Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mccs-1.1/sources/abstract_combiner.h
Examining data/mccs-1.1/sources/abstract_criteria.h
Examining data/mccs-1.1/sources/abstract_solver.h
Examining data/mccs-1.1/sources/agregate_combiner.c
Examining data/mccs-1.1/sources/agregate_combiner.h
Examining data/mccs-1.1/sources/changed_criteria.c
Examining data/mccs-1.1/sources/changed_criteria.h
Examining data/mccs-1.1/sources/combiner.h
Examining data/mccs-1.1/sources/constraint_generation.c
Examining data/mccs-1.1/sources/constraint_generation.h
Examining data/mccs-1.1/sources/count_criteria.c
Examining data/mccs-1.1/sources/count_criteria.h
Examining data/mccs-1.1/sources/cplex_solver.c
Examining data/mccs-1.1/sources/cplex_solver.h
Examining data/mccs-1.1/sources/criteria.h
Examining data/mccs-1.1/sources/cudf_reductions.c
Examining data/mccs-1.1/sources/cudf_reductions.h
Examining data/mccs-1.1/sources/cudf_types.h
Examining data/mccs-1.1/sources/glpk_solver.c
Examining data/mccs-1.1/sources/glpk_solver.h
Examining data/mccs-1.1/sources/gurobi_solver.c
Examining data/mccs-1.1/sources/gurobi_solver.h
Examining data/mccs-1.1/sources/lexagregate_combiner.c
Examining data/mccs-1.1/sources/lexagregate_combiner.h
Examining data/mccs-1.1/sources/lexicographic_combiner.c
Examining data/mccs-1.1/sources/lexicographic_combiner.h
Examining data/mccs-1.1/sources/leximax_combiner.c
Examining data/mccs-1.1/sources/leximax_combiner.h
Examining data/mccs-1.1/sources/leximin_combiner.c
Examining data/mccs-1.1/sources/leximin_combiner.h
Examining data/mccs-1.1/sources/lexleximax_combiner.c
Examining data/mccs-1.1/sources/lexleximax_combiner.h
Examining data/mccs-1.1/sources/lexleximin_combiner.c
Examining data/mccs-1.1/sources/lexleximin_combiner.h
Examining data/mccs-1.1/sources/lexsemiagregate_combiner.c
Examining data/mccs-1.1/sources/lexsemiagregate_combiner.h
Examining data/mccs-1.1/sources/lp_solver.c
Examining data/mccs-1.1/sources/lp_solver.h
Examining data/mccs-1.1/sources/lpsolve_solver.c
Examining data/mccs-1.1/sources/lpsolve_solver.h
Examining data/mccs-1.1/sources/new_criteria.c
Examining data/mccs-1.1/sources/new_criteria.h
Examining data/mccs-1.1/sources/notuptodate_criteria.c
Examining data/mccs-1.1/sources/notuptodate_criteria.h
Examining data/mccs-1.1/sources/nunsat_criteria.c
Examining data/mccs-1.1/sources/nunsat_criteria.h
Examining data/mccs-1.1/sources/pblib_solver.c
Examining data/mccs-1.1/sources/pblib_solver.h
Examining data/mccs-1.1/sources/removed_criteria.c
Examining data/mccs-1.1/sources/removed_criteria.h
Examining data/mccs-1.1/sources/scoeff_solver.h
Examining data/mccs-1.1/sources/unaligned_criteria.c
Examining data/mccs-1.1/sources/unaligned_criteria.h
Examining data/mccs-1.1/sources/cudf.c
Examining data/mccs-1.1/libsrcs/cudf.h
Examining data/mccs-1.1/libsrcs/cudf_hash_table.c
Examining data/mccs-1.1/libsrcs/cudf_hash_table.h
Examining data/mccs-1.1/libsrcs/cudf_tools.c
FINAL RESULTS:
data/mccs-1.1/libsrcs/cudf_hash_table.c:73:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hash_name, pkgname);
data/mccs-1.1/libsrcs/cudf_tools.c:30:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, pkg_name);
data/mccs-1.1/libsrcs/cudf_tools.c:60:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(versioned_name, "%s_%s", name, temp);
data/mccs-1.1/libsrcs/cudf_tools.c:72:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, pkg_name);
data/mccs-1.1/libsrcs/cudf_tools.c:93:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tname);
data/mccs-1.1/libsrcs/cudf_tools.c:111:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tname);
data/mccs-1.1/libsrcs/cudf_tools.c:145:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tname);
data/mccs-1.1/libsrcs/cudf_tools.c:161:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tname);
data/mccs-1.1/libsrcs/cudf_tools.c:180:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tname);
data/mccs-1.1/libsrcs/cudf_tools.c:205:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tname);
data/mccs-1.1/libsrcs/cudf_tools.c:222:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tname);
