Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libxc-4.3.4/examples/basic.c Examining data/libxc-4.3.4/examples/get_refs.c Examining data/libxc-4.3.4/src/bessel.c Examining data/libxc-4.3.4/src/expint_e1.c Examining data/libxc-4.3.4/src/func_info.c Examining data/libxc-4.3.4/src/func_reference.c Examining data/libxc-4.3.4/src/functionals.c Examining data/libxc-4.3.4/src/genwiki.c Examining data/libxc-4.3.4/src/gga.c Examining data/libxc-4.3.4/src/gga_c_am05.c Examining data/libxc-4.3.4/src/gga_c_bcgp.c Examining data/libxc-4.3.4/src/gga_c_bmk.c Examining data/libxc-4.3.4/src/gga_c_cs1.c Examining data/libxc-4.3.4/src/gga_c_ft97.c Examining data/libxc-4.3.4/src/gga_c_gapc.c Examining data/libxc-4.3.4/src/gga_c_gaploc.c Examining data/libxc-4.3.4/src/gga_c_hcth_a.c Examining data/libxc-4.3.4/src/gga_c_lm.c Examining data/libxc-4.3.4/src/gga_c_lyp.c Examining data/libxc-4.3.4/src/gga_c_op_b88.c Examining data/libxc-4.3.4/src/gga_c_op_g96.c Examining data/libxc-4.3.4/src/gga_c_op_pbe.c Examining data/libxc-4.3.4/src/gga_c_op_pw91.c Examining data/libxc-4.3.4/src/gga_c_op_xalpha.c Examining data/libxc-4.3.4/src/gga_c_optc.c Examining data/libxc-4.3.4/src/gga_c_p86.c Examining data/libxc-4.3.4/src/gga_c_pbe.c Examining data/libxc-4.3.4/src/gga_c_pbeloc.c Examining data/libxc-4.3.4/src/gga_c_pw91.c Examining data/libxc-4.3.4/src/gga_c_q2d.c Examining data/libxc-4.3.4/src/gga_c_regtpss.c Examining data/libxc-4.3.4/src/gga_c_revtca.c Examining data/libxc-4.3.4/src/gga_c_scan_e0.c Examining data/libxc-4.3.4/src/gga_c_sg4.c Examining data/libxc-4.3.4/src/gga_c_sogga11.c Examining data/libxc-4.3.4/src/gga_c_tca.c Examining data/libxc-4.3.4/src/gga_c_w94.c Examining data/libxc-4.3.4/src/gga_c_wi.c Examining data/libxc-4.3.4/src/gga_c_wl.c Examining data/libxc-4.3.4/src/gga_c_zpbeint.c Examining data/libxc-4.3.4/src/gga_c_zvpbeint.c Examining data/libxc-4.3.4/src/gga_k_dk.c Examining data/libxc-4.3.4/src/gga_k_exp4.c Examining data/libxc-4.3.4/src/gga_k_meyer.c Examining data/libxc-4.3.4/src/gga_k_ol1.c Examining data/libxc-4.3.4/src/gga_k_ol2.c Examining data/libxc-4.3.4/src/gga_k_pearson.c Examining data/libxc-4.3.4/src/gga_k_tflw.c Examining data/libxc-4.3.4/src/gga_k_thakkar.c Examining data/libxc-4.3.4/src/gga_x_2d_b86.c Examining data/libxc-4.3.4/src/gga_x_2d_b86_mgc.c Examining data/libxc-4.3.4/src/gga_x_2d_b88.c Examining data/libxc-4.3.4/src/gga_x_2d_pbe.c Examining data/libxc-4.3.4/src/gga_x_airy.c Examining data/libxc-4.3.4/src/gga_x_ak13.c Examining data/libxc-4.3.4/src/gga_x_am05.c Examining data/libxc-4.3.4/src/gga_x_b86.c Examining data/libxc-4.3.4/src/gga_x_b88.c Examining data/libxc-4.3.4/src/gga_x_bayesian.c Examining data/libxc-4.3.4/src/gga_x_beefvdw.c Examining data/libxc-4.3.4/src/gga_x_bpccac.c Examining data/libxc-4.3.4/src/gga_x_c09x.c Examining data/libxc-4.3.4/src/gga_x_cap.c Examining data/libxc-4.3.4/src/gga_x_chachiyo.c Examining data/libxc-4.3.4/src/gga_x_dk87.c Examining data/libxc-4.3.4/src/gga_x_ev93.c Examining data/libxc-4.3.4/src/gga_x_ft97.c Examining data/libxc-4.3.4/src/gga_x_g96.c Examining data/libxc-4.3.4/src/gga_x_gg99.c Examining data/libxc-4.3.4/src/gga_x_hcth_a.c Examining data/libxc-4.3.4/src/gga_x_herman.c Examining data/libxc-4.3.4/src/gga_x_hjs.c Examining data/libxc-4.3.4/src/gga_x_hjs_b88_v2.c Examining data/libxc-4.3.4/src/gga_x_htbs.c Examining data/libxc-4.3.4/src/gga_x_ityh.c Examining data/libxc-4.3.4/src/gga_x_kt.c Examining data/libxc-4.3.4/src/gga_x_lag.c Examining data/libxc-4.3.4/src/gga_x_lb.c Examining data/libxc-4.3.4/src/gga_x_lg93.c Examining data/libxc-4.3.4/src/gga_x_lv_rpw86.c Examining data/libxc-4.3.4/src/gga_x_mpbe.c Examining data/libxc-4.3.4/src/gga_x_n12.c Examining data/libxc-4.3.4/src/gga_x_optx.c Examining data/libxc-4.3.4/src/gga_x_pbe.c Examining data/libxc-4.3.4/src/gga_x_pbea.c Examining data/libxc-4.3.4/src/gga_x_pbeint.c Examining data/libxc-4.3.4/src/gga_x_pbepow.c Examining data/libxc-4.3.4/src/gga_x_pbetrans.c Examining data/libxc-4.3.4/src/gga_x_pw86.c Examining data/libxc-4.3.4/src/gga_x_pw91.c Examining data/libxc-4.3.4/src/gga_x_q2d.c Examining data/libxc-4.3.4/src/gga_x_rge2.c Examining data/libxc-4.3.4/src/gga_x_rpbe.c Examining data/libxc-4.3.4/src/gga_x_sfat.c Examining data/libxc-4.3.4/src/gga_x_sg4.c Examining data/libxc-4.3.4/src/gga_x_sogga11.c Examining data/libxc-4.3.4/src/gga_x_ssb_sw.c Examining data/libxc-4.3.4/src/gga_x_vmt.c Examining data/libxc-4.3.4/src/gga_x_vmt84.c Examining data/libxc-4.3.4/src/gga_x_wc.c Examining data/libxc-4.3.4/src/gga_x_wpbeh.c Examining data/libxc-4.3.4/src/gga_xc_1w.c Examining data/libxc-4.3.4/src/gga_xc_b97.c Examining data/libxc-4.3.4/src/gga_xc_edf1.c Examining data/libxc-4.3.4/src/gga_xc_oblyp_d.c Examining data/libxc-4.3.4/src/gga_xc_th1.c Examining data/libxc-4.3.4/src/gga_xc_th2.c Examining data/libxc-4.3.4/src/gga_xc_th3.c Examining data/libxc-4.3.4/src/gga_xc_vv10.c Examining data/libxc-4.3.4/src/hyb_gga_xc_b1wc.c Examining data/libxc-4.3.4/src/hyb_gga_xc_b3lyp.c Examining data/libxc-4.3.4/src/hyb_gga_xc_cam_b3lyp.c Examining data/libxc-4.3.4/src/hyb_gga_xc_camy_b3lyp.c Examining data/libxc-4.3.4/src/hyb_gga_xc_camy_blyp.c Examining data/libxc-4.3.4/src/hyb_gga_xc_edf2.c Examining data/libxc-4.3.4/src/hyb_gga_xc_hse.c Examining data/libxc-4.3.4/src/hyb_gga_xc_lcy_blyp.c Examining data/libxc-4.3.4/src/hyb_gga_xc_lcy_pbe.c Examining data/libxc-4.3.4/src/hyb_gga_xc_o3lyp.c Examining data/libxc-4.3.4/src/hyb_gga_xc_pbeh.c Examining data/libxc-4.3.4/src/hyb_gga_xc_wb97.c Examining data/libxc-4.3.4/src/hyb_mgga_x_dldf.c Examining data/libxc-4.3.4/src/hyb_mgga_x_m05.c Examining data/libxc-4.3.4/src/hyb_mgga_x_mvsh.c Examining data/libxc-4.3.4/src/hyb_mgga_xc_b88b95.c Examining data/libxc-4.3.4/src/hyb_mgga_xc_kcis.c