Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qhull-2020.2/src/libqhull/geom.c
Examining data/qhull-2020.2/src/libqhull/geom.h
Examining data/qhull-2020.2/src/libqhull/geom2.c
Examining data/qhull-2020.2/src/libqhull/global.c
Examining data/qhull-2020.2/src/libqhull/io.h
Examining data/qhull-2020.2/src/libqhull/libqhull.c
Examining data/qhull-2020.2/src/libqhull/libqhull.h
Examining data/qhull-2020.2/src/libqhull/mem.c
Examining data/qhull-2020.2/src/libqhull/mem.h
Examining data/qhull-2020.2/src/libqhull/merge.c
Examining data/qhull-2020.2/src/libqhull/merge.h
Examining data/qhull-2020.2/src/libqhull/poly.c
Examining data/qhull-2020.2/src/libqhull/poly.h
Examining data/qhull-2020.2/src/libqhull/poly2.c
Examining data/qhull-2020.2/src/libqhull/qhull_a.h
Examining data/qhull-2020.2/src/libqhull/qset.c
Examining data/qhull-2020.2/src/libqhull/qset.h
Examining data/qhull-2020.2/src/libqhull/random.c
Examining data/qhull-2020.2/src/libqhull/random.h
Examining data/qhull-2020.2/src/libqhull/rboxlib.c
Examining data/qhull-2020.2/src/libqhull/stat.c
Examining data/qhull-2020.2/src/libqhull/stat.h
Examining data/qhull-2020.2/src/libqhull/user.c
Examining data/qhull-2020.2/src/libqhull/user.h
Examining data/qhull-2020.2/src/libqhull/usermem.c
Examining data/qhull-2020.2/src/libqhull/userprintf.c
Examining data/qhull-2020.2/src/libqhull/userprintf_rbox.c
Examining data/qhull-2020.2/src/libqhull/io.c
Examining data/qhull-2020.2/src/libqhullcpp/Coordinates.cpp
Examining data/qhull-2020.2/src/libqhullcpp/Coordinates.h
Examining data/qhull-2020.2/src/libqhullcpp/functionObjects.h
Examining data/qhull-2020.2/src/libqhullcpp/PointCoordinates.cpp
Examining data/qhull-2020.2/src/libqhullcpp/PointCoordinates.h
Examining data/qhull-2020.2/src/libqhullcpp/Qhull.cpp
Examining data/qhull-2020.2/src/libqhullcpp/Qhull.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullError.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullFacet.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullFacet.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullFacetList.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullFacetList.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullFacetSet.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullFacetSet.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullHyperplane.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullHyperplane.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullIterator.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullLinkedList.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullPoint.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullPoint.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullPoints.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullPoints.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullPointSet.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullPointSet.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullQh.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullQh.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullRidge.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullRidge.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullSet.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullSet.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullSets.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullStat.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullStat.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullUser.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullUser.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullVertex.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullVertex.h
Examining data/qhull-2020.2/src/libqhullcpp/QhullVertexSet.cpp
Examining data/qhull-2020.2/src/libqhullcpp/QhullVertexSet.h
Examining data/qhull-2020.2/src/libqhullcpp/qt-qhull.cpp
Examining data/qhull-2020.2/src/libqhullcpp/RboxPoints.cpp
Examining data/qhull-2020.2/src/libqhullcpp/RboxPoints.h
Examining data/qhull-2020.2/src/libqhullcpp/RoadError.cpp
Examining data/qhull-2020.2/src/libqhullcpp/RoadError.h
Examining data/qhull-2020.2/src/libqhullcpp/RoadLogEvent.cpp
Examining data/qhull-2020.2/src/libqhullcpp/RoadLogEvent.h
