Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gfan-0.6.2/src/traverser_resultantfan.h Examining data/gfan-0.6.2/src/bergmanBackup.cpp Examining data/gfan-0.6.2/src/singular.cpp Examining data/gfan-0.6.2/src/nbody.h Examining data/gfan-0.6.2/src/traverser_resultantfan.cpp Examining data/gfan-0.6.2/src/traverser_sphere.h Examining data/gfan-0.6.2/src/app_lpsolve.cpp Examining data/gfan-0.6.2/src/tropicaltraverse.h Examining data/gfan-0.6.2/src/app_genericlinearchange.cpp Examining data/gfan-0.6.2/src/field.h Examining data/gfan-0.6.2/src/vektor.h Examining data/gfan-0.6.2/src/regularsubdivision.cpp Examining data/gfan-0.6.2/src/app_homogeneityspace.cpp Examining data/gfan-0.6.2/src/padic.cpp Examining data/gfan-0.6.2/src/parser.h Examining data/gfan-0.6.2/src/latticeideal.cpp Examining data/gfan-0.6.2/src/gfanlib_symmetriccomplex.cpp Examining data/gfan-0.6.2/src/sage.cpp Examining data/gfan-0.6.2/src/app_main.cpp Examining data/gfan-0.6.2/src/polynomialgcd.cpp Examining data/gfan-0.6.2/src/continuedfractions.h Examining data/gfan-0.6.2/src/printer.h Examining data/gfan-0.6.2/src/tropicalcurve.cpp Examining data/gfan-0.6.2/src/app_minimalassociatedprimes.cpp Examining data/gfan-0.6.2/src/app_tropicallifting.cpp Examining data/gfan-0.6.2/src/gfanlib_field.cpp Examining data/gfan-0.6.2/src/gfanlib_circuittableint.cpp Examining data/gfan-0.6.2/src/app_tropicalhypersurface.cpp Examining data/gfan-0.6.2/src/polyhedral.h Examining data/gfan-0.6.2/src/app_tropicalcurve.cpp Examining data/gfan-0.6.2/src/app_tropicalfunction.cpp Examining data/gfan-0.6.2/src/polynomialring.h Examining data/gfan-0.6.2/src/saturation.cpp Examining data/gfan-0.6.2/src/app_tolatex.cpp Examining data/gfan-0.6.2/src/polynomial.h Examining data/gfan-0.6.2/src/integergb.cpp Examining data/gfan-0.6.2/src/ep_xfig.h Examining data/gfan-0.6.2/src/polymakefile.h Examining data/gfan-0.6.2/src/app_traversetropicalintersection.cpp Examining data/gfan-0.6.2/src/matrix.h Examining data/gfan-0.6.2/src/linalgfloat.h Examining data/gfan-0.6.2/src/macaulay2.cpp Examining data/gfan-0.6.2/src/scarf.h Examining data/gfan-0.6.2/src/gfanlib_symmetry.h Examining data/gfan-0.6.2/src/app_render.cpp Examining data/gfan-0.6.2/src/app_polytopealgebra.cpp Examining data/gfan-0.6.2/src/tropicalbasis.cpp Examining data/gfan-0.6.2/src/halfopencone.backup.cpp Examining data/gfan-0.6.2/src/application.cpp Examining data/gfan-0.6.2/src/traverser_secondaryfan.h Examining data/gfan-0.6.2/src/subspace.cpp Examining data/gfan-0.6.2/src/restrictedgfan.cpp Examining data/gfan-0.6.2/src/lattice.cpp Examining data/gfan-0.6.2/src/gfanlib_field.h Examining data/gfan-0.6.2/src/termorder.cpp Examining data/gfan-0.6.2/src/app_padic.cpp Examining data/gfan-0.6.2/src/tropical_weildivisor.cpp Examining data/gfan-0.6.2/src/traverser_resultantfanspecialization.h Examining data/gfan-0.6.2/src/tropicaltraverse.cpp Examining data/gfan-0.6.2/src/app_minors.cpp Examining data/gfan-0.6.2/src/field_rationalfunctions2.cpp Examining data/gfan-0.6.2/src/packedmonomial.h Examining data/gfan-0.6.2/src/lp_soplexcdd.cpp Examining data/gfan-0.6.2/src/polyhedralfan.h Examining data/gfan-0.6.2/src/app_tropicalbruteforce.cpp Examining data/gfan-0.6.2/src/app_groebnerfan.cpp Examining data/gfan-0.6.2/src/app_initialdeterminant.cpp Examining data/gfan-0.6.2/src/division.h Examining data/gfan-0.6.2/src/traverser_stableintersection.h Examining data/gfan-0.6.2/src/halfopencone.cpp Examining data/gfan-0.6.2/src/app_spolynomial.cpp Examining data/gfan-0.6.2/src/gfanlib_ordering.h Examining data/gfan-0.6.2/src/tropicalbasis.h Examining data/gfan-0.6.2/src/continuedfractions.cpp Examining data/gfan-0.6.2/src/gfanlib_zfan.h Examining data/gfan-0.6.2/src/app_tropicalvarietyspan.cpp Examining data/gfan-0.6.2/src/linalgfloat.cpp Examining data/gfan-0.6.2/src/gfanlib_tropicalhomotopy.h Examining data/gfan-0.6.2/src/renderer.cpp Examining data/gfan-0.6.2/src/enumeration.h Examining data/gfan-0.6.2/src/monomial.h Examining data/gfan-0.6.2/src/traverser_sphere.cpp Examining data/gfan-0.6.2/src/gfanlib_q.h Examining