Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ocamlgsl-1.24.3/src/io.h Examining data/ocamlgsl-1.24.3/src/mlgsl_blas.c Examining data/ocamlgsl-1.24.3/src/mlgsl_blas.h Examining data/ocamlgsl-1.24.3/src/mlgsl_blas_complex.c Examining data/ocamlgsl-1.24.3/src/mlgsl_blas_complex_float.c Examining data/ocamlgsl-1.24.3/src/mlgsl_blas_float.c Examining data/ocamlgsl-1.24.3/src/mlgsl_bspline.c Examining data/ocamlgsl-1.24.3/src/mlgsl_cheb.c Examining data/ocamlgsl-1.24.3/src/mlgsl_combi.c Examining data/ocamlgsl-1.24.3/src/mlgsl_complex.c Examining data/ocamlgsl-1.24.3/src/mlgsl_complex.h Examining data/ocamlgsl-1.24.3/src/mlgsl_deriv.c Examining data/ocamlgsl-1.24.3/src/mlgsl_eigen.c Examining data/ocamlgsl-1.24.3/src/mlgsl_error.c Examining data/ocamlgsl-1.24.3/src/mlgsl_fft.c Examining data/ocamlgsl-1.24.3/src/mlgsl_fit.c Examining data/ocamlgsl-1.24.3/src/mlgsl_fun.c Examining data/ocamlgsl-1.24.3/src/mlgsl_fun.h Examining data/ocamlgsl-1.24.3/src/mlgsl_histo.c Examining data/ocamlgsl-1.24.3/src/mlgsl_ieee.c Examining data/ocamlgsl-1.24.3/src/mlgsl_integration.c Examining data/ocamlgsl-1.24.3/src/mlgsl_interp.c Examining data/ocamlgsl-1.24.3/src/mlgsl_linalg.c Examining data/ocamlgsl-1.24.3/src/mlgsl_linalg_complex.c Examining data/ocamlgsl-1.24.3/src/mlgsl_math.c Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix.h Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_complex.c Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_complex.h Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_complex_float.c Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_complex_float.h Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_double.c Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_double.h Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_float.c Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_float.h Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_impl.h Examining data/ocamlgsl-1.24.3/src/mlgsl_min.c Examining data/ocamlgsl-1.24.3/src/mlgsl_monte.c Examining data/ocamlgsl-1.24.3/src/mlgsl_multifit.c Examining data/ocamlgsl-1.24.3/src/mlgsl_multimin.c Examining data/ocamlgsl-1.24.3/src/mlgsl_multiroots.c Examining data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c Examining data/ocamlgsl-1.24.3/src/mlgsl_permut.c Examining data/ocamlgsl-1.24.3/src/mlgsl_permut.h Examining data/ocamlgsl-1.24.3/src/mlgsl_poly.c Examining data/ocamlgsl-1.24.3/src/mlgsl_qrng.c Examining data/ocamlgsl-1.24.3/src/mlgsl_randist.c Examining data/ocamlgsl-1.24.3/src/mlgsl_rng.c Examining data/ocamlgsl-1.24.3/src/mlgsl_rng.h Examining data/ocamlgsl-1.24.3/src/mlgsl_roots.c Examining data/ocamlgsl-1.24.3/src/mlgsl_sf.c Examining data/ocamlgsl-1.24.3/src/mlgsl_sort.c Examining data/ocamlgsl-1.24.3/src/mlgsl_stats.c Examining data/ocamlgsl-1.24.3/src/mlgsl_sum.c Examining data/ocamlgsl-1.24.3/src/mlgsl_vector.h Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_complex.h Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_complex_float.h Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_double.c Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_double.h Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_float.c Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_float.h Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_impl.h Examining data/ocamlgsl-1.24.3/src/mlgsl_wavelet.c Examining data/ocamlgsl-1.24.3/src/wrappers.h FINAL RESULTS: data/ocamlgsl-1.24.3/src/io.h:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[IO_BUFFER_SIZE]; /* The buffer itself */ data/ocamlgsl-1.24.3/src/mlgsl_cheb.c:31:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Bp_val(a), cs->c, len * sizeof (double)); data/ocamlgsl-1.24.3/src/mlgsl_fun.c:75:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Double_array_val(p->dbl), x_arr, dim*sizeof(double)); data/ocamlgsl-1.24.3/src/mlgsl_matrix_impl.h:10:39: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. CAMLprim value FUNCTION(ml_gsl_matrix,memcpy)(value A, value B) data/ocamlgsl-1.24.3/src/mlgsl_matrix_impl.h:14:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_matrix,memcpy)(&m_B, &m_A); data/ocamlgsl-1.24.3/src/mlgsl_monte.c:93:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_xlo, Double_array_val(xlo), dim*sizeof(double)); data/ocamlgsl-1.24.3/src/mlgsl_monte.c:94:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_xup, Double_array_val(xup), dim*sizeof(double)); data/ocamlgsl-1.24.3/src/mlgsl_monte.c:168:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_xlo, Double_array_val(xlo), dim*sizeof(double)); data/ocamlgsl-1.24.3/src/mlgsl_monte.c:169:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_xup, Double_array_val(xup), dim*sizeof(double)); data/ocamlgsl-1.24.3/src/mlgsl_monte.c:275:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_xlo, Double_array_val(xlo), dim*sizeof(double)); data/ocamlgsl-1.24.3/src/mlgsl_monte.c:276:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_xup, Double_array_val(xup), dim*sizeof(double)); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:34:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Double_array_val(p->arr1), y, p->dim * sizeof(double)); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:38:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dydt, Double_array_val(p->arr2), p->dim * sizeof(double)); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:49:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Double_array_val(p->arr1), y, p->dim * sizeof(double)); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:57:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dfdt, Double_array_val(p->arr2), p->dim * sizeof(double)); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:148:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dydt_in, Double_array_val(Unoption(odydt_in)), Bosize_val(Unoption(odydt_in))); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:149:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(y_copy, Double_array_val(y), Bosize_val(y)); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:150:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(yerr_copy, Double_array_val(yerr), Bosize_val(yerr)); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:162:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Double_array_val(y), y_copy, sizeof(y_copy)); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:163:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Double_array_val(yerr), yerr_copy, sizeof(yerr_copy)); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Double_array_val(Unoption(odydt_out)), dydt_out, Bosize_val(Unoption(odydt_out))); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:270:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(y_copy, Double_array_val(y), Bosize_val(y)); data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:279:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Double_array_val(y), y_copy, Bosize_val(y)); data/ocamlgsl-1.24.3/src/mlgsl_rng.c:202:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->state, Bp_val(state), string_length(state)); data/ocamlgsl-1.24.3/src/mlgsl_vector_impl.h:11:39: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. CAMLprim value FUNCTION(ml_gsl_vector,memcpy)(value a, value b) data/ocamlgsl-1.24.3/src/mlgsl_vector_impl.h:15:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. FUNCTION(gsl_vector,memcpy)(&v_b, &v_a); ANALYSIS SUMMARY: Hits = 26 Lines analyzed = 9037 in approximately 0.22 seconds (41523 lines/second) Physical Source Lines of Code (SLOC) = 7395 Hits@level = [0] 0 [1] 0 [2] 26 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 26 [1+] 26 [2+] 26 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.51589 [1+] 3.51589 [2+] 3.51589 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.