stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpeu/get_zeits.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpeu/assertmpeu.H
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/mpif.real4double8.h
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/time.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/send.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/mpif.master.h
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/group.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/mpif.real8double16.h
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/list.h
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/req.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/mpiP.h
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/listP.h
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/mpi.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/recv.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/handles.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/mpif.real8double8.h
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/comm.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/ctest.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/mpi.h
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/listops.h
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/pack.c
Examining data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/list.c
Examining data/oasis3-3.mct+dfsg.121022/lib/psmile/include/oasis_os.h

FINAL RESULTS:

data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c:78:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(recvbuf,sendbuf,sendcount*sendtype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c:114:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy( (char *)recvbuf+offset, sendbuf, recvcounts[0] * recvtype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c:140:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(recvbuf,sendbuf,sendcount * sendtype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c:168:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy( (char *)recvbuf+offset, sendbuf, recvcounts[0] * recvtype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c:202:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(recvbuf,sendbuf,sendcount * sendtype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c:240:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(recvbuf,(char *)sendbuf+offset,sendcounts[0] * sendtype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c:274:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(recvbuf,sendbuf,count * datatype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c:297:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(recvbuf,sendbuf,count * datatype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c:323:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(recvbuf,sendbuf,count * datatype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c:348:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(recvbuf,sendbuf,sendcount * sendtype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/collective.c:383:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy( (char *)recvbuf+recv_offset, (char *)sendbuf+send_offset,
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/ctest.c:19:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pname[MPI_MAX_PROCESSOR_NAME];
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/mpi.c:233:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(string,"MPI Error: code %d\n",errorcode);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/pack.c:32:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy( (char *)outbuf+(*position), inbuf, size);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/pack.c:71:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(outbuf, (char *)inbuf+(*position) , size);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/recv.c:79:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buf,sreq->buf,count * datatype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/send.c:71:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(rreq->buf,buf,count * datatype);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/mpi.c:234:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  *resultlen=strlen(string);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/mpi.c:257:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(name,"unknown host name",MPI_MAX_PROCESSOR_NAME);
data/oasis3-3.mct+dfsg.121022/lib/mct/mpi-serial/mpi.c:261:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  *resultlen=strlen(name);

ANALYSIS SUMMARY:

Hits = 20
Lines analyzed = 4763 in approximately 0.26 seconds (18031 lines/second)
Physical Source Lines of Code (SLOC) = 2802
Hits@level = [0]  96 [1]   3 [2]  17 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+] 116 [1+]  20 [2+]  17 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 41.399 [1+] 7.13776 [2+] 6.06709 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 31 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.