data/gfan-0.6.2/src/app_matrixproduct.cpp Examining data/gfan-0.6.2/src/app_resultantfan.cpp Examining data/gfan-0.6.2/src/traverser_tropical.cpp Examining data/gfan-0.6.2/src/polynomialgcd.h Examining data/gfan-0.6.2/src/fieldlp.cpp Examining data/gfan-0.6.2/src/application.h Examining data/gfan-0.6.2/src/gfanlib_paralleltraverser.h Examining data/gfan-0.6.2/src/app_substitute.cpp Examining data/gfan-0.6.2/src/app_tropicalbasis.cpp Examining data/gfan-0.6.2/src/app_evaluate.cpp Examining data/gfan-0.6.2/src/subspace.h Examining data/gfan-0.6.2/src/gfanlib_tropicalintersection.h Examining data/gfan-0.6.2/src/field_rationals.h Examining data/gfan-0.6.2/src/app_idealproduct.cpp Examining data/gfan-0.6.2/src/integer.h Examining data/gfan-0.6.2/src/gfanlib_mixedvolume.h Examining data/gfan-0.6.2/src/gfanlib_polymakefile.cpp Examining data/gfan-0.6.2/src/substitute.h Examining data/gfan-0.6.2/src/polynomial.cpp Examining data/gfan-0.6.2/src/app_exponentlattice.cpp Examining data/gfan-0.6.2/src/app_isgroebnerbasis.cpp Examining data/gfan-0.6.2/src/app_saturation.cpp Examining data/gfan-0.6.2/src/gfanlib_z.h Examining data/gfan-0.6.2/src/singular.h Examining data/gfan-0.6.2/src/gfanlib_matrix.h Examining data/gfan-0.6.2/src/app_buchberger.cpp Examining data/gfan-0.6.2/src/log.cpp Examining data/gfan-0.6.2/src/app_smalessixth.cpp Examining data/gfan-0.6.2/src/determinant.h Examining data/gfan-0.6.2/src/app_renderstaircase.cpp Examining data/gfan-0.6.2/src/restrictedautoreduction.cpp Examining data/gfan-0.6.2/src/tropicaldeterminant.h Examining data/gfan-0.6.2/src/traverser_stableintersection.cpp Examining data/gfan-0.6.2/src/app_latticeideal.cpp Examining data/gfan-0.6.2/src/bergman.cpp Examining data/gfan-0.6.2/src/log.h Examining data/gfan-0.6.2/src/app_smalessixth2.cpp Examining data/gfan-0.6.2/src/app_polynomialsetunion.cpp Examining data/gfan-0.6.2/src/app_supportindices.cpp Examining data/gfan-0.6.2/src/gfanlib_mixedvolume.cpp Examining data/gfan-0.6.2/src/restrictedautoreduction.h Examining data/gfan-0.6.2/src/xfig.cpp Examining data/gfan-0.6.2/src/determinantpoly.cpp Examining data/gfan-0.6.2/src/app_isconnected.cpp Examining data/gfan-0.6.2/src/graph.h Examining data/gfan-0.6.2/src/app_volume.cpp Examining data/gfan-0.6.2/src/term.h Examining data/gfan-0.6.2/src/tropicalmap.cpp Examining data/gfan-0.6.2/src/triangulation.h Examining data/gfan-0.6.2/src/traverser_bsptree.cpp Examining data/gfan-0.6.2/src/app_tropicalrank.cpp Examining data/gfan-0.6.2/src/graph.cpp Examining data/gfan-0.6.2/src/codimoneconnectedness.h Examining data/gfan-0.6.2/src/polyhedralcone.cpp Examining data/gfan-0.6.2/src/myassert.h Examining data/gfan-0.6.2/src/app_scarfcomplex.cpp Examining data/gfan-0.6.2/src/gfanapplication.cpp Examining data/gfan-0.6.2/src/saturation.h Examining data/gfan-0.6.2/src/term.cpp Examining data/gfan-0.6.2/src/gfanlib_traversal.h Examining data/gfan-0.6.2/src/tropicalmap.h Examining data/gfan-0.6.2/src/app_interactive.cpp Examining data/gfan-0.6.2/src/symmetriccomplex.h Examining data/gfan-0.6.2/src/app_commonrefinement.cpp Examining data/gfan-0.6.2/src/enumeration.cpp Examining data/gfan-0.6.2/src/app_tropicallinearspace.cpp Examining data/gfan-0.6.2/src/app_debug.cpp Examining data/gfan-0.6.2/src/gfanlib_zcone.h Examining data/gfan-0.6.2/src/app_unfold.cpp Examining data/gfan-0.6.2/src/lll.h Examining data/gfan-0.6.2/src/app_normalfancleanup.cpp Examining data/gfan-0.6.2/src/app_walk.cpp Examining data/gfan-0.6.2/src/lp.h Examining data/gfan-0.6.2/src/app_randompolynomials.cpp Examining data/gfan-0.6.2/src/buchberger.cpp Examining data/gfan-0.6.2/src/symmetriccomplex.cpp Examining data/gfan-0.6.2/src/ep_standard.cpp Examining data/gfan-0.6.2/src/minors.cpp Examining data/gfan-0.6.2/src/lp.cpp Examining data/gfan-0.6.2/src/symmetry.cpp Examining data/gfan-0.6.2/src/nbody.cpp Examining data/gfan-0.6.2/src/app_composepermutations.cpp Examining data/gfan-0.6.2/src/ge_gfan.cpp Examining data/gfan-0.6.2/src/field_rationalfunctions.h Examining data/gfan-0.6.2/src/breadthfirstsearch.h Examining data/gfan-0.6.2/src/app_scarfvisualize.cpp