Examining data/libxc-4.3.4/src/hyb_mgga_xc_tpssh.c Examining data/libxc-4.3.4/src/hyb_mgga_xc_wb97mv.c Examining data/libxc-4.3.4/src/integrate.c Examining data/libxc-4.3.4/src/lda.c Examining data/libxc-4.3.4/src/lda_c_1d_csc.c Examining data/libxc-4.3.4/src/lda_c_1d_loos.c Examining data/libxc-4.3.4/src/lda_c_2d_amgb.c Examining data/libxc-4.3.4/src/lda_c_2d_prm.c Examining data/libxc-4.3.4/src/lda_c_chachiyo.c Examining data/libxc-4.3.4/src/lda_c_gk72.c Examining data/libxc-4.3.4/src/lda_c_gombas.c Examining data/libxc-4.3.4/src/lda_c_hl.c Examining data/libxc-4.3.4/src/lda_c_lp96.c Examining data/libxc-4.3.4/src/lda_c_ml1.c Examining data/libxc-4.3.4/src/lda_c_pw.c Examining data/libxc-4.3.4/src/lda_c_pz.c Examining data/libxc-4.3.4/src/lda_c_rc04.c Examining data/libxc-4.3.4/src/lda_c_rpa.c Examining data/libxc-4.3.4/src/lda_c_vwn.c Examining data/libxc-4.3.4/src/lda_c_vwn_1.c Examining data/libxc-4.3.4/src/lda_c_vwn_2.c Examining data/libxc-4.3.4/src/lda_c_vwn_3.c Examining data/libxc-4.3.4/src/lda_c_vwn_4.c Examining data/libxc-4.3.4/src/lda_c_vwn_rpa.c Examining data/libxc-4.3.4/src/lda_c_wigner.c Examining data/libxc-4.3.4/src/lda_k_tf.c Examining data/libxc-4.3.4/src/lda_k_zlp.c Examining data/libxc-4.3.4/src/lda_x.c Examining data/libxc-4.3.4/src/lda_x_1d.c Examining data/libxc-4.3.4/src/lda_x_2d.c Examining data/libxc-4.3.4/src/lda_x_erf.c Examining data/libxc-4.3.4/src/lda_x_rel.c Examining data/libxc-4.3.4/src/lda_xc_1d_ehwlrg.c Examining data/libxc-4.3.4/src/lda_xc_ksdt.c Examining data/libxc-4.3.4/src/lda_xc_teter93.c Examining data/libxc-4.3.4/src/lda_xc_zlp.c Examining data/libxc-4.3.4/src/maple2c/gga_c_am05.c Examining data/libxc-4.3.4/src/maple2c/gga_c_bcgp.c Examining data/libxc-4.3.4/src/maple2c/gga_c_bmk.c Examining data/libxc-4.3.4/src/maple2c/gga_c_cs1.c Examining data/libxc-4.3.4/src/maple2c/gga_c_ft97.c Examining data/libxc-4.3.4/src/maple2c/gga_c_gapc.c Examining data/libxc-4.3.4/src/maple2c/gga_c_gaploc.c Examining data/libxc-4.3.4/src/maple2c/gga_c_hcth_a.c Examining data/libxc-4.3.4/src/maple2c/gga_c_lm.c Examining data/libxc-4.3.4/src/maple2c/gga_c_lyp.c Examining data/libxc-4.3.4/src/maple2c/gga_c_op_b88.c Examining data/libxc-4.3.4/src/maple2c/gga_c_op_g96.c Examining data/libxc-4.3.4/src/maple2c/gga_c_op_pbe.c Examining data/libxc-4.3.4/src/maple2c/gga_c_op_pw91.c Examining data/libxc-4.3.4/src/maple2c/gga_c_op_xalpha.c Examining data/libxc-4.3.4/src/maple2c/gga_c_optc.c Examining data/libxc-4.3.4/src/maple2c/gga_c_p86.c Examining data/libxc-4.3.4/src/maple2c/gga_c_pbe.c Examining data/libxc-4.3.4/src/maple2c/gga_c_pbeloc.c Examining data/libxc-4.3.4/src/maple2c/gga_c_pw91.c Examining data/libxc-4.3.4/src/maple2c/gga_c_q2d.c Examining data/libxc-4.3.4/src/maple2c/gga_c_regtpss.c Examining data/libxc-4.3.4/src/maple2c/gga_c_revtca.c Examining data/libxc-4.3.4/src/maple2c/gga_c_scan_e0.c Examining data/libxc-4.3.4/src/maple2c/gga_c_sg4.c Examining data/libxc-4.3.4/src/maple2c/gga_c_sogga11.c Examining data/libxc-4.3.4/src/maple2c/gga_c_tca.c Examining data/libxc-4.3.4/src/maple2c/gga_c_w94.c Examining data/libxc-4.3.4/src/maple2c/gga_c_wi.c Examining data/libxc-4.3.4/src/maple2c/gga_c_wl.c Examining data/libxc-4.3.4/src/maple2c/gga_c_zpbeint.c Examining data/libxc-4.3.4/src/maple2c/gga_c_zvpbeint.c Examining data/libxc-4.3.4/src/maple2c/gga_k_dk.c Examining data/libxc-4.3.4/src/maple2c/gga_k_exp4.c Examining data/libxc-4.3.4/src/maple2c/gga_k_meyer.c Examining data/libxc-4.3.4/src/maple2c/gga_k_ol1.c Examining data/libxc-4.3.4/src/maple2c/gga_k_ol2.c Examining data/libxc-4.3.4/src/maple2c/gga_k_pearson.c Examining data/libxc-4.3.4/src/maple2c/gga_k_tflw.c Examining data/libxc-4.3.4/src/maple2c/gga_k_thakkar.c Examining data/libxc-4.3.4/src/maple2c/gga_x_2d_b86.c Examining data/libxc-4.3.4/src/maple2c/gga_x_2d_b86_mgc.c Examining data/libxc-4.3.4/src/maple2c/gga_x_2d_b88.c Examining data/libxc-4.3.4/src/maple2c/gga_x_2d_pbe.c Examining data/libxc-4.3.4/src/maple2c/gga_x_airy.c Examining data/libxc-4.3.4/src/maple2c/gga_x_ak13.c Examining data/libxc-4.3.4/src/maple2c/gga_x_am05.c Examining data/libxc-4.3.4/src/maple2c/gga_x_b86.c Examining data/libxc-4.3.4/src/maple2c/gga_x_b88.c Examining data/libxc-4.3.4/src/maple2c/gga_x_bayesian.c Examining data/libxc-4.3.4/src/maple2c/gga_x_beefvdw.c Examining data/libxc-4.3.4/src/maple2c/gga_x_bpccac.c Examining data/libxc-4.3.4/src/maple2c/gga_x_c09x.c Examining data/libxc-4.3.4/src/maple2c/gga_x_cap.c Examining data/libxc-4.3.4/src/maple2c/gga_x_chachiyo.c Examining data/libxc-4.3.4/src/maple2c/gga_x_dk87.c Examining data/libxc-4.3.4/src/maple2c/gga_x_eg93.c Examining data/libxc-4.3.4/src/maple2c/gga_x_ft97.c Examining data/libxc-4.3.4/src/maple2c/gga_x_g96.c Examining data/libxc-4.3.4/src/maple2c/gga_x_hcth_a.c Examining data/libxc-4.3.4/src/maple2c/gga_x_herman.c Examining data/libxc-4.3.4/src/maple2c/gga_x_hjs.c Examining data/libxc-4.3.4/src/maple2c/gga_x_hjs_b88_v2.c Examining data/libxc-4.3.4/src/maple2c/gga_x_htbs.c Examining data/libxc-4.3.4/src/maple2c/gga_x_kt.c Examining data/libxc-4.3.4/src/maple2c/gga_x_lag.c Examining data/libxc-4.3.4/src/maple2c/gga_x_lg93.c Examining data/libxc-4.3.4/src/maple2c/gga_x_lv_rpw86.c Examining data/libxc-4.3.4/src/maple2c/gga_x_mpbe.c Examining data/libxc-4.3.4/src/maple2c/gga_x_n12.c Examining data/libxc-4.3.4/src/maple2c/gga_x_optx.c Examining data/libxc-4.3.4/src/maple2c/gga_x_pbe.c Examining data/libxc-4.3.4/src/maple2c/gga_x_pbea.c Examining data/libxc-4.3.4/src/maple2c/gga_x_pbeint.c Examining data/libxc-4.3.4/src/maple2c/gga_x_pbepow.c Examining data/libxc-4.3.4/src/maple2c/gga_x_pbetrans.c Examining data/libxc-4.3.4/src/maple2c/gga_x_pw86.c Examining data/libxc-4.3.4/src/maple2c/gga_x_pw91.c Examining