Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hpcc-1.5.0/DGEMM/onecpu.c
Examining data/hpcc-1.5.0/DGEMM/tstdgemm.c
Examining data/hpcc-1.5.0/FFT/bcnrand.c
Examining data/hpcc-1.5.0/FFT/fft235.c
Examining data/hpcc-1.5.0/FFT/hpccfft.h
Examining data/hpcc-1.5.0/FFT/mpifft.c
Examining data/hpcc-1.5.0/FFT/onecpu.c
Examining data/hpcc-1.5.0/FFT/pzfft1d.c
Examining data/hpcc-1.5.0/FFT/tstfft.c
Examining data/hpcc-1.5.0/FFT/wrapfftw.c
Examining data/hpcc-1.5.0/FFT/wrapfftw.h
Examining data/hpcc-1.5.0/FFT/wrapmpifftw.c
Examining data/hpcc-1.5.0/FFT/wrapmpifftw.h
Examining data/hpcc-1.5.0/FFT/zfft1d.c
Examining data/hpcc-1.5.0/PTRANS/cblacslt.c
Examining data/hpcc-1.5.0/PTRANS/cblacslt.h
Examining data/hpcc-1.5.0/PTRANS/mem.c
Examining data/hpcc-1.5.0/PTRANS/pdmatcmp.c
Examining data/hpcc-1.5.0/PTRANS/pdmatgen.c
Examining data/hpcc-1.5.0/PTRANS/pdtrans.c
Examining data/hpcc-1.5.0/PTRANS/pdtransdriver.c
Examining data/hpcc-1.5.0/PTRANS/pmatgeninc.c
Examining data/hpcc-1.5.0/PTRANS/sclapack.c
Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccess.c
Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccessLCG.c
Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccessLCG_opt.c
Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccessLCG_vanilla.c
Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccess_opt.c
Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccess_vanilla.c
Examining data/hpcc-1.5.0/RandomAccess/RandomAccess.h
Examining data/hpcc-1.5.0/RandomAccess/buckets.c
Examining data/hpcc-1.5.0/RandomAccess/buckets.h
Examining data/hpcc-1.5.0/RandomAccess/core_single_cpu.c
Examining data/hpcc-1.5.0/RandomAccess/core_single_cpu_lcg.c
Examining data/hpcc-1.5.0/RandomAccess/heap.c
Examining data/hpcc-1.5.0/RandomAccess/heap.h
Examining data/hpcc-1.5.0/RandomAccess/pool.c
Examining data/hpcc-1.5.0/RandomAccess/pool.h
Examining data/hpcc-1.5.0/RandomAccess/single_cpu.c
Examining data/hpcc-1.5.0/RandomAccess/single_cpu_lcg.c
Examining data/hpcc-1.5.0/RandomAccess/star_single_cpu.c
Examining data/hpcc-1.5.0/RandomAccess/star_single_cpu_lcg.c
Examining data/hpcc-1.5.0/RandomAccess/time_bound.c
Examining data/hpcc-1.5.0/RandomAccess/time_bound.h
Examining data/hpcc-1.5.0/RandomAccess/time_bound_lcg.c
Examining data/hpcc-1.5.0/RandomAccess/utility.c
Examining data/hpcc-1.5.0/RandomAccess/verification.c
Examining data/hpcc-1.5.0/RandomAccess/verification_lcg.c
Examining data/hpcc-1.5.0/STREAM/onecpu.c
Examining data/hpcc-1.5.0/STREAM/stream.c
Examining data/hpcc-1.5.0/hpl/include/hpccmema.h
Examining data/hpcc-1.5.0/hpl/include/hpl.h
Examining data/hpcc-1.5.0/hpl/include/hpl_auxil.h
Examining data/hpcc-1.5.0/hpl/include/hpl_blas.h
Examining data/hpcc-1.5.0/hpl/include/hpl_comm.h
Examining data/hpcc-1.5.0/hpl/include/hpl_gesv.h
Examining data/hpcc-1.5.0/hpl/include/hpl_grid.h
Examining data/hpcc-1.5.0/hpl/include/hpl_matgen.h
Examining data/hpcc-1.5.0/hpl/include/hpl_misc.h
Examining data/hpcc-1.5.0/hpl/include/hpl_panel.h
Examining data/hpcc-1.5.0/hpl/include/hpl_pauxil.h
Examining data/hpcc-1.5.0/hpl/include/hpl_pfact.h
Examining data/hpcc-1.5.0/hpl/include/hpl_pgesv.h
Examining data/hpcc-1.5.0/hpl/include/hpl_pmatgen.h
Examining data/hpcc-1.5.0/hpl/include/hpl_pmisc.h
Examining data/hpcc-1.5.0/hpl/include/hpl_ptest.h
Examining data/hpcc-1.5.0/hpl/include/hpl_ptimer.h
Examining data/hpcc-1.5.0/hpl/include/hpl_test.h
Examining data/hpcc-1.5.0/hpl/include/hpl_timer.h
Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_abort.c
Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_dlacpy.c
Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_dlamch.c
Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_dlange.c
Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_dlaprnt.c
Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_dlatcpy.c
Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_fprintf.c
Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_warn.c
Examining data/hpcc-1.5.0/hpl/src/blas/HPL_daxpy.c
Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dcopy.c
Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dgemm.c
Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dgemv.c
Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dger.c
Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dscal.c
Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dtrsm.c
Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dtrsv.c
Examining data/hpcc-1.5.0/hpl/src/blas/HPL_idamax.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_1rinM.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_1ring.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_2rinM.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_2ring.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_bcast.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_binit.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_blonM.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_blong.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_bwait.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_copyL.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_packL.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_recv.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_sdrv.c
Examining data/hpcc-1.5.0/hpl/src/comm/HPL_send.c
Examining data/hpcc-1.5.0/hpl/src/grid/HPL_all_reduce.c
Examining data/hpcc-1.5.0/hpl/src/grid/HPL_barrier.c
Examining data/hpcc-1.5.0/hpl/src/grid/HPL_broadcast.c
Examining data/hpcc-1.5.0/hpl/src/grid/HPL_grid_exit.c
Examining data/hpcc-1.5.0/hpl/src/grid/HPL_grid_info.c
