Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/hpcc-1.5.0/DGEMM/onecpu.c Examining data/hpcc-1.5.0/DGEMM/tstdgemm.c Examining data/hpcc-1.5.0/FFT/bcnrand.c Examining data/hpcc-1.5.0/FFT/fft235.c Examining data/hpcc-1.5.0/FFT/hpccfft.h Examining data/hpcc-1.5.0/FFT/mpifft.c Examining data/hpcc-1.5.0/FFT/onecpu.c Examining data/hpcc-1.5.0/FFT/pzfft1d.c Examining data/hpcc-1.5.0/FFT/tstfft.c Examining data/hpcc-1.5.0/FFT/wrapfftw.c Examining data/hpcc-1.5.0/FFT/wrapfftw.h Examining data/hpcc-1.5.0/FFT/wrapmpifftw.c Examining data/hpcc-1.5.0/FFT/wrapmpifftw.h Examining data/hpcc-1.5.0/FFT/zfft1d.c Examining data/hpcc-1.5.0/PTRANS/cblacslt.c Examining data/hpcc-1.5.0/PTRANS/cblacslt.h Examining data/hpcc-1.5.0/PTRANS/mem.c Examining data/hpcc-1.5.0/PTRANS/pdmatcmp.c Examining data/hpcc-1.5.0/PTRANS/pdmatgen.c Examining data/hpcc-1.5.0/PTRANS/pdtrans.c Examining data/hpcc-1.5.0/PTRANS/pdtransdriver.c Examining data/hpcc-1.5.0/PTRANS/pmatgeninc.c Examining data/hpcc-1.5.0/PTRANS/sclapack.c Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccess.c Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccessLCG.c Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccessLCG_opt.c Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccessLCG_vanilla.c Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccess_opt.c Examining data/hpcc-1.5.0/RandomAccess/MPIRandomAccess_vanilla.c Examining data/hpcc-1.5.0/RandomAccess/RandomAccess.h Examining data/hpcc-1.5.0/RandomAccess/buckets.c Examining data/hpcc-1.5.0/RandomAccess/buckets.h Examining data/hpcc-1.5.0/RandomAccess/core_single_cpu.c Examining data/hpcc-1.5.0/RandomAccess/core_single_cpu_lcg.c Examining data/hpcc-1.5.0/RandomAccess/heap.c Examining data/hpcc-1.5.0/RandomAccess/heap.h Examining data/hpcc-1.5.0/RandomAccess/pool.c Examining data/hpcc-1.5.0/RandomAccess/pool.h Examining data/hpcc-1.5.0/RandomAccess/single_cpu.c Examining data/hpcc-1.5.0/RandomAccess/single_cpu_lcg.c Examining data/hpcc-1.5.0/RandomAccess/star_single_cpu.c Examining data/hpcc-1.5.0/RandomAccess/star_single_cpu_lcg.c Examining data/hpcc-1.5.0/RandomAccess/time_bound.c Examining data/hpcc-1.5.0/RandomAccess/time_bound.h Examining data/hpcc-1.5.0/RandomAccess/time_bound_lcg.c Examining data/hpcc-1.5.0/RandomAccess/utility.c Examining data/hpcc-1.5.0/RandomAccess/verification.c Examining data/hpcc-1.5.0/RandomAccess/verification_lcg.c Examining data/hpcc-1.5.0/STREAM/onecpu.c Examining data/hpcc-1.5.0/STREAM/stream.c Examining data/hpcc-1.5.0/hpl/include/hpccmema.h Examining data/hpcc-1.5.0/hpl/include/hpl.h Examining data/hpcc-1.5.0/hpl/include/hpl_auxil.h Examining data/hpcc-1.5.0/hpl/include/hpl_blas.h Examining data/hpcc-1.5.0/hpl/include/hpl_comm.h Examining data/hpcc-1.5.0/hpl/include/hpl_gesv.h Examining data/hpcc-1.5.0/hpl/include/hpl_grid.h Examining data/hpcc-1.5.0/hpl/include/hpl_matgen.h Examining data/hpcc-1.5.0/hpl/include/hpl_misc.h Examining data/hpcc-1.5.0/hpl/include/hpl_panel.h Examining data/hpcc-1.5.0/hpl/include/hpl_pauxil.h Examining data/hpcc-1.5.0/hpl/include/hpl_pfact.h Examining data/hpcc-1.5.0/hpl/include/hpl_pgesv.h Examining data/hpcc-1.5.0/hpl/include/hpl_pmatgen.h Examining data/hpcc-1.5.0/hpl/include/hpl_pmisc.h Examining data/hpcc-1.5.0/hpl/include/hpl_ptest.h Examining data/hpcc-1.5.0/hpl/include/hpl_ptimer.h Examining data/hpcc-1.5.0/hpl/include/hpl_test.h Examining data/hpcc-1.5.0/hpl/include/hpl_timer.h Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_abort.c Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_dlacpy.c Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_dlamch.c Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_dlange.c Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_dlaprnt.c Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_dlatcpy.c Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_fprintf.c Examining data/hpcc-1.5.0/hpl/src/auxil/HPL_warn.c Examining data/hpcc-1.5.0/hpl/src/blas/HPL_daxpy.c Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dcopy.c Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dgemm.c Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dgemv.c Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dger.c Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dscal.c Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dtrsm.c Examining data/hpcc-1.5.0/hpl/src/blas/HPL_dtrsv.c Examining data/hpcc-1.5.0/hpl/src/blas/HPL_idamax.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_1rinM.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_1ring.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_2rinM.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_2ring.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_bcast.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_binit.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_blonM.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_blong.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_bwait.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_copyL.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_packL.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_recv.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_sdrv.c Examining data/hpcc-1.5.0/hpl/src/comm/HPL_send.c Examining data/hpcc-1.5.0/hpl/src/grid/HPL_all_reduce.c Examining data/hpcc-1.5.0/hpl/src/grid/HPL_barrier.c Examining data/hpcc-1.5.0/hpl/src/grid/HPL_broadcast.c Examining data/hpcc-1.5.0/hpl/src/grid/HPL_grid_exit.c Examining data/hpcc-1.5.0/hpl/src/grid/HPL_grid_info.c Examining data/hpcc-1.5.0/hpl/src/grid/HPL_grid_init.c Examining data/hpcc-1.5.0/hpl/src/grid/HPL_max.c Examining data/hpcc-1.5.0/hpl/src/grid/HPL_min.c Examining data/hpcc-1.5.0/hpl/src/grid/HPL_pnum.c Examining data/hpcc-1.5.0/hpl/src/grid/HPL_reduce.c Examining data/hpcc-1.5.0/hpl/src/grid/HPL_sum.c Examining data/hpcc-1.5.0/hpl/src/panel/HPL_pdpanel_disp.c Examining data/hpcc-1.5.0/hpl/src/panel/HPL_pdpanel_free.c Examining data/hpcc-1.5.0/hpl/src/panel/HPL_pdpanel_init.c Examining data/hpcc-1.5.0/hpl/src/panel/HPL_pdpanel_new.