data/libxc-4.3.4/src/maple2c/gga_x_q2d.c Examining data/libxc-4.3.4/src/maple2c/gga_x_rge2.c Examining data/libxc-4.3.4/src/maple2c/gga_x_rpbe.c Examining data/libxc-4.3.4/src/maple2c/gga_x_sg4.c Examining data/libxc-4.3.4/src/maple2c/gga_x_sogga11.c Examining data/libxc-4.3.4/src/maple2c/gga_x_ssb_sw.c Examining data/libxc-4.3.4/src/maple2c/gga_x_vmt.c Examining data/libxc-4.3.4/src/maple2c/gga_x_vmt84.c Examining data/libxc-4.3.4/src/maple2c/gga_x_wc.c Examining data/libxc-4.3.4/src/maple2c/gga_xc_b97.c Examining data/libxc-4.3.4/src/maple2c/gga_xc_th1.c Examining data/libxc-4.3.4/src/maple2c/gga_xc_th2.c Examining data/libxc-4.3.4/src/maple2c/gga_xc_th3.c Examining data/libxc-4.3.4/src/maple2c/hyb_gga_xc_wb97.c Examining data/libxc-4.3.4/src/maple2c/hyb_mgga_x_dldf.c Examining data/libxc-4.3.4/src/maple2c/hyb_mgga_x_m05.c Examining data/libxc-4.3.4/src/maple2c/hyb_mgga_xc_wb97mv.c Examining data/libxc-4.3.4/src/maple2c/lda_c_1d_csc.c Examining data/libxc-4.3.4/src/maple2c/lda_c_1d_loos.c Examining data/libxc-4.3.4/src/maple2c/lda_c_2d_amgb.c Examining data/libxc-4.3.4/src/maple2c/lda_c_2d_prm.c Examining data/libxc-4.3.4/src/maple2c/lda_c_chachiyo.c Examining data/libxc-4.3.4/src/maple2c/lda_c_gk72.c Examining data/libxc-4.3.4/src/maple2c/lda_c_gombas.c Examining data/libxc-4.3.4/src/maple2c/lda_c_hl.c Examining data/libxc-4.3.4/src/maple2c/lda_c_lp96.c Examining data/libxc-4.3.4/src/maple2c/lda_c_ml1.c Examining data/libxc-4.3.4/src/maple2c/lda_c_pk09.c Examining data/libxc-4.3.4/src/maple2c/lda_c_pw.c Examining data/libxc-4.3.4/src/maple2c/lda_c_pz.c Examining data/libxc-4.3.4/src/maple2c/lda_c_rc04.c Examining data/libxc-4.3.4/src/maple2c/lda_c_rpa.c Examining data/libxc-4.3.4/src/maple2c/lda_c_vwn.c Examining data/libxc-4.3.4/src/maple2c/lda_c_vwn_1.c Examining data/libxc-4.3.4/src/maple2c/lda_c_vwn_2.c Examining data/libxc-4.3.4/src/maple2c/lda_c_vwn_3.c Examining data/libxc-4.3.4/src/maple2c/lda_c_vwn_4.c Examining data/libxc-4.3.4/src/maple2c/lda_c_vwn_rpa.c Examining data/libxc-4.3.4/src/maple2c/lda_c_wigner.c Examining data/libxc-4.3.4/src/maple2c/lda_k_tf.c Examining data/libxc-4.3.4/src/maple2c/lda_k_zlp.c Examining data/libxc-4.3.4/src/maple2c/lda_x.c Examining data/libxc-4.3.4/src/maple2c/lda_x_2d.c Examining data/libxc-4.3.4/src/maple2c/lda_x_erf.c Examining data/libxc-4.3.4/src/maple2c/lda_x_rel.c Examining data/libxc-4.3.4/src/maple2c/lda_xc_1d_ehwlrg.c Examining data/libxc-4.3.4/src/maple2c/lda_xc_ksdt.c Examining data/libxc-4.3.4/src/maple2c/lda_xc_teter93.c Examining data/libxc-4.3.4/src/maple2c/lda_xc_zlp.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_b88.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_bc95.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_cs.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_kcis.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_m05.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_m06l.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_m08.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_pkzb.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_revscan.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_revtpss.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_scan.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_tpss.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_tpssloc.c Examining data/libxc-4.3.4/src/maple2c/mgga_c_vsxc.c Examining data/libxc-4.3.4/src/maple2c/mgga_k_pc07.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_br89_explicit.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_gvt4.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_gx.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_lta.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_m06l.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_m08.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_m11.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_m11_l.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_mbeef.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_mbeefvdw.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_mk00.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_mn12.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_ms.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_mvs.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_pbe_gx.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_pkzb.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_sa_tpss.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_scan.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_tau_hcth.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_tm.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_tpss.c Examining data/libxc-4.3.4/src/maple2c/mgga_x_vt84.c Examining data/libxc-4.3.4/src/maple2c/mgga_xc_b97mv.c Examining data/libxc-4.3.4/src/maple2c/mgga_xc_b98.c Examining data/libxc-4.3.4/src/maple2c/mgga_xc_cc06.c Examining data/libxc-4.3.4/src/maple2c/mgga_xc_lp90.c Examining data/libxc-4.3.4/src/maple2c/mgga_xc_zlp.c Examining data/libxc-4.3.4/src/mgga.c Examining data/libxc-4.3.4/src/mgga_c_b88.c Examining data/libxc-4.3.4/src/mgga_c_bc95.c Examining data/libxc-4.3.4/src/mgga_c_cs.c Examining data/libxc-4.3.4/src/mgga_c_kcis.c Examining data/libxc-4.3.4/src/mgga_c_m05.c Examining data/libxc-4.3.4/src/mgga_c_m06l.c Examining data/libxc-4.3.4/src/mgga_c_m08.c Examining data/libxc-4.3.4/src/mgga_c_pkzb.c Examining data/libxc-4.3.4/src/mgga_c_revscan.c Examining data/libxc-4.3.4/src/mgga_c_revtpss.c Examining data/libxc-4.3.4/src/mgga_c_scan.c Examining data/libxc-4.3.4/src/mgga_c_tpss.c Examining data/libxc-4.3.4/src/mgga_c_tpssloc.c Examining data/libxc-4.3.4/src/mgga_c_vsxc.c Examining data/libxc-4.3.4/src/mgga_k_pc07.c Examining