Examining data/hpcc-1.5.0/hpl/src/grid/HPL_grid_init.c
Examining data/hpcc-1.5.0/hpl/src/grid/HPL_max.c
Examining data/hpcc-1.5.0/hpl/src/grid/HPL_min.c
Examining data/hpcc-1.5.0/hpl/src/grid/HPL_pnum.c
Examining data/hpcc-1.5.0/hpl/src/grid/HPL_reduce.c
Examining data/hpcc-1.5.0/hpl/src/grid/HPL_sum.c
Examining data/hpcc-1.5.0/hpl/src/panel/HPL_pdpanel_disp.c
Examining data/hpcc-1.5.0/hpl/src/panel/HPL_pdpanel_free.c
Examining data/hpcc-1.5.0/hpl/src/panel/HPL_pdpanel_init.c
Examining data/hpcc-1.5.0/hpl/src/panel/HPL_pdpanel_new.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp00N.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp01N.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp01T.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp02N.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp03N.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp03T.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp04N.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp04T.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp05N.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp05T.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp06N.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp06T.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp10N.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_indxg2l.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_indxg2lp.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_indxg2p.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_indxl2g.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_infog2l.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_numroc.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_numrocI.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_pabort.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_pdlamch.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_pdlange.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_pdlaprnt.c
Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_pwarn.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_dlocmax.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_dlocswpN.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_dlocswpT.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdfact.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdmxswp.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpancrN.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpancrT.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpanllN.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpanllT.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpanrlN.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpanrlT.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpancrN.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpancrT.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpanllN.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpanllT.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpanrlN.c
Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpanrlT.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_equil.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_logsort.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdgesv.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdgesv0.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdgesvK1.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdgesvK2.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdlaswp00N.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdlaswp00T.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdlaswp01N.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdlaswp01T.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdtrsv.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdupdateNN.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdupdateNT.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdupdateTN.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdupdateTT.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_perm.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pipid.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_plindx0.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_plindx1.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_plindx10.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_rollN.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_rollT.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_spreadN.c
Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_spreadT.c
Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_dmatgen.c
Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_jumpit.c
Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_ladd.c
Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_lmul.c
Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_rand.c
Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_setran.c
Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_xjumpm.c
Examining data/hpcc-1.5.0/hpl/testing/pmatgen/HPL_pdmatgen.c
Examining data/hpcc-1.5.0/hpl/testing/ptest/HPL_pddriver.c
Examining data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c
Examining data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdtest.c
Examining data/hpcc-1.5.0/hpl/testing/ptimer/HPL_ptimer.c
Examining data/hpcc-1.5.0/hpl/testing/ptimer/HPL_ptimer_cputime.c
Examining data/hpcc-1.5.0/hpl/testing/ptimer/HPL_ptimer_walltime.c
Examining data/hpcc-1.5.0/hpl/testing/timer/HPL_timer.c
Examining data/hpcc-1.5.0/hpl/testing/timer/HPL_timer_cputime.c
