Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/mccs-1.1/sources/abstract_combiner.h Examining data/mccs-1.1/sources/abstract_criteria.h Examining data/mccs-1.1/sources/abstract_solver.h Examining data/mccs-1.1/sources/agregate_combiner.c Examining data/mccs-1.1/sources/agregate_combiner.h Examining data/mccs-1.1/sources/changed_criteria.c Examining data/mccs-1.1/sources/changed_criteria.h Examining data/mccs-1.1/sources/combiner.h Examining data/mccs-1.1/sources/constraint_generation.c Examining data/mccs-1.1/sources/constraint_generation.h Examining data/mccs-1.1/sources/count_criteria.c Examining data/mccs-1.1/sources/count_criteria.h Examining data/mccs-1.1/sources/cplex_solver.c Examining data/mccs-1.1/sources/cplex_solver.h Examining data/mccs-1.1/sources/criteria.h Examining data/mccs-1.1/sources/cudf_reductions.c Examining data/mccs-1.1/sources/cudf_reductions.h Examining data/mccs-1.1/sources/cudf_types.h Examining data/mccs-1.1/sources/glpk_solver.c Examining data/mccs-1.1/sources/glpk_solver.h Examining data/mccs-1.1/sources/gurobi_solver.c Examining data/mccs-1.1/sources/gurobi_solver.h Examining data/mccs-1.1/sources/lexagregate_combiner.c Examining data/mccs-1.1/sources/lexagregate_combiner.h Examining data/mccs-1.1/sources/lexicographic_combiner.c Examining data/mccs-1.1/sources/lexicographic_combiner.h Examining data/mccs-1.1/sources/leximax_combiner.c Examining data/mccs-1.1/sources/leximax_combiner.h Examining data/mccs-1.1/sources/leximin_combiner.c Examining data/mccs-1.1/sources/leximin_combiner.h Examining data/mccs-1.1/sources/lexleximax_combiner.c Examining data/mccs-1.1/sources/lexleximax_combiner.h Examining data/mccs-1.1/sources/lexleximin_combiner.c Examining data/mccs-1.1/sources/lexleximin_combiner.h Examining data/mccs-1.1/sources/lexsemiagregate_combiner.c Examining data/mccs-1.1/sources/lexsemiagregate_combiner.h Examining data/mccs-1.1/sources/lp_solver.c Examining data/mccs-1.1/sources/lp_solver.h Examining data/mccs-1.1/sources/lpsolve_solver.c Examining data/mccs-1.1/sources/lpsolve_solver.h Examining data/mccs-1.1/sources/new_criteria.c Examining data/mccs-1.1/sources/new_criteria.h Examining data/mccs-1.1/sources/notuptodate_criteria.c Examining data/mccs-1.1/sources/notuptodate_criteria.h Examining data/mccs-1.1/sources/nunsat_criteria.c Examining data/mccs-1.1/sources/nunsat_criteria.h Examining data/mccs-1.1/sources/pblib_solver.c Examining data/mccs-1.1/sources/pblib_solver.h Examining data/mccs-1.1/sources/removed_criteria.c Examining data/mccs-1.1/sources/removed_criteria.h Examining data/mccs-1.1/sources/scoeff_solver.h Examining data/mccs-1.1/sources/unaligned_criteria.c Examining data/mccs-1.1/sources/unaligned_criteria.h Examining data/mccs-1.1/sources/cudf.c Examining data/mccs-1.1/libsrcs/cudf.h Examining data/mccs-1.1/libsrcs/cudf_hash_table.c Examining data/mccs-1.1/libsrcs/cudf_hash_table.h Examining data/mccs-1.1/libsrcs/cudf_tools.c FINAL RESULTS: data/mccs-1.1/libsrcs/cudf_hash_table.c:73:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hash_name, pkgname); data/mccs-1.1/libsrcs/cudf_tools.c:30:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, pkg_name); data/mccs-1.1/libsrcs/cudf_tools.c:60:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(versioned_name, "%s_%s", name, temp); data/mccs-1.1/libsrcs/cudf_tools.c:72:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, pkg_name); data/mccs-1.1/libsrcs/cudf_tools.c:93:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, tname); data/mccs-1.1/libsrcs/cudf_tools.c:111:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, tname); data/mccs-1.1/libsrcs/cudf_tools.c:145:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, tname); data/mccs-1.1/libsrcs/cudf_tools.c:161:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, tname); data/mccs-1.1/libsrcs/cudf_tools.c:180:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, tname); data/mccs-1.1/libsrcs/cudf_tools.c:205:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, tname); data/mccs-1.1/libsrcs/cudf_tools.c:222:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, tname); data/mccs-1.1/libsrcs/cudf_tools.c:239:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, tname); data/mccs-1.1/libsrcs/cudf_tools.c:261:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(the_nvalue, the_value); data/mccs-1.1/sources/cplex_solver.c:117:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, buffer); data/mccs-1.1/sources/cplex_solver.c:134:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, buffer); data/mccs-1.1/sources/cudf.c:177:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(crit_descr+start, CUDFflags, &lambda) != 