data/libxc-4.3.4/src/mgga_x_2d_prhg07.c Examining data/libxc-4.3.4/src/mgga_x_br89.c Examining data/libxc-4.3.4/src/mgga_x_br89_explicit.c Examining data/libxc-4.3.4/src/mgga_x_gvt4.c Examining data/libxc-4.3.4/src/mgga_x_gx.c Examining data/libxc-4.3.4/src/mgga_x_lta.c Examining data/libxc-4.3.4/src/mgga_x_m06l.c Examining data/libxc-4.3.4/src/mgga_x_m08.c Examining data/libxc-4.3.4/src/mgga_x_m11.c Examining data/libxc-4.3.4/src/mgga_x_m11_l.c Examining data/libxc-4.3.4/src/mgga_x_mbeef.c Examining data/libxc-4.3.4/src/mgga_x_mbeefvdw.c Examining data/libxc-4.3.4/src/mgga_x_mk00.c Examining data/libxc-4.3.4/src/mgga_x_mn12.c Examining data/libxc-4.3.4/src/mgga_x_ms.c Examining data/libxc-4.3.4/src/mgga_x_mvs.c Examining data/libxc-4.3.4/src/mgga_x_pbe_gx.c Examining data/libxc-4.3.4/src/mgga_x_pkzb.c Examining data/libxc-4.3.4/src/mgga_x_sa_tpss.c Examining data/libxc-4.3.4/src/mgga_x_scan.c Examining data/libxc-4.3.4/src/mgga_x_tau_hcth.c Examining data/libxc-4.3.4/src/mgga_x_tm.c Examining data/libxc-4.3.4/src/mgga_x_tpss.c Examining data/libxc-4.3.4/src/mgga_x_vt84.c Examining data/libxc-4.3.4/src/mgga_xc_b97mv.c Examining data/libxc-4.3.4/src/mgga_xc_b98.c Examining data/libxc-4.3.4/src/mgga_xc_cc06.c Examining data/libxc-4.3.4/src/mgga_xc_hle17.c Examining data/libxc-4.3.4/src/mgga_xc_lp90.c Examining data/libxc-4.3.4/src/mgga_xc_otpss_d.c Examining data/libxc-4.3.4/src/mgga_xc_zlp.c Examining data/libxc-4.3.4/src/mix_func.c Examining data/libxc-4.3.4/src/references.c Examining data/libxc-4.3.4/src/references.h Examining data/libxc-4.3.4/src/special_functions.c Examining data/libxc-4.3.4/src/string_f.h Examining data/libxc-4.3.4/src/test.c Examining data/libxc-4.3.4/src/util.c Examining data/libxc-4.3.4/src/version.c Examining data/libxc-4.3.4/src/work_gga_c.c Examining data/libxc-4.3.4/src/work_gga_x.c Examining data/libxc-4.3.4/src/work_lda.c Examining data/libxc-4.3.4/src/work_mgga_c.c Examining data/libxc-4.3.4/src/work_mgga_x.c Examining data/libxc-4.3.4/src/xc-info.c Examining data/libxc-4.3.4/src/xc-sanity.c Examining data/libxc-4.3.4/src/xc-threshold.c Examining data/libxc-4.3.4/src/xc.h Examining data/libxc-4.3.4/src/xc_f.c Examining data/libxc-4.3.4/src/xc_funcs_removed.h Examining data/libxc-4.3.4/src/util.h Examining data/libxc-4.3.4/testsuite/xc-consistency.c Examining data/libxc-4.3.4/testsuite/xc-error.c Examining data/libxc-4.3.4/testsuite/xc-get_data.c Examining data/libxc-4.3.4/testsuite/xc-regression.c FINAL RESULTS: data/libxc-4.3.4/src/functionals.c:67:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p,xc_functional_keys[ii].name); data/libxc-4.3.4/src/functionals.c:172:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(list[ii],xc_functional_keys[ii].name); data/libxc-4.3.4/src/genwiki.c:145:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(r,buf); data/libxc-4.3.4/testsuite/xc-error.c:123:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. while(sscanf(buf+cur,"%s%n",legin[cin],&nread)==1) { data/libxc-4.3.4/testsuite/xc-error.c:136:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. while(sscanf(buf+cur,"%s%n",legref[cref],&nread)==1) { data/libxc-4.3.4/testsuite/xc-error.c:169:11: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. while(sscanf(buf+cur,fmt,&din[j],&nread)==1) { data/libxc-4.3.4/testsuite/xc-error.c:183:11: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. while(sscanf(buf+cur,fmt,&dref[j],&nread)==1) { data/libxc-4.3.4/testsuite/xc-regression.c:231:11: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. nsucc=sscanf(buf, fmt, &rhoa, &rhob, &sigmaaa, &sigmaab, &sigmabb, \ data/libxc-4.3.4/testsuite/xc-regression.c:367:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "zk"); data/libxc-4.3.4/testsuite/xc-regression.c:371:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt2, "vrho(a)", "vrho(b)"); data/libxc-4.3.4/testsuite/xc-regression.c:373:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "vsigma(aa)", "vsigma(ab)", "vsigma(bb)"); data/libxc-4.3.4/testsuite/xc-regression.c:375:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt2, "vlapl(a)", "vlapl(b)"); data/libxc-4.3.4/testsuite/xc-regression.c:376:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt2, "vtau(a)", "vtau(b)"); data/libxc-4.3.4/testsuite/xc-regression.c:379:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "vrho"); data/libxc-4.3.4/testsuite/xc-regression.c:381:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "vsigma"); data/libxc-4.3.4/testsuite/xc-regression.c:383:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "vlapl"); data/libxc-4.3.4/testsuite/xc-regression.c:384:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "vtau"); data/libxc-4.3.4/testsuite/xc-regression.c:391:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,sfmt3,"v2rho(aa)","v2rho(ab)","v2rho(bb)"); data/libxc-4.3.4/testsuite/xc-regression.c:393:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2sigma2(aa-aa)", "v2sigma2(aa-ab)", "v2sigma2(aa-bb)"); data/libxc-4.3.4/testsuite/xc-regression.c:394:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2sigma2(ab-ab)", "v2sigma2(ab-bb)", "v2sigma2(bb-bb)"); data/libxc-4.3.4/testsuite/xc-regression.c:395:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2rho(a)sigma(aa)", "v2rho(a)sigma(ab)", "v2rho(a)sigma(bb)"); data/libxc-4.3.4/testsuite/xc-regression.c:396:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2rho(b)sigma(aa)", "v2rho(b)sigma(ab)", "v2rho(b)sigma(bb)"); data/libxc-4.3.4/testsuite/xc-regression.c:399:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2lapl2(aa)", "v2lapl2(ab)", "v2lapl2(bb)"); data/libxc-4.3.4/testsuite/xc-regression.c:400:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2tau2(aa)", "v2tau2(ab)", "v2tau2(bb)"); data/libxc-4