Examining data/hpcc-1.5.0/hpl/testing/timer/HPL_timer_walltime.c
Examining data/hpcc-1.5.0/include/hpcc.h
Examining data/hpcc-1.5.0/include/hpccver.h
Examining data/hpcc-1.5.0/src/HPL_slamch.c
Examining data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c
Examining data/hpcc-1.5.0/src/extfinalize.c
Examining data/hpcc-1.5.0/src/extinit.c
Examining data/hpcc-1.5.0/src/hpcc.c
Examining data/hpcc-1.5.0/src/io.c
Parsing failed to find end of parameter list; semicolon terminated it in ( outputFile, "sizeof_struct_double_double=%d\n", (int)sizeof(struct{double HPCC_r,HPCC_i;}) );
fprintf( outputFile, "CommWorldProcs=%d\n", commSize );
fprintf( outputFile, "MPI_Wtick=%e\n", MPI_W
Examining data/hpcc-1.5.0/src/noopt.c
FINAL RESULTS:
data/hpcc-1.5.0/PTRANS/cblacslt.c:18:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DPRN(i,v) do{printf(__FILE__ "(%d)@%d:" #v "=%g\n",__LINE__,i,(double)(v));fflush(stdout);}while(0)
data/hpcc-1.5.0/PTRANS/pdtransdriver.c:45:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( outFile, fmt, contxt, val_name, x );
data/hpcc-1.5.0/PTRANS/pdtransdriver.c:47:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( outFile, fmt, contxt );
data/hpcc-1.5.0/PTRANS/sclapack.c:210:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( fmt_9999, myrow, mycol, srname, *info );
data/hpcc-1.5.0/STREAM/stream.c:436:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( outFile, HLINE);
data/hpcc-1.5.0/STREAM/stream.c:441:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( outFile, HLINE);
data/hpcc-1.5.0/STREAM/stream.c:453:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (doIO) fprintf( outFile, HLINE);
data/hpcc-1.5.0/STREAM/stream.c:495:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (doIO) fprintf( outFile, HLINE);
data/hpcc-1.5.0/STREAM/stream.c:522:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( outFile, HLINE);
data/hpcc-1.5.0/STREAM/stream.c:527:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( outFile, HLINE);
data/hpcc-1.5.0/STREAM/stream.c:531:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( outFile, HLINE);
data/hpcc-1.5.0/STREAM/stream.c:649:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( outFile, HLINE);
data/hpcc-1.5.0/STREAM/stream.c:659:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (doIO) fprintf( outFile, HLINE);
data/hpcc-1.5.0/hpl/src/auxil/HPL_abort.c:114:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) vsprintf( cline, FORM, argptr );
data/hpcc-1.5.0/hpl/src/auxil/HPL_fprintf.c:106:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) vsprintf( cline, FORM, argptr );
data/hpcc-1.5.0/hpl/src/auxil/HPL_warn.c:120:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) vsprintf( cline, FORM, argptr );
data/hpcc-1.5.0/hpl/src/pauxil/HPL_pabort.c:115:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) vsprintf( cline, FORM, argptr );
data/hpcc-1.5.0/hpl/src/pauxil/HPL_pwarn.c:121:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
(void) vsprintf( cline, FORM, argptr );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:325:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", file );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:327:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:349:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *NS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:361:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:373:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *NBS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:385:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:397:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:401:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *NPQS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:413:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:424:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:448:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); TEST->thrsh = atof( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:453:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *NPFS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:464:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:475:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *NBMS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:486:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:498:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *NDVS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:509:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:521:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *NRFS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:532:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:543:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *NTPS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:554:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:568:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *NDHS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:579:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( lineptr, "%s", num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:592:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); j = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:601:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *TSWAP = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:607:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *L1NOTRAN = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:613:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *UNOTRAN = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:619:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *EQUIL = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:625:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(void) sscanf( line, "%s", num ); *ALIGN = atoi( num );