Examining data/qhull-2020.2/src/libqhullcpp/usermem_r-cpp.cpp
Examining data/qhull-2020.2/src/libqhull_r/geom2_r.c
Examining data/qhull-2020.2/src/libqhull_r/geom_r.c
Examining data/qhull-2020.2/src/libqhull_r/geom_r.h
Examining data/qhull-2020.2/src/libqhull_r/global_r.c
Examining data/qhull-2020.2/src/libqhull_r/io_r.h
Examining data/qhull-2020.2/src/libqhull_r/libqhull_r.c
Examining data/qhull-2020.2/src/libqhull_r/libqhull_r.h
Examining data/qhull-2020.2/src/libqhull_r/mem_r.c
Examining data/qhull-2020.2/src/libqhull_r/mem_r.h
Examining data/qhull-2020.2/src/libqhull_r/merge_r.c
Examining data/qhull-2020.2/src/libqhull_r/merge_r.h
Examining data/qhull-2020.2/src/libqhull_r/poly2_r.c
Examining data/qhull-2020.2/src/libqhull_r/poly_r.c
Examining data/qhull-2020.2/src/libqhull_r/poly_r.h
Examining data/qhull-2020.2/src/libqhull_r/qhull_ra.h
Examining data/qhull-2020.2/src/libqhull_r/qset_r.c
Examining data/qhull-2020.2/src/libqhull_r/qset_r.h
Examining data/qhull-2020.2/src/libqhull_r/random_r.c
Examining data/qhull-2020.2/src/libqhull_r/random_r.h
Examining data/qhull-2020.2/src/libqhull_r/rboxlib_r.c
Examining data/qhull-2020.2/src/libqhull_r/stat_r.c
Examining data/qhull-2020.2/src/libqhull_r/stat_r.h
Examining data/qhull-2020.2/src/libqhull_r/usermem_r.c
Examining data/qhull-2020.2/src/libqhull_r/userprintf_r.c
Examining data/qhull-2020.2/src/libqhull_r/userprintf_rbox_r.c
Examining data/qhull-2020.2/src/libqhull_r/user_r.c
Examining data/qhull-2020.2/src/libqhull_r/user_r.h
Examining data/qhull-2020.2/src/libqhull_r/io_r.c
Examining data/qhull-2020.2/src/qconvex/qconvex.c
Examining data/qhull-2020.2/src/qconvex/qconvex_r.c
Examining data/qhull-2020.2/src/qdelaunay/qdelaun.c
Examining data/qhull-2020.2/src/qdelaunay/qdelaun_r.c
Examining data/qhull-2020.2/src/qhalf/qhalf.c
Examining data/qhull-2020.2/src/qhalf/qhalf_r.c
Examining data/qhull-2020.2/src/qhull/unix.c
Examining data/qhull-2020.2/src/qhull/unix_r.c
Examining data/qhull-2020.2/src/qhulltest/Coordinates_test.cpp
Examining data/qhull-2020.2/src/qhulltest/PointCoordinates_test.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullFacetList_test.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullFacetSet_test.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullFacet_test.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullHyperplane_test.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullLinkedList_test.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullPointSet_test.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullPoints_test.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullPoint_test.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullRidge_test.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullSet_test.cpp
Examining data/qhull-2020.2/src/qhulltest/qhulltest.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullVertexSet_test.cpp
Examining data/qhull-2020.2/src/qhulltest/QhullVertex_test.cpp
Examining data/qhull-2020.2/src/qhulltest/Qhull_test.cpp
Examining data/qhull-2020.2/src/qhulltest/RboxPoints_test.cpp
Examining data/qhull-2020.2/src/qhulltest/RoadTest.cpp
Examining data/qhull-2020.2/src/qhulltest/RoadTest.h
Examining data/qhull-2020.2/src/qvoronoi/qvoronoi.c
Examining data/qhull-2020.2/src/qvoronoi/qvoronoi_r.c
Examining data/qhull-2020.2/src/rbox/rbox.c
Examining data/qhull-2020.2/src/rbox/rbox_r.c
Examining data/qhull-2020.2/src/testqset/testqset.c
Examining data/qhull-2020.2/src/testqset_r/testqset_r.c
Examining data/qhull-2020.2/src/user_eg/user_eg.c
Examining data/qhull-2020.2/src/user_eg/user_eg_r.c
Examining data/qhull-2020.2/src/user_eg2/user_eg2.c
Examining data/qhull-2020.2/src/user_eg2/user_eg2_r.c
Examining data/qhull-2020.2/src/user_eg3/user_eg3_r.cpp
FINAL RESULTS:
data/qhull-2020.2/src/libqhull/global.c:2286:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, " %s", option);
data/qhull-2020.2/src/libqhull/random.c:53:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command, s);
data/qhull-2020.2/src/libqhull/random.c:85:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command, s);
data/qhull-2020.2/src/libqhull/rboxlib.c:407:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t+1, t+3); /* remove " t " */