.3.4/testsuite/xc-regression.c:401:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2rholapl(aa)", "v2rholapl(ab)", "v2rholapl(bb)"); data/libxc-4.3.4/testsuite/xc-regression.c:402:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2rhotau(aa)", "v2rhotau(ab)", "v2rhotau(bb)"); data/libxc-4.3.4/testsuite/xc-regression.c:403:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2lapltau(aa)", "v2lapltau(ab)", "v2lapltau(bb)"); data/libxc-4.3.4/testsuite/xc-regression.c:404:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2sigma(aa)tau(a)", "v2sigma(aa)tau(b)", "v2sigma(ab)tau(a)"); data/libxc-4.3.4/testsuite/xc-regression.c:405:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2sigma(ab)tau(b)", "v2sigma(bb)tau(a)", "v2sigma(bb)tau(b)"); data/libxc-4.3.4/testsuite/xc-regression.c:406:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2sigma(aa)lapl(a)", "v2sigma(aa)lapl(b)", "v2sigma(ab)lapl(a)"); data/libxc-4.3.4/testsuite/xc-regression.c:407:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt3, "v2sigma(ab)lapl(b)", "v2sigma(bb)lapl(a)", "v2sigma(bb)lapl(b)"); data/libxc-4.3.4/testsuite/xc-regression.c:410:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,sfmt,"v2rho"); data/libxc-4.3.4/testsuite/xc-regression.c:412:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "v2sigma2"); data/libxc-4.3.4/testsuite/xc-regression.c:413:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "v2rhosigma"); data/libxc-4.3.4/testsuite/xc-regression.c:417:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "v2lapl2"); data/libxc-4.3.4/testsuite/xc-regression.c:418:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "v2tau2"); data/libxc-4.3.4/testsuite/xc-regression.c:419:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "v2rholapl"); data/libxc-4.3.4/testsuite/xc-regression.c:420:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "v2rhotau"); data/libxc-4.3.4/testsuite/xc-regression.c:421:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "v2lapltau"); data/libxc-4.3.4/testsuite/xc-regression.c:422:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "v2sigmatau"); data/libxc-4.3.4/testsuite/xc-regression.c:423:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, sfmt, "v2sigmalapl"); data/libxc-4.3.4/testsuite/xc-regression.c:439:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.zk[i]); data/libxc-4.3.4/testsuite/xc-regression.c:443:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt2, d.vrho[2 * i], d.vrho[2 * i + 1]); data/libxc-4.3.4/testsuite/xc-regression.c:445:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.vsigma[3 * i], d.vsigma[3 * i + 1], d.vsigma[3 * i + 2]); data/libxc-4.3.4/testsuite/xc-regression.c:447:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt2, d.vlapl[2 * i], d.vlapl[2 * i + 1]); data/libxc-4.3.4/testsuite/xc-regression.c:448:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt2, d.vtau[2 * i], d.vtau[2 * i + 1]); data/libxc-4.3.4/testsuite/xc-regression.c:451:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.vrho[i]); data/libxc-4.3.4/testsuite/xc-regression.c:453:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.vsigma[i]); data/libxc-4.3.4/testsuite/xc-regression.c:455:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.vlapl[i]); data/libxc-4.3.4/testsuite/xc-regression.c:456:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.vtau[i]); data/libxc-4.3.4/testsuite/xc-regression.c:463:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2rho2[3*i], d.v2rho2[3*i + 1], d.v2rho2[3*i + 2]); data/libxc-4.3.4/testsuite/xc-regression.c:465:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2sigma2[6*i], d.v2sigma2[6*i + 1], d.v2sigma2[6*i + 2]); data/libxc-4.3.4/testsuite/xc-regression.c:466:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2sigma2[6*i + 3], d.v2sigma2[6*i + 4], d.v2sigma2[6*i + 5]); data/libxc-4.3.4/testsuite/xc-regression.c:467:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2rhosigma[6*i], d.v2rhosigma[6*i + 1], d.v2rhosigma[6*i + 2]); data/libxc-4.3.4/testsuite/xc-regression.c:468:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2rhosigma[6*i + 3], d.v2rhosigma[6*i + 4], d.v2rhosigma[6*i + 5]); data/libxc-4.3.4/testsuite/xc-regression.c:471:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2lapl2[3*i], d.v2lapl2[3*i + 1], d.v2lapl2[3*i + 2]); data/libxc-4.3.4/testsuite/xc-regression.c:472:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2tau2[3*i], d.v2tau2[3*i + 1], d.v2tau2[3*i + 2]); data/libxc-4.3.4/testsuite/xc-regression.c:473:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2rholapl[3*i], d.v2rholapl[3*i + 1], d.v2rholapl[3*i + 2]); data/libxc-4.3.4/testsuite/xc-regression.c:474:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2rhotau[3*i], d.v2rhotau[3*i + 1], d.v2rhotau[3*i + 2]); data/libxc-4.3.4/testsuite/xc-regression.c:475:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2lapltau[3*i], d.v2lapltau[3*i + 1], d.v2lapltau[3*i + 2]); data/libxc-4.3.4/testsuite/xc-regression.c:476:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2sigmatau[3*i], d.v2sigmatau[3*i + 1], d.v2sigmatau[3*i + 2]); data/libxc-4.3.4/testsuite/xc-regression.c:477:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2sigmatau[3*i + 3], d.v2sigmatau[3*i + 4], d.v2sigmatau[3*i + 5]); data/libxc-4.3.4/testsuite/xc-regression.c:478:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2sigmalapl[3*i], d.v2sigmalapl[3*i + 1], d.v2sigmalapl[3*i + 2]); data/libxc-4.3.4/testsuite/xc-regression.c:479:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt3, d.v2sigmalapl[3*i + 3], d.v2sigmalapl[3*i + 4], d.v2sigmalapl[3*i + 