Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libmath-prime-util-gmp-perl-0.52/primality.c
Examining data/libmath-prime-util-gmp-perl-0.52/ecm.h
Examining data/libmath-prime-util-gmp-perl-0.52/tinyqs.h
Examining data/libmath-prime-util-gmp-perl-0.52/bls75.h
Examining data/libmath-prime-util-gmp-perl-0.52/prime_iterator.c
Examining data/libmath-prime-util-gmp-perl-0.52/aks.c
Examining data/libmath-prime-util-gmp-perl-0.52/ecpp.c
Examining data/libmath-prime-util-gmp-perl-0.52/factor.h
Examining data/libmath-prime-util-gmp-perl-0.52/pbrent63.c
Examining data/libmath-prime-util-gmp-perl-0.52/gmp_main.h
Examining data/libmath-prime-util-gmp-perl-0.52/random_prime.h
Examining data/libmath-prime-util-gmp-perl-0.52/isaac.c
Examining data/libmath-prime-util-gmp-perl-0.52/utility.h
Examining data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c
Examining data/libmath-prime-util-gmp-perl-0.52/aks.h
Examining data/libmath-prime-util-gmp-perl-0.52/ptypes.h
Examining data/libmath-prime-util-gmp-perl-0.52/prime_iterator.h
Examining data/libmath-prime-util-gmp-perl-0.52/ecpp.h
Examining data/libmath-prime-util-gmp-perl-0.52/simpqs.h
Examining data/libmath-prime-util-gmp-perl-0.52/simpqs.c
Examining data/libmath-prime-util-gmp-perl-0.52/xt/expr-impl.h
Examining data/libmath-prime-util-gmp-perl-0.52/xt/expr.c
Examining data/libmath-prime-util-gmp-perl-0.52/xt/expr.h
Examining data/libmath-prime-util-gmp-perl-0.52/utility.c
Examining data/libmath-prime-util-gmp-perl-0.52/random_prime.c
Examining data/libmath-prime-util-gmp-perl-0.52/real.c
Examining data/libmath-prime-util-gmp-perl-0.52/bls75.c
Examining data/libmath-prime-util-gmp-perl-0.52/class_poly_data.h
Examining data/libmath-prime-util-gmp-perl-0.52/gmp_main.c
Examining data/libmath-prime-util-gmp-perl-0.52/ecm.c
Examining data/libmath-prime-util-gmp-perl-0.52/isaac.h
Examining data/libmath-prime-util-gmp-perl-0.52/primality.h
Examining data/libmath-prime-util-gmp-perl-0.52/pbrent63.h
Examining data/libmath-prime-util-gmp-perl-0.52/squfof126.c
Examining data/libmath-prime-util-gmp-perl-0.52/squfof126.h
Examining data/libmath-prime-util-gmp-perl-0.52/factor.c
Examining data/libmath-prime-util-gmp-perl-0.52/real.h
Examining data/libmath-prime-util-gmp-perl-0.52/tinyqs.c
FINAL RESULTS:
data/libmath-prime-util-gmp-perl-0.52/bls75.c:779:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(proofptr, *prooftextptr);
data/libmath-prime-util-gmp-perl-0.52/ecpp.c:898:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(proofptr, *prooftextptr);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1445:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(_line, "%c$=%s", &varname, _vstr) == 2) {
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1475:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(_line, "N %s", _vstr) == 1) PROCESS_VAR(N);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1476:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "A %s", _vstr) == 1) PROCESS_VAR(A);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1477:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "B %s", _vstr) == 1) PROCESS_VAR(B);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1478:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "M %s", _vstr) == 1) PROCESS_VAR(M);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1479:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "Q %s", _vstr) == 1) PROCESS_VAR(Q);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1480:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "X %s", _vstr) == 1) PROCESS_VAR(X);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1481:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "Y %s", _vstr) == 1) PROCESS_VAR(Y);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1482:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "LQ %s", _vstr) == 1) PROCESS_VAR(LQ);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1483:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "LP %s", _vstr) == 1) PROCESS_VAR(LP);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1485:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "T %s", _vstr) == 1) PROCESS_VAR(T);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1486:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "J %s", _vstr) == 1) PROCESS_VAR(J);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1487:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "S %s", _vstr) == 1) PROCESS_VAR(S);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1488:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "R %s", _vstr) == 1) PROCESS_VAR(R);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1515:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(_line, "%c=-$%s", &varname, _vstr) == 2) varsign =-1;
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1516:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "%c=$%s", &varname, _vstr) == 2) varsign = 1;
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1517:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "%c=-0x%s", &varname, _vstr) == 2) varsign =-1;
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1518:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "%c=0x%s", &varname, _vstr) == 2) varsign = 1;
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1519:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(_line, "%c=%s", &varname, _vstr) == 2) varsign = 2;
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1598:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(_line, "N=$%s", _vstr) == 1) items_found++;
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1600:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(_line, "N$=%s", _vstr) == 1) items_found++;
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1693:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(_line, "Type %s", type) == 1) {
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1736:24: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(_line, "N %s", _vstr) == 1) {
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1738:24: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(_line, "Q[%d] %s", &i, _vstr) == 2) {
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1742:24: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(_line, "A[%d] %s", &i, _vstr) == 2) {
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1757:24: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(_line, "N %s", _vstr) == 1) {
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1759:24: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(_line, "Q[%d] %s", &i, _vstr) == 2) {
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1763:24: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(_line, "A %s", _vstr) == 1) {
