0.6.2/src/app_representatives.cpp
Examining data/gfan-0.6.2/src/tropical2.cpp
Examining data/gfan-0.6.2/src/vektor.cpp
Examining data/gfan-0.6.2/src/app_test.cpp
FINAL RESULTS:
data/gfan-0.6.2/src/app_interactive.cpp:110:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(outputLatex)err|=system("xdvi " FILENAME ".dvi&");
data/gfan-0.6.2/src/app_interactive.cpp:251:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err|=system("latex " FILENAME ".tex >/dev/null");
data/gfan-0.6.2/src/app_isgroebnerbasis.cpp:87:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(Stdout,isGroebnerBasis?"true\n":"false\n");
data/gfan-0.6.2/src/app_ismarkedgroebnerbasis.cpp:36:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(Stdout,isGroebnerBasis?"true\n":"false\n");
data/gfan-0.6.2/src/app_lpsolve.cpp:52:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(Stderr,status?"LP is unbounded.\n":"Optimal solution found.\n");
data/gfan-0.6.2/src/app_scarfvisualize.cpp:171:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%s,%s",(A1)?"A1":"a1",(A2)?"A2":"a2");
data/gfan-0.6.2/src/app_test.cpp:450:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest,exe);dest+=strlen(exe);
data/gfan-0.6.2/src/app_test.cpp:454:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest,examplePath);dest+=strlen(examplePath);
data/gfan-0.6.2/src/app_test.cpp:496:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
/*err|=*/system(t.c_str());
data/gfan-0.6.2/src/app_test.cpp:500:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err|=system(command3.c_str());
data/gfan-0.6.2/src/app_test.cpp:513:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int err=system("rm " tempName);
data/gfan-0.6.2/src/app_test.cpp:515:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(command,"ls %s>" tempName ,testSuiteFolderOption.getValue());
data/gfan-0.6.2/src/app_test.cpp:516:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err|=system(command);
data/gfan-0.6.2/src/app_tropicalhomotopy.cpp:57:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int err=system(s.c_str());
data/gfan-0.6.2/src/app_tropicalhomotopyFAILS.cpp:1438:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(s.c_str());
data/gfan-0.6.2/src/application.cpp:560:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c,"ln -s %s%s %s%s%s\n",path,name,path,name,p->name());
data/gfan-0.6.2/src/application.cpp:562:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int err=system(c);
data/gfan-0.6.2/src/fieldlp.cpp:256:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(Stderr,status?"LP is unbounded.\n":"Optimal solution found.\n");
data/gfan-0.6.2/src/macaulay2.cpp:33:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(M2Name,"%s",programNameM2);//"M2";
data/gfan-0.6.2/src/macaulay2.cpp:37:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/gfan-0.6.2/src/macaulay2.cpp:168:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for(int i=0;i<numberOfVariables;i++)fprintf(pipeInput,(i==0)? "%c":",%c",i+'a');
data/gfan-0.6.2/src/minkowskisum.cpp:39:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int err=system(MINKOWSKIPROGRAM" -v <" MINKOWSKIFILEINPUT " >" MINKOWSKIFILEOUTPUT);
data/gfan-0.6.2/src/printer.cpp:490:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f,s,i);
data/gfan-0.6.2/src/printer.cpp:499:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f,s,i);
data/gfan-0.6.2/src/app_randompolynomials.cpp:51:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/gfan-0.6.2/src/field.cpp:311:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
FieldElement Field::random()const
data/gfan-0.6.2/src/field.cpp:313:30: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return implementingObject->random();
data/gfan-0.6.2/src/field.h:124:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
FieldElement random()const;
data/gfan-0.6.2/src/field.h:266:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
virtual FieldElement random()
data/gfan-0.6.2/src/field_zmodpz.cpp:290:41: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
FieldElement FieldZModPZImplementation::random()
data/gfan-0.6.2/src/field_zmodpz.h:10:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
FieldElement random();
data/gfan-0.6.2/src/polynomialgcd.cpp:388:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
FieldElement c=r.getField().random();
data/gfan-0.6.2/src/polynomialgcd.cpp:445:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
FieldElement c2=r.getField().random();
data/gfan-0.6.2/src/polynomialgcd.cpp:584:33: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
FieldElement v=r2.getField().random();
data/gfan-0.6.2/src/app_combinerays.cpp:48:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(inputOption.getValue());
data/gfan-0.6.2/src/app_interactive.cpp:118:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
latexFile=fopen(FILENAME ".tex","w");
data/gfan-0.6.2/src/app_librarytest.cpp:175:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open("fanfile");
data/gfan-0.6.2/src/app_main.cpp:180:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ep->open(Stdout);
data/gfan-0.6.2/src/app_main.cpp:191:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ep->open(Stdout);
data/gfan-0.6.2/src/app_main.cpp:200:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ep->open(Stdout);