5]); data/libxc-4.3.4/testsuite/xc-regression.c:482:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.v2rho2[i]); data/libxc-4.3.4/testsuite/xc-regression.c:484:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.v2sigma2[i]); data/libxc-4.3.4/testsuite/xc-regression.c:485:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.v2rhosigma[i]); data/libxc-4.3.4/testsuite/xc-regression.c:488:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.v2lapl2[i]); data/libxc-4.3.4/testsuite/xc-regression.c:489:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.v2tau2[i]); data/libxc-4.3.4/testsuite/xc-regression.c:490:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.v2rholapl[i]); data/libxc-4.3.4/testsuite/xc-regression.c:491:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.v2rhotau[i]); data/libxc-4.3.4/testsuite/xc-regression.c:492:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.v2lapltau[i]); data/libxc-4.3.4/testsuite/xc-regression.c:493:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.v2sigmatau[i]); data/libxc-4.3.4/testsuite/xc-regression.c:494:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, efmt, d.v2sigmalapl[i]); data/libxc-4.3.4/src/genwiki.c:38:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXLEN], *r; data/libxc-4.3.4/src/gga_c_bmk.c:65:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_n12, sizeof(gga_c_bmk_params)); data/libxc-4.3.4/src/gga_c_bmk.c:68:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_n12_sx, sizeof(gga_c_bmk_params)); data/libxc-4.3.4/src/gga_c_bmk.c:71:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_gam, sizeof(gga_c_bmk_params)); data/libxc-4.3.4/src/gga_c_bmk.c:74:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_bmk, sizeof(gga_c_bmk_params)); data/libxc-4.3.4/src/gga_c_bmk.c:77:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_tau_hcth, sizeof(gga_c_bmk_params)); data/libxc-4.3.4/src/gga_c_bmk.c:80:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_hyb_tau_hcth, sizeof(gga_c_bmk_params)); data/libxc-4.3.4/src/gga_c_sogga11.c:40:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_sogga11, sizeof(gga_c_sogga11_params)); data/libxc-4.3.4/src/gga_c_sogga11.c:43:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_sogga11_x, sizeof(gga_c_sogga11_params)); data/libxc-4.3.4/src/gga_c_wi.c:38:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &wi0_params, sizeof(gga_c_wi_params)); data/libxc-4.3.4/src/gga_c_wi.c:41:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &wi_params, sizeof(gga_c_wi_params)); data/libxc-4.3.4/src/gga_x_dk87.c:37:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_dk87_r1, sizeof(gga_x_dk87_params)); data/libxc-4.3.4/src/gga_x_dk87.c:40:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_dk87_r2, sizeof(gga_x_dk87_params)); data/libxc-4.3.4/src/gga_x_ft97.c:40:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_ft97_a, sizeof(gga_x_ft97_params)); data/libxc-4.3.4/src/gga_x_ft97.c:43:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_ft97_b, sizeof(gga_x_ft97_params)); data/libxc-4.3.4/src/gga_x_pw86.c:43:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_pw86, sizeof(gga_x_pw86_params)); data/libxc-4.3.4/src/gga_x_pw86.c:46:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_rpw86, sizeof(gga_x_pw86_params)); data/libxc-4.3.4/src/gga_x_pw86.c:49:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_fr_pw86, sizeof(gga_x_pw86_params)); data/libxc-4.3.4/src/gga_x_sogga11.c:42:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_sogga11, sizeof(gga_x_sogga11_params)); data/libxc-4.3.4/src/gga_x_sogga11.c:45:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_sogga11_x, sizeof(gga_x_sogga11_params)); data/libxc-4.3.4/src/gga_xc_b97.c:182:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_hcth_93, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:185:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_hcth_120, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:188:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_hcth_147, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:191:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_hcth_407, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:195:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_b97, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:199:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_b97_1, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:203:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_b97_2, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:206:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_b97_d, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:210:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_b97_k, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:214:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_b97_3, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:218:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_sb98_1a, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:222:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_sb98_1b, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:226:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_sb98_1c, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:230:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_sb98_2a, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:234:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_sb98_2b, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:238:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_sb98_2c, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:241:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_b97_gga1, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:244:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_hcth_p14, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