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp00N.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp01N.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp01T.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp02N.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp03N.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp03T.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp04N.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp04T.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp05N.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp05T.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp06N.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp06T.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_dlaswp10N.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_indxg2l.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_indxg2lp.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_indxg2p.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_indxl2g.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_infog2l.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_numroc.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_numrocI.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_pabort.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_pdlamch.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_pdlange.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_pdlaprnt.c Examining data/hpcc-1.5.0/hpl/src/pauxil/HPL_pwarn.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_dlocmax.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_dlocswpN.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_dlocswpT.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdfact.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdmxswp.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpancrN.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpancrT.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpanllN.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpanllT.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpanrlN.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdpanrlT.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpancrN.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpancrT.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpanllN.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpanllT.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpanrlN.c Examining data/hpcc-1.5.0/hpl/src/pfact/HPL_pdrpanrlT.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_equil.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_logsort.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdgesv.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdgesv0.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdgesvK1.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdgesvK2.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdlaswp00N.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdlaswp00T.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdlaswp01N.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdlaswp01T.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdtrsv.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdupdateNN.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdupdateNT.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdupdateTN.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pdupdateTT.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_perm.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_pipid.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_plindx0.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_plindx1.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_plindx10.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_rollN.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_rollT.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_spreadN.c Examining data/hpcc-1.5.0/hpl/src/pgesv/HPL_spreadT.c Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_dmatgen.c Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_jumpit.c Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_ladd.c Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_lmul.c Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_rand.c Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_setran.c Examining data/hpcc-1.5.0/hpl/testing/matgen/HPL_xjumpm.c Examining data/hpcc-1.5.0/hpl/testing/pmatgen/HPL_pdmatgen.c Examining data/hpcc-1.5.0/hpl/testing/ptest/HPL_pddriver.c Examining data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c Examining data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdtest.c Examining data/hpcc-1.5.0/hpl/testing/ptimer/HPL_ptimer.c Examining data/hpcc-1.5.0/hpl/testing/ptimer/HPL_ptimer_cputime.c Examining data/hpcc-1.5.0/hpl/testing/ptimer/HPL_ptimer_walltime.c Examining data/hpcc-1.5.0/hpl/testing/timer/HPL_timer.c Examining data/hpcc-1.5.0/hpl/testing/timer/HPL_timer_cputime.c Examining data/hpcc-1.5.0/hpl/testing/timer/HPL_timer_walltime.c Examining data/hpcc-1.5.0/include/hpcc.h Examining data/hpcc-1.5.0/include/hpccver.h Examining data/hpcc-1.5.0/src/HPL_slamch.c