data/qhull-2020.2/src/libqhull/usermem.c:66:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/qhull-2020.2/src/libqhull/userprintf.c:65:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fp, fmt, args);
data/qhull-2020.2/src/libqhull/userprintf_rbox.c:50:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fp, fmt, args);
data/qhull-2020.2/src/libqhull_r/global_r.c:2234:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, " %s", option);
data/qhull-2020.2/src/libqhull_r/random_r.c:53:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command, s);
data/qhull-2020.2/src/libqhull_r/random_r.c:85:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command, s);
data/qhull-2020.2/src/libqhull_r/rboxlib_r.c:379:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t+1, t+3); /* remove " t " */
data/qhull-2020.2/src/libqhull_r/usermem_r.c:66:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/qhull-2020.2/src/libqhull_r/userprintf_r.c:66:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fp, fmt, args);
data/qhull-2020.2/src/libqhull_r/userprintf_rbox_r.c:50:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fp, fmt, args);
data/qhull-2020.2/src/libqhullcpp/QhullUser.cpp:204:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(newMessage + msgLen, sizeof(newMessage) - msgLen, fmt, args);
data/qhull-2020.2/src/libqhullcpp/RboxPoints.cpp:197:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(newMessage, sizeof(newMessage), fmt, args);
data/qhull-2020.2/src/libqhullcpp/usermem_r-cpp.cpp:62:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/qhull-2020.2/src/qconvex/qconvex.c:292:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qconvex/qconvex.c:296:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qconvex/qconvex.c:300:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompta, qh_version, qh_DEFAULTbox,
data/qhull-2020.2/src/qconvex/qconvex.c:305:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt3, qh_version);
data/qhull-2020.2/src/qconvex/qconvex_r.c:299:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qconvex/qconvex_r.c:303:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qconvex/qconvex_r.c:307:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompta, qh_version, qh_DEFAULTbox,
data/qhull-2020.2/src/qconvex/qconvex_r.c:312:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt3, qh_version);
data/qhull-2020.2/src/qdelaunay/qdelaun.c:279:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qdelaunay/qdelaun.c:283:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qdelaunay/qdelaun.c:287:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompta, qh_version,
data/qhull-2020.2/src/qdelaunay/qdelaun.c:292:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt3, qh_version);
data/qhull-2020.2/src/qdelaunay/qdelaun_r.c:286:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qdelaunay/qdelaun_r.c:290:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qdelaunay/qdelaun_r.c:294:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompta, qh_version,
data/qhull-2020.2/src/qdelaunay/qdelaun_r.c:299:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt3, qh_version);
data/qhull-2020.2/src/qhalf/qhalf.c:275:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qhalf/qhalf.c:279:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qhalf/qhalf.c:283:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompta, qh_version,
data/qhull-2020.2/src/qhalf/qhalf.c:288:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt3, qh_version);
data/qhull-2020.2/src/qhalf/qhalf_r.c:282:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qhalf/qhalf_r.c:286:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qhalf/qhalf_r.c:290:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompta, qh_version,
data/qhull-2020.2/src/qhalf/qhalf_r.c:295:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt3, qh_version);
data/qhull-2020.2/src/qhull/unix.c:358:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2a, qh_version, qh_prompt2b);
data/qhull-2020.2/src/qhull/unix.c:362:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2a, qh_version, qh_prompt2b);
data/qhull-2020.2/src/qhull/unix.c:366:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2a, qh_version, qh_prompt2b);
data/qhull-2020.2/src/qhull/unix.c:370:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompta, qh_version, qh_DEFAULTbox,
