Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libm4ri-20200125/m4ri/m4ri.h
Examining data/libm4ri-20200125/m4ri/brilliantrussian.h
Examining data/libm4ri-20200125/m4ri/misc.h
Examining data/libm4ri-20200125/m4ri/mzd.h
Examining data/libm4ri-20200125/m4ri/graycode.h
Examining data/libm4ri-20200125/m4ri/strassen.h
Examining data/libm4ri-20200125/m4ri/parity.h
Examining data/libm4ri-20200125/m4ri/mzp.h
Examining data/libm4ri-20200125/m4ri/triangular.h
Examining data/libm4ri-20200125/m4ri/triangular_russian.h
Examining data/libm4ri-20200125/m4ri/ple.h
Examining data/libm4ri-20200125/m4ri/ple_russian.h
Examining data/libm4ri-20200125/m4ri/ple_russian_template.h
Examining data/libm4ri-20200125/m4ri/solve.h
Examining data/libm4ri-20200125/m4ri/echelonform.h
Examining data/libm4ri-20200125/m4ri/xor.h
Examining data/libm4ri-20200125/m4ri/xor_template.h
Examining data/libm4ri-20200125/m4ri/mmc.h
Examining data/libm4ri-20200125/m4ri/debug_dump.h
Examining data/libm4ri-20200125/m4ri/io.h
Examining data/libm4ri-20200125/m4ri/djb.h
Examining data/libm4ri-20200125/m4ri/mp.h
Examining data/libm4ri-20200125/m4ri/brilliantrussian.c
Examining data/libm4ri-20200125/m4ri/misc.c
Examining data/libm4ri-20200125/m4ri/mzd.c
Examining data/libm4ri-20200125/m4ri/graycode.c
Examining data/libm4ri-20200125/m4ri/strassen.c
Examining data/libm4ri-20200125/m4ri/mzp.c
Examining data/libm4ri-20200125/m4ri/triangular.c
Examining data/libm4ri-20200125/m4ri/triangular_russian.c
Examining data/libm4ri-20200125/m4ri/ple.c
Examining data/libm4ri-20200125/m4ri/ple_russian.c
Examining data/libm4ri-20200125/m4ri/solve.c
Examining data/libm4ri-20200125/m4ri/echelonform.c
Examining data/libm4ri-20200125/m4ri/mmc.c
Examining data/libm4ri-20200125/m4ri/debug_dump.c
Examining data/libm4ri-20200125/m4ri/io.c
Examining data/libm4ri-20200125/m4ri/djb.c
Examining data/libm4ri-20200125/m4ri/mp.c
Examining data/libm4ri-20200125/tests/test_alignment.c
Examining data/libm4ri-20200125/tests/test_colswap.c
Examining data/libm4ri-20200125/tests/test_djb.c
Examining data/libm4ri-20200125/tests/test_elimination.c
Examining data/libm4ri-20200125/tests/test_invert.c
Examining data/libm4ri-20200125/tests/test_kernel.c
Examining data/libm4ri-20200125/tests/test_misc.c
Examining data/libm4ri-20200125/tests/test_multiplication.c
Examining data/libm4ri-20200125/tests/test_ple.c
Examining data/libm4ri-20200125/tests/test_random.c
Examining data/libm4ri-20200125/tests/test_smallops.c
Examining data/libm4ri-20200125/tests/testing.c
Examining data/libm4ri-20200125/tests/testing.h
Examining data/libm4ri-20200125/tests/test_solve.c
Examining data/libm4ri-20200125/tests/test_transpose.c
Examining data/libm4ri-20200125/tests/test_trsm.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/alpha.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/amd64cpuinfo.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/amd64tscfreq.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/clockmonotonic.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/gettimeofday.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/hppapstat.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/powerpcaix.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/powerpclinux.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/powerpcmacos.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/sparc32psrinfo.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/sparcpsrinfo.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/test.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/x86cpuinfo.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/x86tscfreq.c
Examining data/libm4ri-20200125/bench/cpucycles-20060326/alpha.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/amd64cpuinfo.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/amd64tscfreq.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/clockmonotonic.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/cpucycles.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/gettimeofday.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/hppapstat.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/powerpcaix.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/powerpclinux.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/powerpcmacos.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/sparc32psrinfo.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/sparcpsrinfo.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/x86cpuinfo.h
Examining data/libm4ri-20200125/bench/cpucycles-20060326/x86tscfreq.h
Examining data/libm4ri-20200125/bench/bench_elimination.c
Examining data/libm4ri-20200125/bench/benchmarking.c
Examining data/libm4ri-20200125/bench/benchmarking.h
Examining data/libm4ri-20200125/bench/bench_elimination_sparse.c
Examining data/libm4ri-20200125/bench/bench_invert.c
Examining data/libm4ri-20200125/bench/bench_m4rm.c
Examining data/libm4ri-20200125/bench/bench_multiplication.c
Examining data/libm4ri-20200125/bench/bench_mzd.c
Examining data/libm4ri-20200125/bench/bench_ple.c
Examining data/libm4ri-20200125/bench/bench_rank.c
Examining data/libm4ri-20200125/bench/bench_trsm.c
FINAL RESULTS:
data/libm4ri-20200125/bench/cpucycles-20060326/powerpcaix.c:47:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen("/usr/sbin/lsattr -E -l proc0 -a frequency","r");
data/libm4ri-20200125/bench/cpucycles-20060326/sparc32psrinfo.c:22:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen("/usr/sbin/psrinfo -v","r");
data/libm4ri-20200125/bench/cpucycles-20060326/sparcpsrinfo.c:17:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen("/usr/sbin/psrinfo -v","r");
data/libm4ri-20200125/m4ri/misc.c:39:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, errormessage, lst);
data/libm4ri-20200125/bench/bench_elimination.c:229:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/bench/bench_elimination_sparse.c:25:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random() <= p->density) {
