Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lcalc-1.23+dfsg/src/Ldokchitser.cc
Examining data/lcalc-1.23+dfsg/src/Lcommandline_values_zeros.cc
Examining data/lcalc-1.23+dfsg/src/Lcommandline_numbertheory.cc
Examining data/lcalc-1.23+dfsg/src/Lmisc.cc
Examining data/lcalc-1.23+dfsg/src/Lgamma.cc
Examining data/lcalc-1.23+dfsg/src/Lcommandline_twist.cc
Examining data/lcalc-1.23+dfsg/src/Lcommandline_misc.cc
Examining data/lcalc-1.23+dfsg/src/example_programs/example.cc
Examining data/lcalc-1.23+dfsg/src/Lcommandline_globals.cc
Examining data/lcalc-1.23+dfsg/src/Lriemannsiegel.cc
Examining data/lcalc-1.23+dfsg/src/Lglobals.cc
Examining data/lcalc-1.23+dfsg/src/Lcommandline_elliptic.cc
Examining data/lcalc-1.23+dfsg/src/Lcommandline.cc
Examining data/lcalc-1.23+dfsg/src/cmdline.c
Examining data/lcalc-1.23+dfsg/src/Lriemannsiegel_blfi.cc
Examining data/lcalc-1.23+dfsg/include/Lcommandline_misc.h
Examining data/lcalc-1.23+dfsg/include/Lprint.h
Examining data/lcalc-1.23+dfsg/include/Lgmpfrxx.h
Examining data/lcalc-1.23+dfsg/include/Lnumeric.h
Examining data/lcalc-1.23+dfsg/include/Lmisc.h
Examining data/lcalc-1.23+dfsg/include/Lnumberzeros.h
Examining data/lcalc-1.23+dfsg/include/mpfr_mul_d.h
Examining data/lcalc-1.23+dfsg/include/Lcommandline_globals.h
Examining data/lcalc-1.23+dfsg/include/Lint_complex.h
Examining data/lcalc-1.23+dfsg/include/getopt.h
Examining data/lcalc-1.23+dfsg/include/Lriemannsiegel_blfi.h
Examining data/lcalc-1.23+dfsg/include/Lcommandline_values_zeros.h
Examining data/lcalc-1.23+dfsg/include/Lriemannsiegel.h
Examining data/lcalc-1.23+dfsg/include/Lgram.h
Examining data/lcalc-1.23+dfsg/include/Lcommandline_numbertheory.h
Examining data/lcalc-1.23+dfsg/include/Lcommandline_twist.h
Examining data/lcalc-1.23+dfsg/include/Lvalue.h
Examining data/lcalc-1.23+dfsg/include/Lfind_zeros.h
Examining data/lcalc-1.23+dfsg/include/Lcommandline_elliptic.h
Examining data/lcalc-1.23+dfsg/include/Ldirichlet_series.h
Examining data/lcalc-1.23+dfsg/include/L.h
Examining data/lcalc-1.23+dfsg/include/Lcommandline.h
Examining data/lcalc-1.23+dfsg/include/Lgamma.h
Examining data/lcalc-1.23+dfsg/include/Lcomplex.h
Examining data/lcalc-1.23+dfsg/include/Ldokchitser.h
Examining data/lcalc-1.23+dfsg/include/Lexplicit_formula.h
Examining data/lcalc-1.23+dfsg/include/cmdline.h
Examining data/lcalc-1.23+dfsg/include/Lcommon.h
Examining data/lcalc-1.23+dfsg/include/Lcommon_ld.h
Examining data/lcalc-1.23+dfsg/include/Lglobals.h
FINAL RESULTS:
data/lcalc-1.23+dfsg/include/L.h:145:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,NAME);
data/lcalc-1.23+dfsg/include/L.h:206:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,NAME);
data/lcalc-1.23+dfsg/include/L.h:260:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,L.name);
data/lcalc-1.23+dfsg/include/L.h:319:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,L.name);
data/lcalc-1.23+dfsg/src/Lcommandline.cc:144:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_file_name,args_info.value_file_arg);
data/lcalc-1.23+dfsg/src/Lcommandline.cc:190:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a1,args_info.a1_arg);
data/lcalc-1.23+dfsg/src/Lcommandline.cc:191:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a2,args_info.a2_arg);
data/lcalc-1.23+dfsg/src/Lcommandline.cc:192:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a3,args_info.a3_arg);
data/lcalc-1.23+dfsg/src/Lcommandline.cc:193:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a4,args_info.a4_arg);
data/lcalc-1.23+dfsg/src/Lcommandline.cc:194:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a6,args_info.a6_arg);
data/lcalc-1.23+dfsg/src/Lcommandline.cc:198:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data_filename,args_info.file_input_arg);
data/lcalc-1.23+dfsg/src/Lcommandline.cc:202:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(system(strcat(str1,args_info.url_arg))!=0){
data/lcalc-1.23+dfsg/src/Lcommandline.cc:202:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(system(strcat(str1,args_info.url_arg))!=0){
data/lcalc-1.23+dfsg/src/Lcommandline.cc:213:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data_filename2,args_info.interpolate_arg);
data/lcalc-1.23+dfsg/src/Lcommandline.cc:381:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("rm temporary_url_file_lcalc");
data/lcalc-1.23+dfsg/src/cmdline.c:605:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, s);
data/lcalc-1.23+dfsg/include/Lcomplex.h:445:8: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
__is.setstate(ios_base::failbit);
data/lcalc-1.23+dfsg/include/Lcomplex.h:450:11: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
__is.setstate(ios_base::failbit);
data/lcalc-1.23+dfsg/include/getopt.h:145:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt (int __argc, char *const *__argv, const char *__shortopts);
data/lcalc-1.23+dfsg/include/getopt.h:148:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt ();
data/lcalc-1.23+dfsg/include/getopt.h:153:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long (int __argc, char *const *__argv, const char *__shortopts,
data/lcalc-1.23+dfsg/include/getopt.h:166:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt ();