data/qhull-2020.2/src/qhull/unix.c:375:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt3a, qh_version, qh_prompt3b);
data/qhull-2020.2/src/qhull/unix_r.c:365:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2a, qh_version, qh_prompt2b);
data/qhull-2020.2/src/qhull/unix_r.c:369:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2a, qh_version, qh_prompt2b);
data/qhull-2020.2/src/qhull/unix_r.c:373:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2a, qh_version, qh_prompt2b);
data/qhull-2020.2/src/qhull/unix_r.c:377:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompta, qh_version, qh_DEFAULTbox,
data/qhull-2020.2/src/qhull/unix_r.c:382:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt3a, qh_version, qh_prompt3b);
data/qhull-2020.2/src/qhulltest/Qhull_test.cpp:398:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/qhull-2020.2/src/qvoronoi/qvoronoi.c:267:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qvoronoi/qvoronoi.c:271:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qvoronoi/qvoronoi.c:275:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompta, qh_version,
data/qhull-2020.2/src/qvoronoi/qvoronoi.c:280:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt3, qh_version);
data/qhull-2020.2/src/qvoronoi/qvoronoi_r.c:274:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qvoronoi/qvoronoi_r.c:278:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt2, qh_version);
data/qhull-2020.2/src/qvoronoi/qvoronoi_r.c:282:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompta, qh_version,
data/qhull-2020.2/src/qvoronoi/qvoronoi_r.c:287:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, qh_prompt3, qh_version);
data/qhull-2020.2/src/rbox/rbox.c:68:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(prompt, qh_DEFAULTbox, qh_DEFAULTzbox);
data/qhull-2020.2/src/rbox/rbox_r.c:71:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(prompt, qh_DEFAULTbox, qh_DEFAULTzbox);
data/qhull-2020.2/src/testqset/testqset.c:172:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fp, fmt, args);
data/qhull-2020.2/src/testqset_r/testqset_r.c:167:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fp, fmt, args);
data/qhull-2020.2/src/user_eg/user_eg.c:226:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(flags, "qhull s Tcv %s", argc >= 2 ? argv[1] : "");
data/qhull-2020.2/src/user_eg/user_eg.c:257:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(flags, "qhull s d Tcv %s", argc >= 3 ? argv[2] : "");
data/qhull-2020.2/src/user_eg/user_eg.c:292:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(flags, "qhull s d Tcv %s", argc >= 3 ? argv[2] : "");
data/qhull-2020.2/src/user_eg/user_eg.c:330:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(flags, "qhull H0 s Tcv %s", argc >= 4 ? argv[3] : "Fp");
data/qhull-2020.2/src/user_eg/user_eg_r.c:221:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(flags, "qhull s Tcv %s", argc >= 2 ? argv[1] : "");
data/qhull-2020.2/src/user_eg/user_eg_r.c:252:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(flags, "qhull s d Tcv %s", argc >= 3 ? argv[2] : "");
data/qhull-2020.2/src/user_eg/user_eg_r.c:288:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(flags, "qhull s d Tcv %s", argc >= 3 ? argv[2] : "");
data/qhull-2020.2/src/user_eg/user_eg_r.c:326:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(flags, "qhull H0 s Tcv %s", argc >= 4 ? argv[3] : "Fp");
data/qhull-2020.2/src/user_eg2/user_eg2.c:395:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(options, "qhull s Tcv Q11 %s ", argc >= 2 ? argv[1] : "");
data/qhull-2020.2/src/user_eg2/user_eg2.c:438:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(options, "qhull s d Tcv %s", argc >= 3 ? argv[2] : "");
data/qhull-2020.2/src/user_eg2/user_eg2.c:490:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(options, "qhull H0 s Tcv %s", argc >= 4 ? argv[3] : "");
data/qhull-2020.2/src/user_eg2/user_eg2_r.c:386:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(options, "qhull s Tcv Q11 %s ", argc >= 2 ? argv[1] : "");
data/qhull-2020.2/src/user_eg2/user_eg2_r.c:429:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(options, "qhull s d Tcv %s", argc >= 3 ? argv[2] : "");