Examining data/gfan-0.6.2/src/wallideal.cpp Examining data/gfan-0.6.2/src/binomial.h Examining data/gfan-0.6.2/src/field_zmodpz.h Examining data/gfan-0.6.2/src/primarydecomposition.cpp Examining data/gfan-0.6.2/src/termorder.h Examining data/gfan-0.6.2/src/lp_soplexcdd.h Examining data/gfan-0.6.2/src/traverser_groebnerfan.cpp Examining data/gfan-0.6.2/src/app_tropicalstartingcone.cpp Examining data/gfan-0.6.2/src/app_tropicaltraverse.cpp Examining data/gfan-0.6.2/src/lll.cpp Examining data/gfan-0.6.2/src/renderer.h Examining data/gfan-0.6.2/src/field_zmodpz.cpp Examining data/gfan-0.6.2/src/gfanlib_vector.h Examining data/gfan-0.6.2/src/gfanlib_polyhedralfan.h Examining data/gfan-0.6.2/src/app_fancoarsening.cpp Examining data/gfan-0.6.2/src/gfanlib_traversal.cpp Examining data/gfan-0.6.2/src/app_pointconfiguration.cpp Examining data/gfan-0.6.2/src/lattice.h Examining data/gfan-0.6.2/src/app_fancones.cpp Examining data/gfan-0.6.2/src/wallideal.h Examining data/gfan-0.6.2/src/traverser_tropical.h Examining data/gfan-0.6.2/src/timer.h Examining data/gfan-0.6.2/src/app_librarytest.cpp Examining data/gfan-0.6.2/src/multiplicity.cpp Examining data/gfan-0.6.2/src/tropical.cpp Examining data/gfan-0.6.2/src/app_fiberpolytope.cpp Examining data/gfan-0.6.2/src/app_stats.cpp Examining data/gfan-0.6.2/src/gfanlib_polymakefile.h Examining data/gfan-0.6.2/src/dimension.h Examining data/gfan-0.6.2/src/symmetrictraversal.cpp Examining data/gfan-0.6.2/src/breadthfirstsearch.cpp Examining data/gfan-0.6.2/src/printer.cpp Examining data/gfan-0.6.2/src/singularconversion.cpp Examining data/gfan-0.6.2/src/bsptree.h Examining data/gfan-0.6.2/src/app_lattice.cpp Examining data/gfan-0.6.2/src/gfanlib_polyhedralfan.cpp Examining data/gfan-0.6.2/src/tropicalcurve.h Examining data/gfan-0.6.2/src/gfanlib_paralleltraverser.cpp Examining data/gfan-0.6.2/src/app_tropicalhypersurfacereconstruction.cpp Examining data/gfan-0.6.2/src/traverser_secondaryfan.cpp Examining data/gfan-0.6.2/src/dimension.cpp Examining data/gfan-0.6.2/src/regularsubdivision.h Examining data/gfan-0.6.2/src/app_tropicalevaluation.cpp Examining data/gfan-0.6.2/src/gfanlib_ordering.cpp Examining data/gfan-0.6.2/src/determinant.cpp Examining data/gfan-0.6.2/src/gfanlib_symmetry.cpp Examining data/gfan-0.6.2/src/app_tropicalhomotopyFAILS.cpp Examining data/gfan-0.6.2/src/field.cpp Examining data/gfan-0.6.2/src/linalg.h Examining data/gfan-0.6.2/src/gmpallocator.cpp Examining data/gfan-0.6.2/src/matrix.cpp Examining data/gfan-0.6.2/src/fieldlp.h Examining data/gfan-0.6.2/src/bergman.h Examining data/gfan-0.6.2/src/binomial.cpp Examining data/gfan-0.6.2/src/integergb.h Examining data/gfan-0.6.2/src/tropical.h Examining data/gfan-0.6.2/src/buchberger.h Examining data/gfan-0.6.2/src/app_integerfactorization.cpp Examining data/gfan-0.6.2/src/app_initialforms.cpp Examining data/gfan-0.6.2/src/minors.h Examining data/gfan-0.6.2/src/tropical2.h Examining data/gfan-0.6.2/src/singularconversion.h Examining data/gfan-0.6.2/src/bsptree.cpp Examining data/gfan-0.6.2/src/polynomialring.cpp Examining data/gfan-0.6.2/src/padic.h Examining data/gfan-0.6.2/src/intsinpolytope.h Examining data/gfan-0.6.2/src/ep_standard.h Examining data/gfan-0.6.2/src/symmetrictraversal.h Examining data/gfan-0.6.2/src/macaulay2.h Examining data/gfan-0.6.2/src/genericwalk.h Examining data/gfan-0.6.2/src/app_groebnercone.cpp Examining data/gfan-0.6.2/src/app_regularsubdivision.cpp Examining data/gfan-0.6.2/src/parser.cpp Examining data/gfan-0.6.2/src/traverser_groebnerfan.h Examining data/gfan-0.6.2/src/rational.h Examining data/gfan-0.6.2/src/polymakefile.cpp Examining data/gfan-0.6.2/src/determinantpoly.h Examining data/gfan-0.6.2/src/groebnerengine.h Examining data/gfan-0.6.2/src/lp_cdd.h Examining data/gfan-0.6.2/src/app_markpolynomialset.cpp Examining data/gfan-0.6.2/src/substitute.cpp Examining data/gfan-0.6.2/src/newtonpolytope.cpp Examining data/gfan-0.6.2/src/app_transposematrix.cpp Examining data/gfan-0.6.2/src/app_lll.cpp Examining data/gfan-0.6.2/src/app_tropicalweildivisor.cpp Examining