1) { data/mccs-1.1/sources/glpk_solver.c:157:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, buffer); data/mccs-1.1/sources/gurobi_solver.c:85:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, buffer); data/mccs-1.1/sources/lp_solver.c:39:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(ctlpfilename, TMP_FILES_PATH "ctlp_%lu_%lu.lp", (long unsigned)getuid(), (long unsigned)getpid()); data/mccs-1.1/sources/lp_solver.c:66:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(lpfilename, TMP_FILES_PATH "lppbs_%lu_%lu.lp", (long unsigned)getuid(), (long unsigned)getpid()); data/mccs-1.1/sources/lp_solver.c:67:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(lpoutfilename, TMP_FILES_PATH "lppbs_%lu_%lu.out", (long unsigned)getuid(), (long unsigned)getpid()); data/mccs-1.1/sources/lp_solver.c:104:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "cat %s >> %s; %s %s > %s 2> /dev/null", data/mccs-1.1/sources/lp_solver.c:107:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "cat %s >> %s; %s %s | tee %s", data/mccs-1.1/sources/lp_solver.c:110:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(command) == -1) { data/mccs-1.1/sources/lpsolve_solver.c:183:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, buffer); data/mccs-1.1/sources/pblib_solver.c:39:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(ctpbfilename, TMP_FILES_PATH "ctpblib_%lu_%lu.lp", (long unsigned)getuid(), (long unsigned)getpid()); data/mccs-1.1/sources/pblib_solver.c:67:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(pbfilename, TMP_FILES_PATH "pblib_%lu_%lu.opb", (long unsigned)getuid(), (long unsigned)getpid()); data/mccs-1.1/sources/pblib_solver.c:68:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(pboutfilename, TMP_FILES_PATH "pblib_%lu_%lu.out", (long unsigned)getuid(), (long unsigned)getpid()); data/mccs-1.1/sources/pblib_solver.c:99:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "cat %s >> %s; %s -f %s > %s 2> /dev/null", data/mccs-1.1/sources/pblib_solver.c:102:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "cat %s >> %s; %s %s > %s 2> /dev/null", data/mccs-1.1/sources/pblib_solver.c:106:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "cat %s >> %s; %s -f %s | tee %s", data/mccs-1.1/sources/pblib_solver.c:109:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "cat %s >> %s; %s %s | tee %s", data/mccs-1.1/sources/pblib_solver.c:113:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(command) == -1) { data/mccs-1.1/libsrcs/cudf_hash_table.c:67:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash_name[1024]; /* Always use the same buffer for hash table ... otherwise it stucks ... */ data/mccs-1.1/libsrcs/cudf_tools.c:53:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char temp[50]; data/mccs-1.1/libsrcs/cudf_tools.c:55:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%llu", pkg_version); data/mccs-1.1/sources/cplex_solver.c:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errmsg[1024]; data/mccs-1.1/sources/cplex_solver.c:110:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/mccs-1.1/sources/cplex_solver.c:112:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "x%d", i); data/mccs-1.1/sources/cplex_solver.c:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/mccs-1.1/sources/cplex_solver.c:129:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "x%d", i); data/mccs-1.1/sources/cplex_solver.c:230:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/mccs-1.1/sources/cplex_solver.c:231:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "cplexpbs%d.lp", i); data/mccs-1.1/sources/cudf.c:436:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((input_file = fopen(argv[i], "r")) == (FILE *)NULL) { data/mccs-1.1/sources/cudf.c:452:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((output_file = fopen(argv[i], "w")) == (FILE *)NULL) { data/mccs-1.1/sources/cudf.c:682:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). output_installed = fopen("installed.txt", "w"); data/mccs-1.1/sources/cudf.c:683:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). output_removed = fopen("removed.txt", "w"); data/mccs-1.1/sources/glpk_solver.c:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/mccs-1.1/sources/glpk_solver.c:152:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "x%d", i); data/mccs-1.1/sources/gurobi_solver.c:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/mccs-1.1/sources/gurobi_solver.c:80:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "x%d", i); data/mccs-1.1/sources/lp_solver.c:40:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ctlpfile = fopen(ctlpfilename, "w"); data/mccs-1.1/sources/lp_solver.c:61:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; data/mccs-1.1/sources/lp_solver.c:72:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((lpfile = fopen(lpfilename, "w")) == (FILE *)NULL) { data/mccs-1.1/sources/lp_solver.c:115:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fsol = fopen(lpoutfilename, "r")) == (FILE *)NULL) { data/mccs-1.1/sources/lp_solver.h:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctlpfilename[256]; data/mccs-1.1/sources/lp_solver.h:88:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lpfilename[256]; data/mccs-1.1/sources/lp_solver.h:89:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lpoutfilename[256]; data/mccs-1.1/sources/lpsolve_solver.c:176:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/mccs-1.1/sources/lpsolve_solver.c:178:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "x%d", i); data/mccs-1.1/sources/pblib_solver.c:40:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ctpbfile = fopen(ctpbfilename, "w"); data/mccs-1.1/sources/pblib_solver.c:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; data/mccs-1.1/sources/pblib_solver.c:73:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((pbfile = fopen(pbfilename, "w")) == (FILE *)NULL) { data/mccs-1.1/sources/pblib_solver.c:118:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fsol = fopen(pboutfilename, "r")) == (FILE *)NULL) { data/mccs-1.1/sources/pblib_solver.c:129:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[2048]; char *buffer = buff; data/mccs-1.1/sources/pblib_solver.h:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctpbfilename[256]; data/mccs-1.1/sources/pblib_solver.h:80:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbfilename[256]; data/mccs-1.1/sources/pblib_solver.h:81:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pboutfilename[256]; data/mccs-1.1/sources/unaligned_criteria.c:48:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(ptr+1); data/mccs-1.1/libsrcs/cudf_hash_table.c:45:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lgth = strlen(pkgname); data/mccs-1.1/libsrcs/cudf_hash_table.c:52:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lgth = strlen(pkg->name); data/mccs-1.1/libsrcs/cudf_hash_table.c:90:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lgth = strlen(pkgname); data/mccs-1.1/libsrcs/cudf_hash_table.c:97:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lgth = strlen(pkg->name); data/mccs-1.1/libsrcs/cudf_hash_table.c:129:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lgth = strlen(pkgname); data/mccs-1.1/libsrcs/cudf_hash_table.c:136:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lgth = strlen(pkg->name); data/mccs-1.1/libsrcs/cudf_tools.c:26:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((name = (char *)malloc(strlen(pkg_name)+1)) == NULL) { data/mccs-1.1/libsrcs/cudf_tools.c:56:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((versioned_name = (char *)malloc(strlen(name)+strlen(temp)+2)) == NULL) { data/mccs-1.1/libsrcs/cudf_tools.c:56:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((versioned_name = (char *)malloc(strlen(name)+strlen(temp)+2)) == NULL) { data/mccs-1.1/libsrcs/cudf_tools.c:68:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((name = (char *)malloc(strlen(pkg_name)+1)) == NULL) { data/mccs-1.1/libsrcs/cudf_tools.c:87:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lgth = strlen(tname); data/mccs-1.1/libsrcs/cudf_tools.c:105:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lgth = strlen(tname); data/mccs-1.1/libsrcs/cudf_tools.c:139:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lgth = strlen(tname); data/mccs-1.1/libsrcs/cudf_tools.c:155:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lgth = strlen(tname); data/mccs-1.1/libsrcs/cudf_tools.c:174:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lgth = strlen(tname); data/mccs-1.1/libsrcs/cudf_tools.c:199:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lgth = strlen(tname); data/mccs-1.1/libsrcs/cudf_tools.c:216:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lgth = strlen(tname); data/mccs-1.1/libsrcs/cudf_tools.c:233:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lgth = strlen(tname); data/mccs-1.1/libsrcs/cudf_tools.c:257:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *the_nvalue = (char *)malloc(strlen(the_value)+1); data/mccs-1.1/libsrcs/cudf_tools.c:377:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lgth = strlen(str); data/mccs-1.1/sources/cplex_solver.c:113:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) { data/mccs-1.1/sources/cplex_solver.c:130:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) { data/mccs-1.1/sources/cudf.c:116:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (; pos < strlen(crit_descr); pos++) data/mccs-1.1/sources/cudf.c:216:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(property, crit_descr+start, length); data/mccs-1.1/sources/cudf.c:279:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(property, crit_descr+start, length); data/mccs-1.1/sources/cudf.c:319:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (pos += 1; pos < strlen(crit_descr) && crit_descr[pos] != ']';) { data/mccs-1.1/sources/cudf.c:337:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (; pos < strlen(crit_descr); pos++) { data/mccs-1.1/sources/glpk_solver.c:153:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) { data/mccs-1.1/sources/gurobi_solver.c:81:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) { data/mccs-1.1/sources/lpsolve_solver.c:179:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) { data/mccs-1.1/sources/pblib_solver.c:34:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int i = 0; i < ((int)strlen(pb_solver) - 7); i++) data/mccs-1.1/sources/pblib_solver.c:64:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int i = 0; i < ((int)strlen(pb_solver) - 4); i++) data/mccs-1.1/sources/pblib_solver.c:160:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char c = fgetc(fsol); data/mccs-1.1/sources/pblib_solver.c:165:4: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(fsol); data/mccs-1.1/sources/pblib_solver.c:172:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fsol); data/mccs-1.1/sources/pblib_solver.c:176:35: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (! feof(fsol)) { if (fgetc(fsol) == ' ') break;} data/mccs-1.1/sources/pblib_solver.c:182:4: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(fsol); data/mccs-1.1/sources/pblib_solver.c:185:30: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((! feof(fsol)) && (fgetc(fsol) != '\n')); data/mccs-1.1/sources/unaligned_criteria.c:41:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(version_name); ANALYSIS SUMMARY: Hits = 108 Lines analyzed = 9122 in approximately 0.29 seconds (31601 lines/second) Physical Source Lines of Code (SLOC) = 6051 Hits@level = [0] 426 [1] 39 [2] 36 [3] 0 [4] 33 [5] 0 Hits@level+ = [0+] 534 [1+] 108 [2+] 69 [3+] 33 [4+] 33 [5+] 0 Hits/KSLOC@level+ = [0+] 88.2499 [1+] 17.8483 [2+] 11.4031 [3+] 5.45364 [4+] 5.45364 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.