data/mccs-1.1/libsrcs/cudf_tools.c:239:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tname);
data/mccs-1.1/libsrcs/cudf_tools.c:261:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_nvalue, the_value);
data/mccs-1.1/sources/cplex_solver.c:117:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, buffer);
data/mccs-1.1/sources/cplex_solver.c:134:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, buffer);
data/mccs-1.1/sources/cudf.c:177:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(crit_descr+start, CUDFflags, &lambda) != 1) {
data/mccs-1.1/sources/glpk_solver.c:157:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, buffer);
data/mccs-1.1/sources/gurobi_solver.c:85:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, buffer);
data/mccs-1.1/sources/lp_solver.c:39:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(ctlpfilename, TMP_FILES_PATH "ctlp_%lu_%lu.lp", (long unsigned)getuid(), (long unsigned)getpid());
data/mccs-1.1/sources/lp_solver.c:66:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(lpfilename, TMP_FILES_PATH "lppbs_%lu_%lu.lp", (long unsigned)getuid(), (long unsigned)getpid());
data/mccs-1.1/sources/lp_solver.c:67:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(lpoutfilename, TMP_FILES_PATH "lppbs_%lu_%lu.out", (long unsigned)getuid(), (long unsigned)getpid());
data/mccs-1.1/sources/lp_solver.c:104:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "cat %s >> %s; %s %s > %s 2> /dev/null",
data/mccs-1.1/sources/lp_solver.c:107:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "cat %s >> %s; %s %s | tee %s",
data/mccs-1.1/sources/lp_solver.c:110:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) == -1) {
data/mccs-1.1/sources/lpsolve_solver.c:183:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, buffer);
data/mccs-1.1/sources/pblib_solver.c:39:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(ctpbfilename, TMP_FILES_PATH "ctpblib_%lu_%lu.lp", (long unsigned)getuid(), (long unsigned)getpid());
data/mccs-1.1/sources/pblib_solver.c:67:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(pbfilename, TMP_FILES_PATH "pblib_%lu_%lu.opb", (long unsigned)getuid(), (long unsigned)getpid());
data/mccs-1.1/sources/pblib_solver.c:68:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(pboutfilename, TMP_FILES_PATH "pblib_%lu_%lu.out", (long unsigned)getuid(), (long unsigned)getpid());
data/mccs-1.1/sources/pblib_solver.c:99:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "cat %s >> %s; %s -f %s > %s 2> /dev/null",
data/mccs-1.1/sources/pblib_solver.c:102:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "cat %s >> %s; %s %s > %s 2> /dev/null",
data/mccs-1.1/sources/pblib_solver.c:106:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "cat %s >> %s; %s -f %s | tee %s",
data/mccs-1.1/sources/pblib_solver.c:109:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "cat %s >> %s; %s %s | tee %s",
data/mccs-1.1/sources/pblib_solver.c:113:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) == -1) {
data/mccs-1.1/libsrcs/cudf_hash_table.c:67:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash_name[1024]; /* Always use the same buffer for hash table ... otherwise it stucks ... */
data/mccs-1.1/libsrcs/cudf_tools.c:53:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[50];
data/mccs-1.1/libsrcs/cudf_tools.c:55:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "%llu", pkg_version);
data/mccs-1.1/sources/cplex_solver.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[1024];
data/mccs-1.1/sources/cplex_solver.c:110:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/mccs-1.1/sources/cplex_solver.c:112:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "x%d", i);
data/mccs-1.1/sources/cplex_solver.c:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/mccs-1.1/sources/cplex_solver.c:129:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "x%d", i);
data/mccs-1.1/sources/cplex_solver.c:230:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/mccs-1.1/sources/cplex_solver.c:231:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "cplexpbs%d.lp", i);