:247:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_hcth_p76, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:250:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_hcth_407p, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:254:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_b97_1p, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/gga_xc_b97.c:257:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_hle16, sizeof(gga_xc_b97_params)); data/libxc-4.3.4/src/hyb_gga_xc_wb97.c:58:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_wb97, sizeof(gga_xc_wb97_params)); data/libxc-4.3.4/src/hyb_gga_xc_wb97.c:64:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_wb97x, sizeof(gga_xc_wb97_params)); data/libxc-4.3.4/src/hyb_gga_xc_wb97.c:72:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_wb97x_v, sizeof(gga_xc_wb97_params)); data/libxc-4.3.4/src/hyb_gga_xc_wb97.c:78:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_wb97x_d, sizeof(gga_xc_wb97_params)); data/libxc-4.3.4/src/hyb_mgga_x_m05.c:50:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m05, sizeof(mgga_x_m05_params)); data/libxc-4.3.4/src/hyb_mgga_x_m05.c:54:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m05_2x, sizeof(mgga_x_m05_params)); data/libxc-4.3.4/src/hyb_mgga_x_m05.c:58:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m06_2x, sizeof(mgga_x_m05_params)); data/libxc-4.3.4/src/lda_c_chachiyo.c:33:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_chachiyo, sizeof(lda_c_chachiyo_params)); data/libxc-4.3.4/src/lda_c_chachiyo.c:36:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_karasiev, sizeof(lda_c_chachiyo_params)); data/libxc-4.3.4/src/lda_c_hl.c:42:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_hl, sizeof(lda_c_hl_params)); data/libxc-4.3.4/src/lda_c_hl.c:45:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_gl, sizeof(lda_c_hl_params)); data/libxc-4.3.4/src/lda_c_hl.c:48:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_vbh, sizeof(lda_c_hl_params)); data/libxc-4.3.4/src/lda_c_lp96.c:32:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &c_lp96, sizeof(lda_c_lp96_params)); data/libxc-4.3.4/src/lda_c_lp96.c:35:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &k_lp96, sizeof(lda_c_lp96_params)); data/libxc-4.3.4/src/lda_c_pw.c:89:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_pw, sizeof(lda_c_pw_params)); data/libxc-4.3.4/src/lda_c_pw.c:92:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_pw_mod, sizeof(lda_c_pw_params)); data/libxc-4.3.4/src/lda_c_pw.c:95:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_ob, sizeof(lda_c_pw_params)); data/libxc-4.3.4/src/lda_c_pw.c:98:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_pw_rpa, sizeof(lda_c_pw_params)); data/libxc-4.3.4/src/lda_c_pz.c:72:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &pz_original, sizeof(lda_c_pz_params)); data/libxc-4.3.4/src/lda_c_pz.c:75:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &pz_modified, sizeof(lda_c_pz_params)); data/libxc-4.3.4/src/lda_c_pz.c:78:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &pz_ob, sizeof(lda_c_pz_params)); data/libxc-4.3.4/src/lda_xc_ksdt.c:74:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_ksdt, sizeof(lda_xc_ksdt_params)); data/libxc-4.3.4/src/lda_xc_ksdt.c:77:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_gdsmfb, sizeof(lda_xc_ksdt_params)); data/libxc-4.3.4/src/mgga_c_m05.c:50:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m05, sizeof(mgga_c_m05_params)); data/libxc-4.3.4/src/mgga_c_m05.c:53:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m05_2x, sizeof(mgga_c_m05_params)); data/libxc-4.3.4/src/mgga_c_m05.c:56:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_dldf, sizeof(mgga_c_m05_params)); data/libxc-4.3.4/src/mgga_c_m06l.c:82:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m06l, sizeof(mgga_c_m06l_params)); data/libxc-4.3.4/src/mgga_c_m06l.c:85:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m06hf, sizeof(mgga_c_m06l_params)); data/libxc-4.3.4/src/mgga_c_m06l.c:88:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m06, sizeof(mgga_c_m06l_params)); data/libxc-4.3.4/src/mgga_c_m06l.c:91:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m062x, sizeof(mgga_c_m06l_params)); data/libxc-4.3.4/src/mgga_c_m06l.c:94:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_revm06l, sizeof(mgga_c_m06l_params)); data/libxc-4.3.4/src/mgga_c_m08.c:118:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m08_hx, sizeof(mgga_c_m08_params)); data/libxc-4.3.4/src/mgga_c_m08.c:121:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m08_so, sizeof(mgga_c_m08_params)); data/libxc-4.3.4/src/mgga_c_m08.c:124:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m11, sizeof(mgga_c_m08_params)); data/libxc-4.3.4/src/mgga_c_m08.c:127:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m11_l, sizeof(mgga_c_m08_params)); data/libxc-4.3.4/src/mgga_c_m08.c:130:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_mn12_l, sizeof(mgga_c_m08_params)); data/libxc-4.3.4/src/mgga_c_m08.c:133:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_mn12_sx, sizeof(mgga_c_m08_params)); data/libxc-4.3.4/src/mgga_c_m08.c:136:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_mn15_l, sizeof(mgga_c_m08_params)); data/libxc-4.3.4/src/mgga_c_m08.c:139:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_mn15, sizeof(mgga_c_m08_params)); data/libxc-4.3.4/src/mgga_c_vsxc.c:36:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_vsxc, sizeof(mgga_c_vsxc_params)); data/libxc-4.3.4/src/mgga_x_m08.c:51:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m08_hx, sizeof(mgga_x_m08_params)); data/libxc-4.3.4/src/mgga_x_m08.c:55:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