data/lcalc-1.23+dfsg/include/getopt.h:168:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long ();
data/lcalc-1.23+dfsg/src/Lcommandline_numbertheory.cc:63:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time((time_t *)NULL));
data/lcalc-1.23+dfsg/src/cmdline.c:871:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hVvx:y:X:Y:n:z:Zd:eF:u:i:C:o:P:S:rl:tqs:f:pAacgD:O:", long_options, &option_index);
data/lcalc-1.23+dfsg/include/L.h:105:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name,"zeta");
data/lcalc-1.23+dfsg/include/Lfind_zeros.h:116:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(filename, ios::out|ios::app);
data/lcalc-1.23+dfsg/include/Lfind_zeros.h:552:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(filename, ios::out|ios::app);
data/lcalc-1.23+dfsg/include/Lfind_zeros.h:1420:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(filename, ios::out|ios::app);
data/lcalc-1.23+dfsg/src/Lcommandline.cc:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_filename[1000]; //filename of file containing data for L-function.
data/lcalc-1.23+dfsg/src/Lcommandline.cc:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_filename2[1000]; //filename of file containing data for L-function.
data/lcalc-1.23+dfsg/src/Lcommandline.cc:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a1[200];
data/lcalc-1.23+dfsg/src/Lcommandline.cc:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a2[200];
data/lcalc-1.23+dfsg/src/Lcommandline.cc:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a3[200];
data/lcalc-1.23+dfsg/src/Lcommandline.cc:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a4[200];
data/lcalc-1.23+dfsg/src/Lcommandline.cc:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a6[200];
data/lcalc-1.23+dfsg/src/Lcommandline.cc:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_file_name[1000]; //file of s values
data/lcalc-1.23+dfsg/src/Lcommandline.cc:208:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(data_filename,"temporary_url_file_lcalc");
data/lcalc-1.23+dfsg/src/Lcommandline.cc:216:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
print_character = atoi(args_info.output_character_arg);
data/lcalc-1.23+dfsg/src/Lcommandline_misc.cc:53:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(file_name, ios::in);
data/lcalc-1.23+dfsg/src/Lcommandline_twist.cc:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[300];
data/lcalc-1.23+dfsg/src/Lcommandline_twist.cc:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message_stamp[300];
data/lcalc-1.23+dfsg/src/Lcommandline_twist.cc:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_name[300];
data/lcalc-1.23+dfsg/src/Lcommandline_twist.cc:597:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[300];
data/lcalc-1.23+dfsg/src/Lcommandline_twist.cc:599:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message_stamp[300];
data/lcalc-1.23+dfsg/src/Lcommandline_values_zeros.cc:42:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(file_name, ios::in);
data/lcalc-1.23+dfsg/src/Lcommandline_values_zeros.cc:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message_stamp[300];
data/lcalc-1.23+dfsg/src/cmdline.c:574:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen(filename, "w");
data/lcalc-1.23+dfsg/include/L.h:144:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(NAME)+1];
data/lcalc-1.23+dfsg/include/L.h:205:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(NAME)+1];
data/lcalc-1.23+dfsg/include/L.h:259:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(L.name)+1];
data/lcalc-1.23+dfsg/include/L.h:318:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name=new char[strlen(L.name)+1];
data/lcalc-1.23+dfsg/include/L.h:401:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(L2.name,"");
data/lcalc-1.23+dfsg/include/L.h:445:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(L2.name,"");
data/lcalc-1.23+dfsg/include/Lgmpfrxx.h:1542:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*freefunc) (str, std::strlen(str)+1);
data/lcalc-1.23+dfsg/src/cmdline.c:287:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_purpose) > 0)
data/lcalc-1.23+dfsg/src/cmdline.c:290:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_usage) > 0)
data/lcalc-1.23+dfsg/src/cmdline.c:295:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_description) > 0)
data/lcalc-1.23+dfsg/src/cmdline.c:423:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, len = strlen(val); values[i]; ++i)
data/lcalc-1.23+dfsg/src/cmdline.c:429:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(values[i]) == len)
data/lcalc-1.23+dfsg/src/cmdline.c:602:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char*)malloc(strlen(s) + 1);
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 18659 in approximately 0.64 seconds (29335 lines/second)
Physical Source Lines of Code (SLOC) = 12815
Hits@level = [0] 35 [1] 13 [2] 23 [3] 9 [4] 16 [5] 0
Hits@level+ = [0+] 96 [1+] 61 [2+] 48 [3+] 25 [4+] 16 [5+] 0
Hits/KSLOC@level+ = [0+] 7.49122 [1+] 4.76005 [2+] 3.74561 [3+] 1.95084 [4+] 1.24854 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.