data/hpcc-1.5.0/include/hpcc.h:193:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DPRN(i,v) do{printf(__FILE__ "(%d)@%d:" #v "=%g\n",__LINE__,i,(double)(v));fflush(stdout);}while(0)
data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:529:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr, MSG, loop_length);
data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:530:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (OutFile, MSG, loop_length);
data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:1003:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( stderr, MSG, loop_length);
data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:1004:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( OutFile, MSG, loop_length);
data/hpcc-1.5.0/src/io.c:229:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( params->inFname, inFname );
data/hpcc-1.5.0/src/io.c:230:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( params->outFname, outFname );
data/hpcc-1.5.0/DGEMM/onecpu.c:58:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/hpcc-1.5.0/DGEMM/tstdgemm.c:13:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( seed );
data/hpcc-1.5.0/FFT/onecpu.c:58:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/hpcc-1.5.0/RandomAccess/single_cpu.c:29:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/hpcc-1.5.0/RandomAccess/single_cpu_lcg.c:29:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/hpcc-1.5.0/STREAM/onecpu.c:84:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:846:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seedval);
data/hpcc-1.5.0/DGEMM/tstdgemm.c:63:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen( params->outFname, "a" );
data/hpcc-1.5.0/FFT/mpifft.c:175:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen( params->outFname, "a" );
data/hpcc-1.5.0/FFT/tstfft.c:124:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen( params->outFname, "a" );
data/hpcc-1.5.0/FFT/tstfft.c:131:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen( "/dev/null", "w" ); /* special filename Unix file systems */
data/hpcc-1.5.0/FFT/tstfft.c:133:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen( "nul", "w"); /* special filename on Windows, produces no output */
data/hpcc-1.5.0/PTRANS/cblacslt.c:379:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (char *)sbuf + j * m * dsize, (char *)A + j * lda * dsize, m * dsize );
data/hpcc-1.5.0/PTRANS/cblacslt.c:390:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (A == sbuf) memcpy( A, rbuf, count * dsize ); /* A is contiguous */
data/hpcc-1.5.0/PTRANS/cblacslt.c:393:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (char *)A + j * lda * dsize, (char *)rbuf + j * m * dsize, m * dsize );
data/hpcc-1.5.0/PTRANS/pdtransdriver.c:123:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen( params->outFname, "a" );
data/hpcc-1.5.0/RandomAccess/MPIRandomAccess.c:680:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen( params->outFname, "a" );
data/hpcc-1.5.0/RandomAccess/MPIRandomAccessLCG.c:675:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen( params->outFname, "a" );
data/hpcc-1.5.0/RandomAccess/core_single_cpu.c:95:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen( params->outFname, "a" );
data/hpcc-1.5.0/RandomAccess/core_single_cpu_lcg.c:99:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen( params->outFname, "a" );
data/hpcc-1.5.0/STREAM/stream.c:183:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *label[4] = {"Copy: ", "Scale: ",
data/hpcc-1.5.0/STREAM/stream.c:400:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen( params->outFname, "a" );
data/hpcc-1.5.0/STREAM/stream.c:611:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(times_copy, times, sizeof times_copy );
data/hpcc-1.5.0/hpl/src/auxil/HPL_abort.c:98:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[128];
data/hpcc-1.5.0/hpl/src/auxil/HPL_fprintf.c:91:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[256];
data/hpcc-1.5.0/hpl/src/auxil/HPL_warn.c:102:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[128];
data/hpcc-1.5.0/hpl/src/pauxil/HPL_pabort.c:99:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[128];
data/hpcc-1.5.0/hpl/src/pauxil/HPL_pwarn.c:103:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cline[128];
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:284:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[HPL_LINE_MAX], line[HPL_LINE_MAX],
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:311:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( infp = fopen( INFILE, "r" ) ) == NULL )
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:328:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fid = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:332:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( file, "hpccoutf.txt" );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:335:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if( ( TEST->outfp = fopen( file, "a" ) ) == NULL )
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:349:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *NS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:362:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( N[ i ] = atoi( num ) ) < 0 )