m08_so, sizeof(mgga_x_m08_params)); data/libxc-4.3.4/src/mgga_x_m11.c:40:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m11, sizeof(mgga_x_m11_params)); data/libxc-4.3.4/src/mgga_x_m11_l.c:45:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_m11_l, sizeof(mgga_x_m11_l_params)); data/libxc-4.3.4/src/mgga_x_mn12.c:96:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_mn12_l, sizeof(mgga_x_mn12_params)); data/libxc-4.3.4/src/mgga_x_mn12.c:99:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_mn12_sx, sizeof(mgga_x_mn12_params)); data/libxc-4.3.4/src/mgga_x_mn12.c:105:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_mn15_l, sizeof(mgga_x_mn12_params)); data/libxc-4.3.4/src/mgga_x_mn12.c:108:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_mn15, sizeof(mgga_x_mn12_params)); data/libxc-4.3.4/src/mgga_x_scan.c:35:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_scan, sizeof(mgga_x_scan_params)); data/libxc-4.3.4/src/mgga_x_scan.c:38:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params, &par_revscan, sizeof(mgga_x_scan_params)); data/libxc-4.3.4/src/util.h:131:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libxc-4.3.4/src/xc-info.c:27:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). func_id = atoi(argv[1]); data/libxc-4.3.4/src/xc-sanity.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kind[5], family[10]; data/libxc-4.3.4/src/xc-sanity.c:53:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(kind,"_x_"); data/libxc-4.3.4/src/xc-sanity.c:57:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(kind,"_c_"); data/libxc-4.3.4/src/xc-sanity.c:61:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(kind,"_xc_"); data/libxc-4.3.4/src/xc-sanity.c:65:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(kind,"_k_"); data/libxc-4.3.4/src/xc-sanity.c:79:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(family,"lda_"); data/libxc-4.3.4/src/xc-sanity.c:83:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(family,"gga_"); data/libxc-4.3.4/src/xc-sanity.c:87:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(family,"mgga_"); data/libxc-4.3.4/src/xc-sanity.c:91:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(family,"hyb_gga_"); data/libxc-4.3.4/src/xc-sanity.c:95:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(family,"hyb_mgga_"); data/libxc-4.3.4/src/xc-threshold.c:323:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). id = atoi(argv[1]); data/libxc-4.3.4/src/xc-threshold.c:324:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). testcase = atoi(argv[2]); data/libxc-4.3.4/testsuite/xc-consistency.c:440:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). test_functional(atoi(argv[1])); data/libxc-4.3.4/testsuite/xc-consistency.c:444:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). test_functional(atoi(argv[1])); data/libxc-4.3.4/testsuite/xc-error.c:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/libxc-4.3.4/testsuite/xc-error.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char legin[MAXCOL][LEGLEN], legref[MAXCOL][LEGLEN]; data/libxc-4.3.4/testsuite/xc-error.c:84:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in=fopen(argv[1],"r"); data/libxc-4.3.4/testsuite/xc-error.c:90:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ref=fopen(argv[2],"r"); data/libxc-4.3.4/testsuite/xc-error.c:209:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(argc==5 && atoi(argv[4])) { data/libxc-4.3.4/testsuite/xc-get_data.c:63:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xc_values->functional = atoi(argv[1]); data/libxc-4.3.4/testsuite/xc-get_data.c:64:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xc_values->nspin = atoi(argv[2]); data/libxc-4.3.4/testsuite/xc-regression.c:183:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/libxc-4.3.4/testsuite/xc-regression.c:201:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in=fopen(file,"r"); data/libxc-4.3.4/testsuite/xc-regression.c:294:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nspin = atoi(argv[2]); data/libxc-4.3.4/testsuite/xc-regression.c:297:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). order = atoi(argv[3]); data/libxc-4.3.4/testsuite/xc-regression.c:355:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(fname,"w"); data/libxc-4.3.4/src/functionals.c:66:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p=malloc(strlen(xc_functional_keys[ii].name)+1); data/libxc-4.3.4/src/functionals.c:149:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen(xc_functional_keys[i].name); data/libxc-4.3.4/src/genwiki.c:40:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=0, j=0; i<strlen(doi); i++) { data/libxc-4.3.4/src/genwiki.c:144:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r=malloc(strlen(buf)+1); data/libxc-4.3.4/src/genwiki.c:220:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=0; i<strlen(fname); i++) data/libxc-4.3.4/src/genwiki.c:229:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(func.info->refs[i]->doi) > 0) { data/libxc-4.3.4/src/string_f.h:21:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(c, _fcdtocp(f), slen); \ data/libxc-4.3.4/src/string_f.h:29:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(c); \ data/libxc-4.3.4/src/xc-info.c:75:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(func.info->refs[i]->doi) > 0){ ANALYSIS SUMMARY: Hits = 203 Lines analyzed = 136600 in approximately 8.83 seconds (15471 lines/second) Physical Source Lines of Code (SLOC) = 124465 Hits@level = [0] 290 [1] 9 [2] 120 [3] 0 [4] 74 [5] 0 Hits@level+ = [0+] 493 [1+] 203 [2+] 194 [3+] 74 [4+] 74 [5+] 0 Hits/KSLOC@level+ = [0+] 3.96095 [1+] 1.63098 [2+] 1.55867 [3+] 0.594545 [4+] 0.594545 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.