data/libmath-prime-util-gmp-perl-0.52/ptypes.h:29:42: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define croak(fmt,...) do { printf(fmt,##__VA_ARGS__); exit(3); } while(0)
data/libmath-prime-util-gmp-perl-0.52/random_prime.c:369:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(thisptr, *proofptr); \
data/libmath-prime-util-gmp-perl-0.52/bls75.c:732:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char afermat[10000+1];
data/libmath-prime-util-gmp-perl-0.52/ecpp.c:879:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
proofptr += sprintf(proofptr, "A %"UVuf"\n", nm1a);
data/libmath-prime-util-gmp-perl-0.52/ecpp.c:886:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
proofptr += sprintf(proofptr, "LP %d\nLQ %d\n", (int)np1lp, (int)np1lq);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _line[MAX_LINE_LEN+1];
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:78:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _vstr[MAX_LINE_LEN+1];
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1634:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((_fh = fopen(filename, "r")) == NULL)
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1690:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[MAX_LINE_LEN+1];
data/libmath-prime-util-gmp-perl-0.52/gmp_main.c:68:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char next_wheel[30] =
data/libmath-prime-util-gmp-perl-0.52/gmp_main.c:70:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char prev_wheel[30] =
data/libmath-prime-util-gmp-perl-0.52/gmp_main.c:72:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char wheel_advance[30] =
data/libmath-prime-util-gmp-perl-0.52/gmp_main.c:74:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char wheel_retreat[30] =
data/libmath-prime-util-gmp-perl-0.52/gmp_main.c:1013:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(source+from, source, sizeof(uint32_t)*words);
data/libmath-prime-util-gmp-perl-0.52/gmp_main.c:1685:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crem_0[53*59], crem_1[61*67], crem_2[71*73], *VPrem;
data/libmath-prime-util-gmp-perl-0.52/isaac.c:16:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, (unsigned char*) (rsl+start), bytes);
data/libmath-prime-util-gmp-perl-0.52/isaac.c:38:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char swapbuf[256*4]; \
data/libmath-prime-util-gmp-perl-0.52/isaac.c:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, swapbuf, bytes); \
data/libmath-prime-util-gmp-perl-0.52/isaac.c:133:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rdata, data, n_copy_bytes);
data/libmath-prime-util-gmp-perl-0.52/primality.c:15:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sprimes[NSMALLPRIMES] = {2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251};
data/libmath-prime-util-gmp-perl-0.52/prime_iterator.c:13:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char distancewheel30[30] =
data/libmath-prime-util-gmp-perl-0.52/prime_iterator.c:16:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char masktab30[30] = {
data/libmath-prime-util-gmp-perl-0.52/prime_iterator.c:19:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nextwheel30[30] = {
data/libmath-prime-util-gmp-perl-0.52/prime_iterator.c:23:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char prevwheel30[30] = {
data/libmath-prime-util-gmp-perl-0.52/prime_iterator.c:66:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char presieve13[PRESIEVE_SIZE] =
data/libmath-prime-util-gmp-perl-0.52/prime_iterator.c:159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, presieve13 + pstartd, bytes);
data/libmath-prime-util-gmp-perl-0.52/prime_iterator.c:171:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char masknum30[30] =
data/libmath-prime-util-gmp-perl-0.52/prime_iterator.c:173:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char qinit30[30] =
data/libmath-prime-util-gmp-perl-0.52/random_prime.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pr[31] = {2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127};
data/libmath-prime-util-gmp-perl-0.52/real.c:50:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
prec += sprintf(out+prec, "%lu", k-prec+1);
data/libmath-prime-util-gmp-perl-0.52/utility.c:47:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seedstr[8] = {0};
data/libmath-prime-util-gmp-perl-0.52/xt/expr.c:71:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (edup, e, i);
data/libmath-prime-util-gmp-perl-0.52/xt/expr.c:93:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *e, size_t elen,
data/libmath-prime-util-gmp-perl-0.52/xt/expr.h:127:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned long, const char *, size_t, mpf_srcptr [26]);
data/libmath-prime-util-gmp-perl-0.52/xt/expr.h:131:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int, const char *, size_t, mpq_srcptr [26]);
data/libmath-prime-util-gmp-perl-0.52/xt/expr.h:135:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *, size_t, mpz_srcptr [26]);
data/libmath-prime-util-gmp-perl-0.52/bls75.c:759:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curprooflen = (*prooftextptr == 0) ? 0 : strlen(*prooftextptr);
data/libmath-prime-util-gmp-perl-0.52/ecpp.c:872:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curprooflen = (*prooftextptr == 0) ? 0 : strlen(*prooftextptr);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1407:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(_line);
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1441:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(_line) == 0) /* Skip extrenuous blank lines */
data/libmath-prime-util-gmp-perl-0.52/examples/vcert.c:1508:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(_line) == 0) /* Skip extrenuous blank lines */
data/libmath-prime-util-gmp-perl-0.52/random_prime.c:360:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int prevlen = (*proofptr == 0) ? 0 : strlen(*proofptr); \
data/libmath-prime-util-gmp-perl-0.52/simpqs.c:1528:22: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gmp_scanf("%Zd",n);getchar();
data/libmath-prime-util-gmp-perl-0.52/xt/expr.c:288:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mpz_expr_a (mpz_expr_standard_table, res, base, e, strlen(e), var);
data/libmath-prime-util-gmp-perl-0.52/xt/expr.c:438:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oplen = strlen (op->name);
ANALYSIS SUMMARY:
Hits = 75
Lines analyzed = 21654 in approximately 0.85 seconds (25393 lines/second)
Physical Source Lines of Code (SLOC) = 16773
Hits@level = [0] 170 [1] 9 [2] 34 [3] 0 [4] 32 [5] 0
Hits@level+ = [0+] 245 [1+] 75 [2+] 66 [3+] 32 [4+] 32 [5+] 0
Hits/KSLOC@level+ = [0+] 14.6068 [1+] 4.47147 [2+] 3.9349 [3+] 1.90783 [4+] 1.90783 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.