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:373:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *NBS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:386:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( NB[ i ] = atoi( num ) ) < 1 )
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:398:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*PMAPPIN = ( atoi( num ) == 1 ? HPL_COLUMN_MAJOR : HPL_ROW_MAJOR );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:401:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *NPQS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:414:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( P[ i ] = atoi( num ) ) < 1 )
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:425:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( Q[ i ] = atoi( num ) ) < 1 )
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:453:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *NPFS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:465:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
j = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:475:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *NBMS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:487:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( NBM[ i ] = atoi( num ) ) < 1 )
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:498:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *NDVS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:510:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( NDV[ i ] = atoi( num ) ) < 2 )
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:521:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *NRFS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:533:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
j = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:543:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *NTPS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:555:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
j = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:568:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *NDHS = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:581:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( DH[ i ] = atoi( num ) ) < 0 )
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:592:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); j = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:601:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *TSWAP = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:607:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *L1NOTRAN = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:613:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *UNOTRAN = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:619:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *EQUIL = atoi( num );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:625:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(void) sscanf( line, "%s", num ); *ALIGN = atoi( num );
data/hpcc-1.5.0/include/hpcc.h:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inFname[256 + 1], outFname[256 + 1];
data/hpcc-1.5.0/include/hpcc.h:195:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define BEGIN_IO(r,fn,f) if(0==r){f=fopen(fn,"a");if(!f)fprintf(f=stderr,"Problem with appending to file '%s'\n",fn)
data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:1380:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OutFile = fopen( params->outFname, "a" );
data/hpcc-1.5.0/src/io.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[82]; int nbuf = 82;
data/hpcc-1.5.0/src/io.c:90:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen( params->inFname, "r" );
data/hpcc-1.5.0/src/io.c:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inFname[12] = "hpccinf.txt", outFname[13] = "hpccoutf.txt";
data/hpcc-1.5.0/src/io.c:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MPI_MAX_PROCESSOR_NAME + 1]; int hostnameLen;
data/hpcc-1.5.0/src/io.c:233:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputFile = fopen( params->outFname, "a" );
data/hpcc-1.5.0/src/io.c:661:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memFile[13] = "hpccmemf.txt";
data/hpcc-1.5.0/src/io.c:662:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HPL_LINE_MAX]; int nbuf = HPL_LINE_MAX;
data/hpcc-1.5.0/src/io.c:687:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen( memFile, "r" );
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:361:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:385:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:413:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:424:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:464:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:486:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:509:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:532:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:554:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1;
data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:580:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineptr += strlen( num ) + 1;
ANALYSIS SUMMARY:
Hits = 134
Lines analyzed = 51639 in approximately 1.69 seconds (30508 lines/second)
Physical Source Lines of Code (SLOC) = 27054
Hits@level = [0] 502 [1] 10 [2] 63 [3] 7 [4] 54 [5] 0
Hits@level+ = [0+] 636 [1+] 134 [2+] 124 [3+] 61 [4+] 54 [5+] 0
Hits/KSLOC@level+ = [0+] 23.5085 [1+] 4.95306 [2+] 4.58343 [3+] 2.25475 [4+] 1.99601 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.