data/gfan-0.6.2/src/gfanlib.h Examining data/gfan-0.6.2/src/newtonpolytope.h Examining data/gfan-0.6.2/src/app_idealintersection.cpp Examining data/gfan-0.6.2/src/versioninfo.h Examining data/gfan-0.6.2/src/timer.cpp Examining data/gfan-0.6.2/src/app_multiplymatrix.cpp Examining data/gfan-0.6.2/src/reversesearch.h Examining data/gfan-0.6.2/src/gfanlib_symmetriccomplex.h Examining data/gfan-0.6.2/src/app_weightvector.cpp Examining data/gfan-0.6.2/src/tropical_weildivisor.h Examining data/gfan-0.6.2/src/field_rationalfunctions2.h Examining data/gfan-0.6.2/src/app_sturmsequence.cpp Examining data/gfan-0.6.2/src/symmetry.h Examining data/gfan-0.6.2/src/app_fanhomology.cpp Examining data/gfan-0.6.2/src/tropicaldeterminant.cpp Examining data/gfan-0.6.2/src/primarydecomposition.h Examining data/gfan-0.6.2/src/app_ismarkedgroebnerbasis.cpp Examining data/gfan-0.6.2/src/halfopencone.h Examining data/gfan-0.6.2/src/minkowskidual.cpp Examining data/gfan-0.6.2/src/traverser_bsptree.h Examining data/gfan-0.6.2/src/app_tropicalhomotopy.cpp Examining data/gfan-0.6.2/src/genericwalk.cpp Examining data/gfan-0.6.2/src/app_combinerays.cpp Examining data/gfan-0.6.2/src/triangulation.cpp Examining data/gfan-0.6.2/src/gfanlib_zcone.cpp Examining data/gfan-0.6.2/src/intsinpolytope.cpp Examining data/gfan-0.6.2/src/mixedvolume.h Examining data/gfan-0.6.2/src/xfig.h Examining data/gfan-0.6.2/src/app_tropicalintersection.cpp Examining data/gfan-0.6.2/src/linalg.cpp Examining data/gfan-0.6.2/src/latticeideal.h Examining data/gfan-0.6.2/src/scarf.cpp Examining data/gfan-0.6.2/src/packedmonomial.cpp Examining data/gfan-0.6.2/src/triangulation2.h Examining data/gfan-0.6.2/src/app_doesidealcontain.cpp Examining data/gfan-0.6.2/src/app_nbody.cpp Examining data/gfan-0.6.2/src/halfopencone.almostworks.cpp Examining data/gfan-0.6.2/src/app_homogenize.cpp Examining data/gfan-0.6.2/src/app_product.cpp Examining data/gfan-0.6.2/src/minkowskisum.h Examining data/gfan-0.6.2/src/app_topolyhedralfan.cpp Examining data/gfan-0.6.2/src/gfanapplication.h Examining data/gfan-0.6.2/src/field_rationals.cpp Examining data/gfan-0.6.2/src/gfanlib_zfan.cpp Examining data/gfan-0.6.2/src/app_secondaryfan.cpp Examining data/gfan-0.6.2/src/app_leadingterms.cpp Examining data/gfan-0.6.2/src/app_tropicalmultiplicity.cpp Examining data/gfan-0.6.2/src/division.cpp Examining data/gfan-0.6.2/src/polyhedralfan.cpp Examining data/gfan-0.6.2/src/gfanlib_tableau.h Examining data/gfan-0.6.2/src/mixedvolume.cpp Examining data/gfan-0.6.2/src/app_realroots.cpp Examining data/gfan-0.6.2/src/polyhedralcone.h Examining data/gfan-0.6.2/src/app_mixedvolume.cpp Examining data/gfan-0.6.2/src/minkowskidual.h Examining data/gfan-0.6.2/src/app_isbalanced.cpp Examining data/gfan-0.6.2/src/multiplicity.h Examining data/gfan-0.6.2/src/sage_link.cpp Examining data/gfan-0.6.2/src/app_chowbetti.cpp Examining data/gfan-0.6.2/src/app_issmooth.cpp Examining data/gfan-0.6.2/src/app_fansubfan.cpp Examining data/gfan-0.6.2/src/monomial.cpp Examining data/gfan-0.6.2/src/app_triangulate.cpp Examining data/gfan-0.6.2/src/app_integergb.cpp Examining data/gfan-0.6.2/src/groebnerengine.cpp Examining data/gfan-0.6.2/src/field_rationalfunctions.cpp Examining data/gfan-0.6.2/src/app_krulldimension.cpp Examining data/gfan-0.6.2/src/lp_cdd.cpp Examining data/gfan-0.6.2/src/codimoneconnectedness.cpp Examining data/gfan-0.6.2/src/gebauermoeller.h Examining data/gfan-0.6.2/src/breadthfirstsearch2.cpp Examining data/gfan-0.6.2/src/app_facets.cpp Examining data/gfan-0.6.2/src/app_tropicalimage.cpp Examining data/gfan-0.6.2/src/traverser_resultantfanspecialization.cpp Examining data/gfan-0.6.2/src/app_minkowski.cpp Examining data/gfan-0.6.2/src/reversesearch.cpp Examining data/gfan-0.6.2/src/minkowskisum.cpp Examining data/gfan-0.6.2/src/app_intsinpolytope.cpp Examining data/gfan-0.6.2/src/app_link.cpp Examining data/gfan-0.6.2/src/gfanlib_circuittableint.h Examining data/gfan-0.6.2/src/ep_xfig.cpp Examining data/gfan-0.6.2/src/myassert.cpp Examining data/gfan-0.6.2/src/app_scarfisgeneric.cpp Examining data/gfan-0.6.2/src/app_symmetries.cpp