data/mccs-1.1/sources/cudf.c:436:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input_file = fopen(argv[i], "r")) == (FILE *)NULL) {
data/mccs-1.1/sources/cudf.c:452:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((output_file = fopen(argv[i], "w")) == (FILE *)NULL) {
data/mccs-1.1/sources/cudf.c:682:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_installed = fopen("installed.txt", "w");
data/mccs-1.1/sources/cudf.c:683:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_removed = fopen("removed.txt", "w");
data/mccs-1.1/sources/glpk_solver.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/mccs-1.1/sources/glpk_solver.c:152:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "x%d", i);
data/mccs-1.1/sources/gurobi_solver.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/mccs-1.1/sources/gurobi_solver.c:80:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "x%d", i);
data/mccs-1.1/sources/lp_solver.c:40:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctlpfile = fopen(ctlpfilename, "w");
data/mccs-1.1/sources/lp_solver.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/mccs-1.1/sources/lp_solver.c:72:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((lpfile = fopen(lpfilename, "w")) == (FILE *)NULL) {
data/mccs-1.1/sources/lp_solver.c:115:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fsol = fopen(lpoutfilename, "r")) == (FILE *)NULL) {
data/mccs-1.1/sources/lp_solver.h:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctlpfilename[256];
data/mccs-1.1/sources/lp_solver.h:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lpfilename[256];
data/mccs-1.1/sources/lp_solver.h:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lpoutfilename[256];
data/mccs-1.1/sources/lpsolve_solver.c:176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/mccs-1.1/sources/lpsolve_solver.c:178:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "x%d", i);
data/mccs-1.1/sources/pblib_solver.c:40:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctpbfile = fopen(ctpbfilename, "w");
data/mccs-1.1/sources/pblib_solver.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/mccs-1.1/sources/pblib_solver.c:73:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pbfile = fopen(pbfilename, "w")) == (FILE *)NULL) {
data/mccs-1.1/sources/pblib_solver.c:118:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fsol = fopen(pboutfilename, "r")) == (FILE *)NULL) {
data/mccs-1.1/sources/pblib_solver.c:129:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[2048]; char *buffer = buff;
data/mccs-1.1/sources/pblib_solver.h:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctpbfilename[256];
data/mccs-1.1/sources/pblib_solver.h:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbfilename[256];
data/mccs-1.1/sources/pblib_solver.h:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pboutfilename[256];
data/mccs-1.1/sources/unaligned_criteria.c:48:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(ptr+1);
data/mccs-1.1/libsrcs/cudf_hash_table.c:45:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lgth = strlen(pkgname);
data/mccs-1.1/libsrcs/cudf_hash_table.c:52:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lgth = strlen(pkg->name);
data/mccs-1.1/libsrcs/cudf_hash_table.c:90:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lgth = strlen(pkgname);
data/mccs-1.1/libsrcs/cudf_hash_table.c:97:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lgth = strlen(pkg->name);
data/mccs-1.1/libsrcs/cudf_hash_table.c:129:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lgth = strlen(pkgname);
data/mccs-1.1/libsrcs/cudf_hash_table.c:136:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lgth = strlen(pkg->name);
data/mccs-1.1/libsrcs/cudf_tools.c:26:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name = (char *)malloc(strlen(pkg_name)+1)) == NULL) {
data/mccs-1.1/libsrcs/cudf_tools.c:56:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((versioned_name = (char *)malloc(strlen(name)+strlen(temp)+2)) == NULL) {