data/qhull-2020.2/src/user_eg2/user_eg2_r.c:481:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(options, "qhull H0 s Tcv %s", argc >= 4 ? argv[3] : "");
data/qhull-2020.2/src/libqhull/user.h:291:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define qh_RANDOMint random()
data/qhull-2020.2/src/libqhull/user.h:292:30: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define qh_RANDOMseed_(seed) srandom(seed);
data/qhull-2020.2/src/libqhull/user.h:301:30: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define qh_RANDOMseed_(seed) srand((unsigned int)seed);
data/qhull-2020.2/src/libqhull/user.h:306:30: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define qh_RANDOMseed_(seed) srand((unsigned int)seed);
data/qhull-2020.2/src/libqhull/user.h:310:22: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define qh_RANDOMint lrand48()
data/qhull-2020.2/src/libqhull/user.h:320:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#error: unknown random option
data/qhull-2020.2/src/libqhull_r/user_r.h:290:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define qh_RANDOMint random()
data/qhull-2020.2/src/libqhull_r/user_r.h:291:34: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define qh_RANDOMseed_(qh, seed) srandom(seed);
data/qhull-2020.2/src/libqhull_r/user_r.h:300:34: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define qh_RANDOMseed_(qh, seed) srand((unsigned int)seed);
data/qhull-2020.2/src/libqhull_r/user_r.h:305:34: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define qh_RANDOMseed_(qh, seed) srand((unsigned int)seed);
data/qhull-2020.2/src/libqhull_r/user_r.h:309:22: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define qh_RANDOMint lrand48()
data/qhull-2020.2/src/libqhull_r/user_r.h:319:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#error: unknown random option
data/qhull-2020.2/src/libqhull/geom2.c:41:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newpoints, (char *)points, (size_t)size); /* newpoints!=0 by QH6004 */
data/qhull-2020.2/src/libqhull/global.c:1410:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[qh_FILENAMElen];
data/qhull-2020.2/src/libqhull/global.c:1428:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[qh_FILENAMElen];
data/qhull-2020.2/src/libqhull/global.c:2057:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(qh qhull, "qhull");
data/qhull-2020.2/src/libqhull/global.c:2278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/qhull-2020.2/src/libqhull/global.c:2288:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+strlen(buf), " %d", *i);
data/qhull-2020.2/src/libqhull/global.c:2290:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+strlen(buf), " %2.2g", *r);
data/qhull-2020.2/src/libqhull/io.c:3645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t, firstline[qh_MAXfirst+1];
data/qhull-2020.2/src/libqhull/libqhull.h:643:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qhull_command[256];/* command line that invoked this program */
data/qhull-2020.2/src/libqhull/libqhull.h:645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbox_command[256]; /* command line that produced the input points */
data/qhull-2020.2/src/libqhull/libqhull.h:646:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qhull_options[512];/* descriptive list of options */
data/qhull-2020.2/src/libqhull/libqhull.h:702:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qhull[sizeof("qhull")]; /* "qhull" for checking ownership while debugging */
data/qhull-2020.2/src/libqhull/libqhull.h:704:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jmpXtra[40]; /* extra bytes in case jmp_buf is defined wrong by compiler */
data/qhull-2020.2/src/libqhull/libqhull.h:706:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jmpXtra2[40]; /* extra bytes in case jmp_buf is defined wrong by compiler*/
data/qhull-2020.2/src/libqhull/poly2.c:3703:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newfacet->normal, facetA->normal, (size_t)qh normal_size);
data/qhull-2020.2/src/libqhull/poly2.c:3709:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newfacet->center, facetA->center, (size_t)qh center_size);
data/qhull-2020.2/src/libqhull/qset.c:188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&((*setp)->e[size].p), (char *)&(setA->e[0].p), (size_t)(sizeA+1) * SETelemsize);