Examining data/gfan-0.6.2/src/app_representatives.cpp Examining data/gfan-0.6.2/src/tropical2.cpp Examining data/gfan-0.6.2/src/vektor.cpp Examining data/gfan-0.6.2/src/app_test.cpp FINAL RESULTS: data/gfan-0.6.2/src/app_interactive.cpp:110:25: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(outputLatex)err|=system("xdvi " FILENAME ".dvi&"); data/gfan-0.6.2/src/app_interactive.cpp:251:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err|=system("latex " FILENAME ".tex >/dev/null"); data/gfan-0.6.2/src/app_isgroebnerbasis.cpp:87:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(Stdout,isGroebnerBasis?"true\n":"false\n"); data/gfan-0.6.2/src/app_ismarkedgroebnerbasis.cpp:36:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(Stdout,isGroebnerBasis?"true\n":"false\n"); data/gfan-0.6.2/src/app_lpsolve.cpp:52:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(Stderr,status?"LP is unbounded.\n":"Optimal solution found.\n"); data/gfan-0.6.2/src/app_scarfvisualize.cpp:171:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s,"%s,%s",(A1)?"A1":"a1",(A2)?"A2":"a2"); data/gfan-0.6.2/src/app_test.cpp:450:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest,exe);dest+=strlen(exe); data/gfan-0.6.2/src/app_test.cpp:454:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest,examplePath);dest+=strlen(examplePath); data/gfan-0.6.2/src/app_test.cpp:496:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. /*err|=*/system(t.c_str()); data/gfan-0.6.2/src/app_test.cpp:500:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err|=system(command3.c_str()); data/gfan-0.6.2/src/app_test.cpp:513:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int err=system("rm " tempName); data/gfan-0.6.2/src/app_test.cpp:515:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(command,"ls %s>" tempName ,testSuiteFolderOption.getValue()); data/gfan-0.6.2/src/app_test.cpp:516:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err|=system(command); data/gfan-0.6.2/src/app_tropicalhomotopy.cpp:57:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int err=system(s.c_str()); data/gfan-0.6.2/src/app_tropicalhomotopyFAILS.cpp:1438:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(s.c_str()); data/gfan-0.6.2/src/application.cpp:560:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(c,"ln -s %s%s %s%s%s\n",path,name,path,name,p->name()); data/gfan-0.6.2/src/application.cpp:562:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int err=system(c); data/gfan-0.6.2/src/fieldlp.cpp:256:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(Stderr,status?"LP is unbounded.\n":"Optimal solution found.\n"); data/gfan-0.6.2/src/macaulay2.cpp:33:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(M2Name,"%s",programNameM2);//"M2"; data/gfan-0.6.2/src/macaulay2.cpp:37:7: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(argv[0], argv); data/gfan-0.6.2/src/macaulay2.cpp:168:39: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. for(int i=0;i<numberOfVariables;i++)fprintf(pipeInput,(i==0)? "%c":",%c",i+'a'); data/gfan-0.6.2/src/minkowskisum.cpp:39:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int err=system(MINKOWSKIPROGRAM" -v <" MINKOWSKIFILEINPUT " >" MINKOWSKIFILEOUTPUT); data/gfan-0.6.2/src/printer.cpp:490:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(f,s,i); data/gfan-0.6.2/src/printer.cpp:499:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(f,s,i); data/gfan-0.6.2/src/app_randompolynomials.cpp:51:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/gfan-0.6.2/src/field.cpp:311:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. FieldElement Field::random()const data/gfan-0.6.2/src/field.cpp:313:30: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return implementingObject->random(); data/gfan-0.6.2/src/field.h:124:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. FieldElement random()const; data/gfan-0.6.2/src/field.h:266:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. virtual FieldElement random() data/gfan-0.6.2/src/field_zmodpz.cpp:290:41: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. FieldElement