data/mccs-1.1/libsrcs/cudf_tools.c:56:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((versioned_name = (char *)malloc(strlen(name)+strlen(temp)+2)) == NULL) {
data/mccs-1.1/libsrcs/cudf_tools.c:68:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name = (char *)malloc(strlen(pkg_name)+1)) == NULL) {
data/mccs-1.1/libsrcs/cudf_tools.c:87:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lgth = strlen(tname);
data/mccs-1.1/libsrcs/cudf_tools.c:105:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lgth = strlen(tname);
data/mccs-1.1/libsrcs/cudf_tools.c:139:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lgth = strlen(tname);
data/mccs-1.1/libsrcs/cudf_tools.c:155:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lgth = strlen(tname);
data/mccs-1.1/libsrcs/cudf_tools.c:174:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lgth = strlen(tname);
data/mccs-1.1/libsrcs/cudf_tools.c:199:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lgth = strlen(tname);
data/mccs-1.1/libsrcs/cudf_tools.c:216:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lgth = strlen(tname);
data/mccs-1.1/libsrcs/cudf_tools.c:233:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lgth = strlen(tname);
data/mccs-1.1/libsrcs/cudf_tools.c:257:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *the_nvalue = (char *)malloc(strlen(the_value)+1);
data/mccs-1.1/libsrcs/cudf_tools.c:377:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lgth = strlen(str);
data/mccs-1.1/sources/cplex_solver.c:113:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) {
data/mccs-1.1/sources/cplex_solver.c:130:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) {
data/mccs-1.1/sources/cudf.c:116:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (; pos < strlen(crit_descr); pos++)
data/mccs-1.1/sources/cudf.c:216:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(property, crit_descr+start, length);
data/mccs-1.1/sources/cudf.c:279:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(property, crit_descr+start, length);
data/mccs-1.1/sources/cudf.c:319:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (pos += 1; pos < strlen(crit_descr) && crit_descr[pos] != ']';) {
data/mccs-1.1/sources/cudf.c:337:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (; pos < strlen(crit_descr); pos++) {
data/mccs-1.1/sources/glpk_solver.c:153:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) {
data/mccs-1.1/sources/gurobi_solver.c:81:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) {
data/mccs-1.1/sources/lpsolve_solver.c:179:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) {
data/mccs-1.1/sources/pblib_solver.c:34:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = 0; i < ((int)strlen(pb_solver) - 7); i++)
data/mccs-1.1/sources/pblib_solver.c:64:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = 0; i < ((int)strlen(pb_solver) - 4); i++)
data/mccs-1.1/sources/pblib_solver.c:160:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char c = fgetc(fsol);
data/mccs-1.1/sources/pblib_solver.c:165:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fsol);
data/mccs-1.1/sources/pblib_solver.c:172:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fsol);
data/mccs-1.1/sources/pblib_solver.c:176:35: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (! feof(fsol)) { if (fgetc(fsol) == ' ') break;}
data/mccs-1.1/sources/pblib_solver.c:182:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fsol);
data/mccs-1.1/sources/pblib_solver.c:185:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((! feof(fsol)) && (fgetc(fsol) != '\n'));
data/mccs-1.1/sources/unaligned_criteria.c:41:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(version_name);
ANALYSIS SUMMARY:
Hits = 108
Lines analyzed = 9122 in approximately 0.29 seconds (31601 lines/second)
Physical Source Lines of Code (SLOC) = 6051
Hits@level = [0] 426 [1] 39 [2] 36 [3] 0 [4] 33 [5] 0
Hits@level+ = [0+] 534 [1+] 108 [2+] 69 [3+] 33 [4+] 33 [5+] 0
Hits/KSLOC@level+ = [0+] 88.2499 [1+] 17.8483 [2+] 11.4031 [3+] 5.45364 [4+] 5.45364 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.