data/gfan-0.6.2/src/app_normalfancleanup.cpp:71:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen("iteraTIon","w");
data/gfan-0.6.2/src/app_normalfancleanup.cpp:83:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen("parTialOutPUt","w");
data/gfan-0.6.2/src/app_normalfancleanup.cpp:119:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen("iteraTIon","w");
data/gfan-0.6.2/src/app_render.cpp:50:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ep.open(Stdout);
data/gfan-0.6.2/src/app_scarfvisualize.cpp:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[50];
data/gfan-0.6.2/src/app_scarfvisualize.cpp:84:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%i %i %i",v[0],v[1],v[2]);
data/gfan-0.6.2/src/app_scarfvisualize.cpp:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[50];
data/gfan-0.6.2/src/app_scarfvisualize.cpp:91:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%i %i",v[0],v[1]);
data/gfan-0.6.2/src/app_scarfvisualize.cpp:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/gfan-0.6.2/src/app_smalessixth.cpp:297:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(inputOption.getValue());
data/gfan-0.6.2/src/app_smalessixth2.cpp:252:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(inputOption.getValue());
data/gfan-0.6.2/src/app_test.cpp:214:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen("gcdexamples","r");
data/gfan-0.6.2/src/app_test.cpp:426:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *A=fopen(a.c_str(),"r");
data/gfan-0.6.2/src/app_test.cpp:427:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *B=fopen(b.c_str(),"r");
data/gfan-0.6.2/src/app_test.cpp:439:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(name.c_str(),"r");
data/gfan-0.6.2/src/app_test.cpp:472:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fileName.c_str(),"r");
data/gfan-0.6.2/src/app_test.cpp:478:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[4096];
data/gfan-0.6.2/src/app_test.cpp:483:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command2[4096];
data/gfan-0.6.2/src/app_test.cpp:512:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[256];
data/gfan-0.6.2/src/app_test.cpp:520:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(tempName,"r");
data/gfan-0.6.2/src/app_test.cpp:522:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/gfan-0.6.2/src/app_triangulate.cpp:65:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(inputOption.getValue());
data/gfan-0.6.2/src/app_tropicalweildivisor.cpp:43:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(filename);
data/gfan-0.6.2/src/app_tropicalweildivisor.cpp:52:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(filename);
data/gfan-0.6.2/src/app_tropicalweildivisor.cpp:61:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(filename);
data/gfan-0.6.2/src/application.cpp:559:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[1024];
data/gfan-0.6.2/src/bsptree.cpp:84:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[16];
data/gfan-0.6.2/src/enumeration.cpp:21:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void EnumerationFilePrinter::open(string filename)
data/gfan-0.6.2/src/enumeration.cpp:25:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
initialisedFile=fopen(name.c_str(),"w");
data/gfan-0.6.2/src/enumeration.cpp:36:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void EnumerationFilePrinter::open(FILE *file)
data/gfan-0.6.2/src/enumeration.h:41:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(std::string filename);
data/gfan-0.6.2/src/enumeration.h:42:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(FILE *file);
data/gfan-0.6.2/src/field_rationals.cpp:302:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[1290*1000];
data/gfan-0.6.2/src/field_rationals.cpp:420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/gfan-0.6.2/src/field_rationals.cpp:421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[1000];
data/gfan-0.6.2/src/field_zmodpz.cpp:58:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[20];
data/gfan-0.6.2/src/field_zmodpz.cpp:59:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"Zmod%iZ",p);
data/gfan-0.6.2/src/field_zmodpz.cpp:116:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[20];
data/gfan-0.6.2/src/field_zmodpz.cpp:117:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"Z/%iZ",p);
data/gfan-0.6.2/src/field_zmodpz.cpp:236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20];
data/gfan-0.6.2/src/field_zmodpz.cpp:237:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%i",v);
data/gfan-0.6.2/src/gfanlib_polyhedralfan.cpp:671:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(filename.c_str());
data/gfan-0.6.2/src/gfanlib_polymakefile.cpp:74:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void PolymakeFile::open(std::istream &f)
data/gfan-0.6.2/src/gfanlib_polymakefile.cpp:156:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fileName.c_str(),"w");
data/gfan-0.6.2/src/gfanlib_polymakefile.h:39:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(std::istream &f);
data/gfan-0.6.2/src/gfanlib_z.h:239:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((LimbWord*)temp,limbs(),n2*limbSizeInBytes);
data/gfan-0.6.2/src/gfanlib_zcone.cpp:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[dd_linelenmax], comsave[dd_linelenmax];
data/gfan-0.6.2/src/gfanlib_zfan.cpp:84:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(f);