FieldZModPZImplementation::random() data/gfan-0.6.2/src/field_zmodpz.h:10:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. FieldElement random(); data/gfan-0.6.2/src/polynomialgcd.cpp:388:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. FieldElement c=r.getField().random(); data/gfan-0.6.2/src/polynomialgcd.cpp:445:35: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. FieldElement c2=r.getField().random(); data/gfan-0.6.2/src/polynomialgcd.cpp:584:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. FieldElement v=r2.getField().random(); data/gfan-0.6.2/src/app_combinerays.cpp:48:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile.open(inputOption.getValue()); data/gfan-0.6.2/src/app_interactive.cpp:118:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). latexFile=fopen(FILENAME ".tex","w"); data/gfan-0.6.2/src/app_librarytest.cpp:175:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open("fanfile"); data/gfan-0.6.2/src/app_main.cpp:180:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ep->open(Stdout); data/gfan-0.6.2/src/app_main.cpp:191:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ep->open(Stdout); data/gfan-0.6.2/src/app_main.cpp:200:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ep->open(Stdout); data/gfan-0.6.2/src/app_normalfancleanup.cpp:71:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen("iteraTIon","w"); data/gfan-0.6.2/src/app_normalfancleanup.cpp:83:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen("parTialOutPUt","w"); data/gfan-0.6.2/src/app_normalfancleanup.cpp:119:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen("iteraTIon","w"); data/gfan-0.6.2/src/app_render.cpp:50:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ep.open(Stdout); data/gfan-0.6.2/src/app_scarfvisualize.cpp:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[50]; data/gfan-0.6.2/src/app_scarfvisualize.cpp:84:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%i %i %i",v[0],v[1],v[2]); data/gfan-0.6.2/src/app_scarfvisualize.cpp:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[50]; data/gfan-0.6.2/src/app_scarfvisualize.cpp:91:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%i %i",v[0],v[1]); data/gfan-0.6.2/src/app_scarfvisualize.cpp:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[100]; data/gfan-0.6.2/src/app_smalessixth.cpp:297:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile.open(inputOption.getValue()); data/gfan-0.6.2/src/app_smalessixth2.cpp:252:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile.open(inputOption.getValue()); data/gfan-0.6.2/src/app_test.cpp:214:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen("gcdexamples","r"); data/gfan-0.6.2/src/app_test.cpp:426:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *A=fopen(a.c_str(),"r"); data/gfan-0.6.2/src/app_test.cpp:427:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *B=fopen(b.c_str(),"r"); data/gfan-0.6.2/src/app_test.cpp:439:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen(name.c_str(),"r"); data/gfan-0.6.2/src/app_test.cpp:472:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen(fileName.c_str(),"r"); data/gfan-0.6.2/src/app_test.cpp:478:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[4096]; data/gfan-0.6.2/src/app_test.cpp:483:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command2[4096]; data/gfan-0.6.2/src/app_test.cpp:512:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[256]; data/gfan-0.6.2/src/app_test.cpp:520:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen(tempName,"r"); data/gfan-0.6.2/src/app_test.cpp:522:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/gfan-0.6.2/src/app_triangulate.cpp:65:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile.open(inputOption.getValue()); data/gfan-0.6.2/src/app_tropicalweildivisor.cpp:43:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile.open(filename); data/gfan-0.6.2/src/app_tropicalweildivisor.cpp:52:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile.open(filename); data/gfan-0.6.2/src/app_tropicalweildivisor.cpp:61:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile.open(filename); data/gfan-0.6.2/src/application.cpp:559:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[1024]; data/gfan-0.6.2/src/bsptree.cpp:84:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[16]; data/gfan-0.6.2/src/enumeration.cpp:21:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void