data/libm4ri-20200125/bench/bench_elimination_sparse.c:73:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/bench/bench_invert.c:110:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/bench/bench_m4rm.c:178:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/bench/bench_multiplication.c:219:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/bench/bench_mzd.c:1224:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/bench/bench_ple.c:107:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/bench/bench_rank.c:235:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/bench/bench_trsm.c:102:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/bench/benchmarking.c:726:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
word a0 = random();
data/libm4ri-20200125/bench/benchmarking.c:727:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
word a1 = random();
data/libm4ri-20200125/bench/benchmarking.c:728:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
word a2 = random();
data/libm4ri-20200125/m4ri/misc.c:68:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
word a0 = random();
data/libm4ri-20200125/m4ri/misc.c:69:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
word a1 = random();
data/libm4ri-20200125/m4ri/misc.c:70:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
word a2 = random();
data/libm4ri-20200125/tests/test_djb.c:58:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_elimination.c:98:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_invert.c:73:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_kernel.c:64:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_multiplication.c:251:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_ple.c:261:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_random.c:43:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_random.c:45:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_random.c:47:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_random.c:73:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_smallops.c:126:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_solve.c:73:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/test_trsm.c:226:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(17);
data/libm4ri-20200125/tests/testing.h:8:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom srand
data/libm4ri-20200125/tests/testing.h:8:17: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom srand
data/libm4ri-20200125/bench/bench_elimination.c:214:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_elimination.c:216:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.n = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_elimination.c:225:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.r = atoi(argv[4]);
data/libm4ri-20200125/bench/bench_elimination_sparse.c:65:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.full = atoi(argv[5]);
data/libm4ri-20200125/bench/bench_elimination_sparse.c:67:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_elimination_sparse.c:68:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.n = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_invert.c:103:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.n = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_invert.c:104:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.direction = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_m4rm.c:159:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_m4rm.c:160:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.n = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_m4rm.c:161:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.l = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_m4rm.c:162:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.k = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_m4rm.c:165:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_m4rm.c:166:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.n = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_m4rm.c:167:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.l = atoi(argv[3]);
data/libm4ri-20200125/bench/bench_m4rm.c:168:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.k = atoi(argv[4]);
data/libm4ri-20200125/bench/bench_multiplication.c:177:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_multiplication.c:178:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.n = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_multiplication.c:179:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.l = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_multiplication.c:184:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_multiplication.c:185:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.n = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_multiplication.c:186:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.l = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_multiplication.c:187:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.cutoff = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_multiplication.c:191:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_multiplication.c:192:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.n = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_multiplication.c:193:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.l = atoi(argv[3]);
data/libm4ri-20200125/bench/bench_multiplication.c:198:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_multiplication.c:199:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.n = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_multiplication.c:200:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.l = atoi(argv[3]);
data/libm4ri-20200125/bench/bench_multiplication.c:201:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.cutoff = atoi(argv[4]);