data/gfan-0.6.2/src/gmpallocator.cpp:113:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret,ptr,min);
data/gfan-0.6.2/src/gmpallocator.cpp:120:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret,ptr,min);
data/gfan-0.6.2/src/gmpallocator.cpp:129:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret,ptr,min);
data/gfan-0.6.2/src/halfopencone.cpp:20:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(name,"w");
data/gfan-0.6.2/src/lp_cdd.cpp:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[ddf_linelenmax], comsave[ddf_linelenmax];
data/gfan-0.6.2/src/lp_cdd.cpp:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[dd_linelenmax], comsave[dd_linelenmax];
data/gfan-0.6.2/src/macaulay2.cpp:32:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char M2Name[1024];
data/gfan-0.6.2/src/macaulay2.cpp:34:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/gfan-0.6.2/src/macaulay2.cpp:101:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[2048];
data/gfan-0.6.2/src/minkowskisum.cpp:26:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(MINKOWSKIFILEINPUT,"w");
data/gfan-0.6.2/src/minkowskisum.cpp:43:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(MINKOWSKIFILEOUTPUT,"r");
data/gfan-0.6.2/src/parser.cpp:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[4];
data/gfan-0.6.2/src/parser.cpp:18:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(i>=0 && i<26)sprintf(s,"%c",i+'a');
data/gfan-0.6.2/src/parser.cpp:19:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if(i>=26 && i<52)sprintf(s,"%c",i+'A'-26);
data/gfan-0.6.2/src/parser.cpp:148:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[64];
data/gfan-0.6.2/src/polyhedralfan.cpp:1530:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(filename.c_str());
data/gfan-0.6.2/src/polymakefile.cpp:60:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void PolymakeFile::open(const char *fileName_)
data/gfan-0.6.2/src/polymakefile.cpp:65:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fileName.c_str(),"r");
data/gfan-0.6.2/src/polymakefile.cpp:109:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(fileName.c_str(),"w");
data/gfan-0.6.2/src/polymakefile.h:44:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *fileName_);
data/gfan-0.6.2/src/printer.cpp:488:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[16];
data/gfan-0.6.2/src/printer.cpp:489:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%%%ii",minimalFieldWidth);
data/gfan-0.6.2/src/printer.cpp:497:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[32];
data/gfan-0.6.2/src/printer.cpp:498:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%%%if",minimalFieldWidth);
data/gfan-0.6.2/src/printer.h:46:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
virtual void printChar(int c){char s[2];s[0]=c;s[1]=0;printString(s);}
data/gfan-0.6.2/src/app_test.cpp:432:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(A)!=fgetc(B))return false;
data/gfan-0.6.2/src/app_test.cpp:432:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(A)!=fgetc(B))return false;
data/gfan-0.6.2/src/app_test.cpp:450:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(dest,exe);dest+=strlen(exe);
data/gfan-0.6.2/src/app_test.cpp:454:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(dest,examplePath);dest+=strlen(examplePath);
data/gfan-0.6.2/src/application.cpp:23:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l=strlen(p);
data/gfan-0.6.2/src/application.cpp:557:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(p->name())>0)
data/gfan-0.6.2/src/gfanapplication.cpp:54:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(getValue())>0)
data/gfan-0.6.2/src/gfanapplication.cpp:69:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(getValue())>0)
data/gfan-0.6.2/src/gfanlib_q.h:82:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freefunc(str,strlen(str)+1);
data/gfan-0.6.2/src/gfanlib_z.h:68:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freefunc(str,strlen(str)+1);
data/gfan-0.6.2/src/integer.h:132:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freefunc(str,strlen(str)+1);
data/gfan-0.6.2/src/integer.h:429:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
freefunc(str,strlen(str)+1);
data/gfan-0.6.2/src/macaulay2.cpp:88:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=fgetc(pipeOutput);
data/gfan-0.6.2/src/macaulay2.cpp:103:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(line[strlen(line)-1]=='\n');
data/gfan-0.6.2/src/parser.cpp:702:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c=getc(f);
data/gfan-0.6.2/src/polymakefile.cpp:40:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c2=fgetc(f);
data/gfan-0.6.2/src/polymakefile.cpp:44:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c2=fgetc(f);
data/gfan-0.6.2/src/polymakefile.cpp:69:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c=fgetc(f);
data/gfan-0.6.2/src/polymakefile.cpp:91:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=fgetc(f);
ANALYSIS SUMMARY:
Hits = 132
Lines analyzed = 79023 in approximately 1.92 seconds (41188 lines/second)
Physical Source Lines of Code (SLOC) = 55577
Hits@level = [0] 606 [1] 19 [2] 79 [3] 10 [4] 24 [5] 0
Hits@level+ = [0+] 738 [1+] 132 [2+] 113 [3+] 34 [4+] 24 [5+] 0
Hits/KSLOC@level+ = [0+] 13.2789 [1+] 2.37508 [2+] 2.03322 [3+] 0.611764 [4+] 0.431833 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.