Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ocamlgsl-1.24.3/src/io.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_blas.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_blas.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_blas_complex.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_blas_complex_float.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_blas_float.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_bspline.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_cheb.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_combi.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_complex.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_complex.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_deriv.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_eigen.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_error.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_fft.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_fit.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_fun.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_fun.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_histo.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_ieee.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_integration.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_interp.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_linalg.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_linalg_complex.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_math.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_complex.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_complex.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_complex_float.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_complex_float.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_double.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_double.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_float.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_float.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_matrix_impl.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_min.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_monte.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_multifit.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_multimin.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_multiroots.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_permut.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_permut.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_poly.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_qrng.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_randist.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_rng.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_rng.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_roots.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_sf.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_sort.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_stats.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_sum.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_vector.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_complex.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_complex_float.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_double.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_double.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_float.c
Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_float.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_vector_impl.h
Examining data/ocamlgsl-1.24.3/src/mlgsl_wavelet.c
Examining data/ocamlgsl-1.24.3/src/wrappers.h
FINAL RESULTS:
data/ocamlgsl-1.24.3/src/io.h:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[IO_BUFFER_SIZE]; /* The buffer itself */
data/ocamlgsl-1.24.3/src/mlgsl_cheb.c:31:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Bp_val(a), cs->c, len * sizeof (double));
data/ocamlgsl-1.24.3/src/mlgsl_fun.c:75:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Double_array_val(p->dbl), x_arr, dim*sizeof(double));
data/ocamlgsl-1.24.3/src/mlgsl_matrix_impl.h:10:39: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
CAMLprim value FUNCTION(ml_gsl_matrix,memcpy)(value A, value B)
data/ocamlgsl-1.24.3/src/mlgsl_matrix_impl.h:14:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_matrix,memcpy)(&m_B, &m_A);
data/ocamlgsl-1.24.3/src/mlgsl_monte.c:93:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_xlo, Double_array_val(xlo), dim*sizeof(double));
data/ocamlgsl-1.24.3/src/mlgsl_monte.c:94:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_xup, Double_array_val(xup), dim*sizeof(double));
data/ocamlgsl-1.24.3/src/mlgsl_monte.c:168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_xlo, Double_array_val(xlo), dim*sizeof(double));
data/ocamlgsl-1.24.3/src/mlgsl_monte.c:169:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_xup, Double_array_val(xup), dim*sizeof(double));
data/ocamlgsl-1.24.3/src/mlgsl_monte.c:275:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_xlo, Double_array_val(xlo), dim*sizeof(double));
data/ocamlgsl-1.24.3/src/mlgsl_monte.c:276:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_xup, Double_array_val(xup), dim*sizeof(double));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:34:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Double_array_val(p->arr1), y, p->dim * sizeof(double));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:38:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dydt, Double_array_val(p->arr2), p->dim * sizeof(double));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:49:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Double_array_val(p->arr1), y, p->dim * sizeof(double));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:57:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dfdt, Double_array_val(p->arr2), p->dim * sizeof(double));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:148:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dydt_in, Double_array_val(Unoption(odydt_in)), Bosize_val(Unoption(odydt_in)));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:149:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(y_copy, Double_array_val(y), Bosize_val(y));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:150:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yerr_copy, Double_array_val(yerr), Bosize_val(yerr));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:162:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Double_array_val(y), y_copy, sizeof(y_copy));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Double_array_val(yerr), yerr_copy, sizeof(yerr_copy));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:165:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Double_array_val(Unoption(odydt_out)), dydt_out, Bosize_val(Unoption(odydt_out)));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:270:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(y_copy, Double_array_val(y), Bosize_val(y));
data/ocamlgsl-1.24.3/src/mlgsl_odeiv.c:279:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Double_array_val(y), y_copy, Bosize_val(y));
data/ocamlgsl-1.24.3/src/mlgsl_rng.c:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->state, Bp_val(state), string_length(state));
data/ocamlgsl-1.24.3/src/mlgsl_vector_impl.h:11:39: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
CAMLprim value FUNCTION(ml_gsl_vector,memcpy)(value a, value b)
data/ocamlgsl-1.24.3/src/mlgsl_vector_impl.h:15:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
FUNCTION(gsl_vector,memcpy)(&v_b, &v_a);
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 9037 in approximately 0.22 seconds (41523 lines/second)
Physical Source Lines of Code (SLOC) = 7395
Hits@level = [0] 0 [1] 0 [2] 26 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 26 [1+] 26 [2+] 26 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.51589 [1+] 3.51589 [2+] 3.51589 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.