data/libm4ri-20200125/bench/bench_multiplication.c:205:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_multiplication.c:206:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.n = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_multiplication.c:207:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.l = atoi(argv[3]);
data/libm4ri-20200125/bench/bench_multiplication.c:208:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.cutoff = atoi(argv[4]);
data/libm4ri-20200125/bench/bench_multiplication.c:209:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.mp = atoi(argv[5]);
data/libm4ri-20200125/bench/bench_mzd.c:910:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->k = atoi((*argvp)[0]);
data/libm4ri-20200125/bench/bench_mzd.c:913:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->l = atoi((*argvp)[0]);
data/libm4ri-20200125/bench/bench_mzd.c:916:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->m = atoi((*argvp)[0]);
data/libm4ri-20200125/bench/bench_mzd.c:919:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->n = atoi((*argvp)[0]);
data/libm4ri-20200125/bench/bench_mzd.c:963:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->row[params->rows++] = atoi((*argvp)[0]);
data/libm4ri-20200125/bench/bench_mzd.c:966:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->col[params->cols++] = atoi((*argvp)[0]);
data/libm4ri-20200125/bench/bench_mzd.c:969:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->wrd[params->wrds++] = atoi((*argvp)[0]);
data/libm4ri-20200125/bench/bench_mzd.c:999:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->boolean = atoi((*argvp)[0]);
data/libm4ri-20200125/bench/bench_mzd.c:1007:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->integer = atoi((*argvp)[0]);
data/libm4ri-20200125/bench/bench_mzd.c:1134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usage[64];
data/libm4ri-20200125/bench/bench_ple.c:103:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_ple.c:104:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.n = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_rank.c:220:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_rank.c:222:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.n = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_rank.c:231:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.r = atoi(argv[4]);
data/libm4ri-20200125/bench/bench_trsm.c:97:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.m = atoi(argv[1]);
data/libm4ri-20200125/bench/bench_trsm.c:98:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.n = atoi(argv[2]);
data/libm4ri-20200125/bench/bench_trsm.c:99:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.upper = atoi(argv[3]);
data/libm4ri-20200125/bench/bench_trsm.c:100:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p.left = atoi(argv[4]);
data/libm4ri-20200125/bench/benchmarking.c:125:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[PAPI_MAX_STR_LEN];
data/libm4ri-20200125/bench/benchmarking.c:202:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bench_dump_counter = atoi((*argvp)[1]);
data/libm4ri-20200125/bench/benchmarking.c:238:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bench_minimum = atoi((*argvp)[1]);
data/libm4ri-20200125/bench/benchmarking.c:243:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bench_maximum = atoi((*argvp)[1]);
data/libm4ri-20200125/bench/benchmarking.c:261:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int confidence = atoi((*argvp)[1]);
data/libm4ri-20200125/bench/benchmarking.c:293:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bench_stats = atoi((*argvp)[1]);
data/libm4ri-20200125/bench/cpucycles-20060326/amd64cpuinfo.c:18:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("/proc/cpuinfo","r");
data/libm4ri-20200125/bench/cpucycles-20060326/gettimeofday.c:14:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("/proc/cpuinfo","r");
data/libm4ri-20200125/bench/cpucycles-20060326/powerpclinux.c:48:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("/proc/cpuinfo","r");
data/libm4ri-20200125/bench/cpucycles-20060326/x86cpuinfo.c:17:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("/proc/cpuinfo","r");
data/libm4ri-20200125/m4ri/io.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[SAFECHAR];
data/libm4ri-20200125/m4ri/io.c:78:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fh = fopen(fn,"rb");
data/libm4ri-20200125/m4ri/io.c:198:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fh = fopen(fn, "wb");
data/libm4ri-20200125/m4ri/io.c:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdate[21];
data/libm4ri-20200125/m4ri/io.c:248:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pdate,"%04d/%02d/%02d %02d:%02d:%02d",ltime->tm_year+1900,ltime->tm_mon+1,ltime->tm_mday,ltime->tm_hour,ltime->tm_min,ltime->tm_sec);
data/libm4ri-20200125/m4ri/io.c:310:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fh = fopen(fn,"r");
data/libm4ri-20200125/m4ri/mzd.c:46:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padding[sizeof(mzd_t) - 2 * sizeof(struct mzd_t_cache*) - sizeof(uint64_t)]; /*!< alignment */
data/libm4ri-20200125/m4ri/mzd.c:496:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char log2_ceil_table[64] = {
data/libm4ri-20200125/m4ri/mzd.c:1883:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(S->rows[i], M->rows[x] + startword, sizeof(word) * (ncols / m4ri_radix));
ANALYSIS SUMMARY:
Hits = 108
Lines analyzed = 19839 in approximately 0.62 seconds (32064 lines/second)
Physical Source Lines of Code (SLOC) = 12653
Hits@level = [0] 390 [1] 0 [2] 73 [3] 31 [4] 4 [5] 0
Hits@level+ = [0+] 498 [1+] 108 [2+] 108 [3+] 35 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 39.3583 [1+] 8.53553 [2+] 8.53553 [3+] 2.76614 [4+] 0.316131 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.