EnumerationFilePrinter::open(string filename) data/gfan-0.6.2/src/enumeration.cpp:25:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). initialisedFile=fopen(name.c_str(),"w"); data/gfan-0.6.2/src/enumeration.cpp:36:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void EnumerationFilePrinter::open(FILE *file) data/gfan-0.6.2/src/enumeration.h:41:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(std::string filename); data/gfan-0.6.2/src/enumeration.h:42:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(FILE *file); data/gfan-0.6.2/src/field_rationals.cpp:302:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[1290*1000]; data/gfan-0.6.2/src/field_rationals.cpp:420:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1000]; data/gfan-0.6.2/src/field_rationals.cpp:421:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[1000]; data/gfan-0.6.2/src/field_zmodpz.cpp:58:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[20]; data/gfan-0.6.2/src/field_zmodpz.cpp:59:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"Zmod%iZ",p); data/gfan-0.6.2/src/field_zmodpz.cpp:116:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[20]; data/gfan-0.6.2/src/field_zmodpz.cpp:117:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"Z/%iZ",p); data/gfan-0.6.2/src/field_zmodpz.cpp:236:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[20]; data/gfan-0.6.2/src/field_zmodpz.cpp:237:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%i",v); data/gfan-0.6.2/src/gfanlib_polyhedralfan.cpp:671:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile.open(filename.c_str()); data/gfan-0.6.2/src/gfanlib_polymakefile.cpp:74:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void PolymakeFile::open(std::istream &f) data/gfan-0.6.2/src/gfanlib_polymakefile.cpp:156:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen(fileName.c_str(),"w"); data/gfan-0.6.2/src/gfanlib_polymakefile.h:39:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(std::istream &f); data/gfan-0.6.2/src/gfanlib_z.h:239:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((LimbWord*)temp,limbs(),n2*limbSizeInBytes); data/gfan-0.6.2/src/gfanlib_zcone.cpp:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[dd_linelenmax], comsave[dd_linelenmax]; data/gfan-0.6.2/src/gfanlib_zfan.cpp:84:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile.open(f); data/gfan-0.6.2/src/gmpallocator.cpp:113:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret,ptr,min); data/gfan-0.6.2/src/gmpallocator.cpp:120:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret,ptr,min); data/gfan-0.6.2/src/gmpallocator.cpp:129:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret,ptr,min); data/gfan-0.6.2/src/halfopencone.cpp:20:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen(name,"w"); data/gfan-0.6.2/src/lp_cdd.cpp:28:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[ddf_linelenmax], comsave[ddf_linelenmax]; data/gfan-0.6.2/src/lp_cdd.cpp:147:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[dd_linelenmax], comsave[dd_linelenmax]; data/gfan-0.6.2/src/macaulay2.cpp:32:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char M2Name[1024]; data/gfan-0.6.2/src/macaulay2.cpp:34:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[2]; data/gfan-0.6.2/src/macaulay2.cpp:101:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[2048]; data/gfan-0.6.2/src/minkowskisum.cpp:26:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen(MINKOWSKIFILEINPUT,"w"); data/gfan-0.6.2/src/minkowskisum.cpp:43:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen(MINKOWSKIFILEOUTPUT,"r"); data/gfan-0.6.2/src/parser.cpp:17:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[4]; data/gfan-0.6.2/src/parser.cpp:18:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(i>=0 && i<26)sprintf(s,"%c",i+'a'); data/gfan-0.6.2/src/parser.cpp:19:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if(i>=26 && i<52)sprintf(s,"%c",i+'A'-26); data/gfan-0.6.2/src/parser.cpp:148:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[64]; data/gfan-0.6.2/src/polyhedralfan.cpp:1530:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile.open(filename.c_str()); data/gfan-0.6.2/src/polymakefile.cpp:60:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void PolymakeFile::open(const char *fileName_) data/gfan-0.6.2/src/polymakefile.cpp:65:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen(fileName.c_str(),"r"); data/gfan-0.6.2/src/polymakefile.cpp:109:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen(fileName.c_str(),"w"); data/gfan-0.6.2/src/polymakefile.h:44:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const char *fileName_); data/gfan-0.6.2/src/printer.cpp:488:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[16]; data/gfan-0.6.2/src/printer.cpp:489:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%%%ii",minimalFieldWidth); data/gfan-0.6.2/src/printer.cpp:497:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[32]; data/gfan-0.6.2/src/printer.cpp:498:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%%%if",minimalFieldWidth); data/gfan-0.6.2/src/printer.h:46:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. virtual void printChar(int c){char s[2];s[0]=c;s[1]=0;printString(s);} data/gfan-0.6.2/src/app_test.cpp:432:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(fgetc(A)!=fgetc(B))return false; data/gfan-0.6.2/src/app_test.cpp:432:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(fgetc(A)!=fgetc(B))return false; data/gfan-0.6.2/src/app_test.cpp:450:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(dest,exe);dest+=strlen(exe); data/gfan-0.6.2/src/app_test.cpp:454:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(dest,examplePath);dest+=strlen(examplePath); data/gfan-0.6.2/src/application.cpp:23:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l=strlen(p); data/gfan-0.6.2/src/application.cpp:557:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(p->name())>0) data/gfan-0.6.2/src/gfanapplication.cpp:54:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(getValue())>0) data/gfan-0.6.2/src/gfanapplication.cpp:69:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(getValue())>0) data/gfan-0.6.2/src/gfanlib_q.h:82:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). freefunc(str,strlen(str)+1); data/gfan-0.6.2/src/gfanlib_z.h:68:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). freefunc(str,strlen(str)+1); data/gfan-0.6.2/src/integer.h:132:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). freefunc(str,strlen(str)+1); data/gfan-0.6.2/src/integer.h:429:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). freefunc(str,strlen(str)+1); data/gfan-0.6.2/src/macaulay2.cpp:88:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=fgetc(pipeOutput); data/gfan-0.6.2/src/macaulay2.cpp:103:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(line[strlen(line)-1]=='\n'); data/gfan-0.6.2/src/parser.cpp:702:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c=getc(f); data/gfan-0.6.2/src/polymakefile.cpp:40:6: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c2=fgetc(f); data/gfan-0.6.2/src/polymakefile.cpp:44:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c2=fgetc(f); data/gfan-0.6.2/src/polymakefile.cpp:69:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c=fgetc(f); data/gfan-0.6.2/src/polymakefile.cpp:91:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=fgetc(f); ANALYSIS SUMMARY: Hits = 132 Lines analyzed = 79023 in approximately 1.92 seconds (41188 lines/second) Physical Source Lines of Code (SLOC) = 55577 Hits@level = [0] 606 [1] 19 [2] 79 [3] 10 [4] 24 [5] 0 Hits@level+ = [0+] 738 [1+] 132 [2+] 113 [3+] 34 [4+] 24 [5+] 0 Hits/KSLOC@level+ = [0+] 13.2789 [1+] 2.37508 [2+] 2.03322 [3+] 0.611764 [4+] 0.431833 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.