Examining data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c Examining data/hpcc-1.5.0/src/extfinalize.c Examining data/hpcc-1.5.0/src/extinit.c Examining data/hpcc-1.5.0/src/hpcc.c Examining data/hpcc-1.5.0/src/io.c Parsing failed to find end of parameter list; semicolon terminated it in ( outputFile, "sizeof_struct_double_double=%d\n", (int)sizeof(struct{double HPCC_r,HPCC_i;}) ); fprintf( outputFile, "CommWorldProcs=%d\n", commSize ); fprintf( outputFile, "MPI_Wtick=%e\n", MPI_W Examining data/hpcc-1.5.0/src/noopt.c FINAL RESULTS: data/hpcc-1.5.0/PTRANS/cblacslt.c:18:22: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DPRN(i,v) do{printf(__FILE__ "(%d)@%d:" #v "=%g\n",__LINE__,i,(double)(v));fflush(stdout);}while(0) data/hpcc-1.5.0/PTRANS/pdtransdriver.c:45:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( outFile, fmt, contxt, val_name, x ); data/hpcc-1.5.0/PTRANS/pdtransdriver.c:47:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( outFile, fmt, contxt ); data/hpcc-1.5.0/PTRANS/sclapack.c:210:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( fmt_9999, myrow, mycol, srname, *info ); data/hpcc-1.5.0/STREAM/stream.c:436:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( outFile, HLINE); data/hpcc-1.5.0/STREAM/stream.c:441:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( outFile, HLINE); data/hpcc-1.5.0/STREAM/stream.c:453:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (doIO) fprintf( outFile, HLINE); data/hpcc-1.5.0/STREAM/stream.c:495:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (doIO) fprintf( outFile, HLINE); data/hpcc-1.5.0/STREAM/stream.c:522:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( outFile, HLINE); data/hpcc-1.5.0/STREAM/stream.c:527:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( outFile, HLINE); data/hpcc-1.5.0/STREAM/stream.c:531:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( outFile, HLINE); data/hpcc-1.5.0/STREAM/stream.c:649:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( outFile, HLINE); data/hpcc-1.5.0/STREAM/stream.c:659:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (doIO) fprintf( outFile, HLINE); data/hpcc-1.5.0/hpl/src/auxil/HPL_abort.c:114:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. (void) vsprintf( cline, FORM, argptr ); data/hpcc-1.5.0/hpl/src/auxil/HPL_fprintf.c:106:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. (void) vsprintf( cline, FORM, argptr ); data/hpcc-1.5.0/hpl/src/auxil/HPL_warn.c:120:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. (void) vsprintf( cline, FORM, argptr ); data/hpcc-1.5.0/hpl/src/pauxil/HPL_pabort.c:115:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. (void) vsprintf( cline, FORM, argptr ); data/hpcc-1.5.0/hpl/src/pauxil/HPL_pwarn.c:121:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. (void) vsprintf( cline, FORM, argptr ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:325:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", file ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:327:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:349:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *NS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:361:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:373:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *NBS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:385:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:397:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:401:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *NPQS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:413:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:424:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:448:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); TEST->thrsh = atof( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:453:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *NPFS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:464:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:475:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *NBMS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:486:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:498:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *NDVS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:509:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:521:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *NRFS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:532:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:543:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *NTPS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:554:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:568:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *NDHS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:579:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( lineptr, "%s", num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:592:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); j = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:601:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *TSWAP = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:607:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *L1NOTRAN = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:613:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *UNOTRAN = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:619:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *EQUIL = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:625:14: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. (void) sscanf( line, "%s", num ); *ALIGN = atoi( num ); data/hpcc-1.5.0/include/hpcc.h:193:22: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DPRN(i,v) do{printf(__FILE__ "(%d)@%d:" #v "=%g\n",__LINE__,i,(double)(v));fflush(stdout);}while(0) data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:529:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, MSG, loop_length); data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:530:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (OutFile, MSG, loop_length); data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:1003:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( stderr, MSG, loop_length); data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:1004:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( OutFile, MSG, loop_length); data/hpcc-1.5.0/src/io.c:229:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( params->inFname, inFname ); data/hpcc-1.5.0/src/io.c:230:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( params->outFname, outFname ); data/hpcc-1.5.0/DGEMM/onecpu.c:58:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/hpcc-1.5.0/DGEMM/tstdgemm.c:13:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand( seed ); data/hpcc-1.5.0/FFT/onecpu.c:58:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/hpcc-1.5.0/RandomAccess/single_cpu.c:29:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/hpcc-1.5.0/RandomAccess/single_cpu_lcg.c:29:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/hpcc-1.5.0/STREAM/onecpu.c:84:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:846:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seedval); data/hpcc-1.5.0/DGEMM/tstdgemm.c:63:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile = fopen( params->outFname, "a" ); data/hpcc-1.5.0/FFT/mpifft.c:175:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile = fopen( params->outFname, "a" ); data/hpcc-1.5.0/FFT/tstfft.c:124:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile = fopen( params->outFname, "a" ); data/hpcc-1.5.0/FFT/tstfft.c:131:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile = fopen( "/dev/null", "w" ); /* special filename Unix file systems */ data/hpcc-1.5.0/FFT/tstfft.c:133:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile = fopen( "nul", "w"); /* special filename on Windows, produces no output */ data/hpcc-1.5.0/PTRANS/cblacslt.c:379:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (char *)sbuf + j * m * dsize, (char *)A + j * lda * dsize, m * dsize ); data/hpcc-1.5.0/PTRANS/cblacslt.c:390:20: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (A == sbuf) memcpy( A, rbuf, count * dsize ); /* A is contiguous */ data/hpcc-1.5.0/PTRANS/cblacslt.c:393:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (char *)A + j * lda * dsize, (char *)rbuf + j * m * dsize, m * dsize ); data/hpcc-1.5.0/PTRANS/pdtransdriver.c:123:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile = fopen( params->outFname, "a" ); data/hpcc-1.5.0/RandomAccess/MPIRandomAccess.c:680:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile = fopen( params->outFname, "a" ); data/hpcc-1.5.0/RandomAccess/MPIRandomAccessLCG.c:675:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile = fopen( params->outFname, "a" ); data/hpcc-1.5.0/RandomAccess/core_single_cpu.c:95:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile = fopen( params->outFname, "a" ); data/hpcc-1.5.0/RandomAccess/core_single_cpu_lcg.c:99:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile = fopen( params->outFname, "a" ); data/hpcc-1.5.0/STREAM/stream.c:183:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *label[4] = {"Copy: ", "Scale: ", data/hpcc-1.5.0/STREAM/stream.c:400:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile = fopen( params->outFname, "a" ); data/hpcc-1.5.0/STREAM/stream.c:611:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(times_copy, times, sizeof times_copy ); data/hpcc-1.5.0/hpl/src/auxil/HPL_abort.c:98:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cline[128]; data/hpcc-1.5.0/hpl/src/auxil/HPL_fprintf.c:91:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cline[256]; data/hpcc-1.5.0/hpl/src/auxil/HPL_warn.c:102:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cline[128]; data/hpcc-1.5.0/hpl/src/pauxil/HPL_pabort.c:99:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cline[128]; data/hpcc-1.5.0/hpl/src/pauxil/HPL_pwarn.c:103:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cline[128]; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:284:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[HPL_LINE_MAX], line[HPL_LINE_MAX], data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:311:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( ( infp = fopen( INFILE, "r" ) ) == NULL ) data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:328:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fid = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:332:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( file, "hpccoutf.txt" ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:335:32: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if( ( TEST->outfp = fopen( file, "a" ) ) == NULL ) data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:349:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *NS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:362:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( ( N[ i ] = atoi( num ) ) < 0 ) data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:373:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *NBS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:386:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( ( NB[ i ] = atoi( num ) ) < 1 ) data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:398:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *PMAPPIN = ( atoi( num ) == 1 ? HPL_COLUMN_MAJOR : HPL_ROW_MAJOR ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:401:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *NPQS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:414:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( ( P[ i ] = atoi( num ) ) < 1 ) data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:425:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( ( Q[ i ] = atoi( num ) ) < 1 ) data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:453:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *NPFS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:465:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). j = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:475:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *NBMS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:487:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( ( NBM[ i ] = atoi( num ) ) < 1 ) data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:498:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *NDVS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:510:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( ( NDV[ i ] = atoi( num ) ) < 2 ) data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:521:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *NRFS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:533:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). j = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:543:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *NTPS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:555:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). j = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:568:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *NDHS = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:581:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( ( DH[ i ] = atoi( num ) ) < 0 ) data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:592:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); j = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:601:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *TSWAP = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:607:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *L1NOTRAN = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:613:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *UNOTRAN = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:619:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *EQUIL = atoi( num ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:625:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void) sscanf( line, "%s", num ); *ALIGN = atoi( num ); data/hpcc-1.5.0/include/hpcc.h:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inFname[256 + 1], outFname[256 + 1]; data/hpcc-1.5.0/include/hpcc.h:195:37: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define BEGIN_IO(r,fn,f) if(0==r){f=fopen(fn,"a");if(!f)fprintf(f=stderr,"Problem with appending to file '%s'\n",fn) data/hpcc-1.5.0/src/bench_lat_bw_1.5.2.c:1380:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). OutFile = fopen( params->outFname, "a" ); data/hpcc-1.5.0/src/io.c:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[82]; int nbuf = 82; data/hpcc-1.5.0/src/io.c:90:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen( params->inFname, "r" ); data/hpcc-1.5.0/src/io.c:214:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inFname[12] = "hpccinf.txt", outFname[13] = "hpccoutf.txt"; data/hpcc-1.5.0/src/io.c:218:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[MPI_MAX_PROCESSOR_NAME + 1]; int hostnameLen; data/hpcc-1.5.0/src/io.c:233:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outputFile = fopen( params->outFname, "a" ); data/hpcc-1.5.0/src/io.c:661:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char memFile[13] = "hpccmemf.txt"; data/hpcc-1.5.0/src/io.c:662:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[HPL_LINE_MAX]; int nbuf = HPL_LINE_MAX; data/hpcc-1.5.0/src/io.c:687:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen( memFile, "r" ); data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:361:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:385:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:413:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:424:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:464:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:486:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:509:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:532:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:554:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) sscanf( lineptr, "%s", num ); lineptr += strlen( num ) + 1; data/hpcc-1.5.0/hpl/testing/ptest/HPL_pdinfo.c:580:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lineptr += strlen( num ) + 1; ANALYSIS SUMMARY: Hits = 134 Lines analyzed = 51639 in approximately 1.69 seconds (30508 lines/second) Physical Source Lines of Code (SLOC) = 27054 Hits@level = [0] 502 [1] 10 [2] 63 [3] 7 [4] 54 [5] 0 Hits@level+ = [0+] 636 [1+] 134 [2+] 124 [3+] 61 [4+] 54 [5+] 0 Hits/KSLOC@level+ = [0+] 23.5085 [1+] 4.95306 [2+] 4.58343 [3+] 2.25475 [4+] 1.99601 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.