data/qhull-2020.2/src/libqhull/qset.c:321:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&(newset->e[0].p), (char *)&(set->e[0].p), (size_t)(size+1) * SETelemsize);
data/qhull-2020.2/src/libqhull/qset.c:553:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newElem, elem, (size_t)elemsize);
data/qhull-2020.2/src/libqhull/qset.c:878:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newp, (char *)oldp, (size_t)(setsize+1) * SETelemsize);
data/qhull-2020.2/src/libqhull/qset.c:1046:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newp, (char *)oldp, (size_t)nth * SETelemsize);
data/qhull-2020.2/src/libqhull/qset.c:1074:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newp, (char *)oldp, (size_t)tailsize * SETelemsize);
data/qhull-2020.2/src/libqhull/rboxlib.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jmpXtra[40]; /* extra bytes in case jmp_buf is defined wrong by compiler */
data/qhull-2020.2/src/libqhull/rboxlib.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[250], seedbuf[50];
data/qhull-2020.2/src/libqhull/rboxlib.c:403:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(seedbuf, " t%d", seed); /* appends an extra t, not worth removing */
data/qhull-2020.2/src/libqhull/stat.h:535:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[ZEND+10]; /* id's in print order */
data/qhull-2020.2/src/libqhull/stat.h:536:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *doc[ZEND]; /* array of documentation strings */
data/qhull-2020.2/src/libqhull/stat.h:538:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[ZEND]; /* type, see ztypes above */
data/qhull-2020.2/src/libqhull/stat.h:539:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printed[ZEND]; /* true, if statistic has been printed */
data/qhull-2020.2/src/libqhull_r/geom2_r.c:41:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newpoints, (char *)points, (size_t)size); /* newpoints!=0 by QH6004 */
data/qhull-2020.2/src/libqhull_r/global_r.c:1382:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[qh_FILENAMElen];
data/qhull-2020.2/src/libqhull_r/global_r.c:1400:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[qh_FILENAMElen];
data/qhull-2020.2/src/libqhull_r/global_r.c:2017:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(qh->qhull, "qhull");
data/qhull-2020.2/src/libqhull_r/global_r.c:2226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/qhull-2020.2/src/libqhull_r/global_r.c:2236:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+strlen(buf), " %d", *i);
data/qhull-2020.2/src/libqhull_r/global_r.c:2238:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+strlen(buf), " %2.2g", *r);
data/qhull-2020.2/src/libqhull_r/io_r.c:3645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *t, firstline[qh_MAXfirst+1];
data/qhull-2020.2/src/libqhull_r/libqhull_r.h:612:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qhull_command[256];/* command line that invoked this program */
data/qhull-2020.2/src/libqhull_r/libqhull_r.h:614:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbox_command[256]; /* command line that produced the input points */
data/qhull-2020.2/src/libqhull_r/libqhull_r.h:615:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qhull_options[512];/* descriptive list of options */
data/qhull-2020.2/src/libqhull_r/libqhull_r.h:671:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qhull[sizeof("qhull")]; /* "qhull" for checking ownership while debugging */
data/qhull-2020.2/src/libqhull_r/libqhull_r.h:673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jmpXtra[40]; /* extra bytes in case jmp_buf is defined wrong by compiler */
data/qhull-2020.2/src/libqhull_r/libqhull_r.h:675:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jmpXtra2[40]; /* extra bytes in case jmp_buf is defined wrong by compiler*/
data/qhull-2020.2/src/libqhull_r/libqhull_r.h:850:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jmpXtra3[40]; /* extra bytes in case jmp_buf is defined wrong by compiler */
data/qhull-2020.2/src/libqhull_r/poly2_r.c:3705:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newfacet->normal, facetA->normal, (size_t)qh->normal_size);
data/qhull-2020.2/src/libqhull_r/poly2_r.c:3711:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newfacet->center, facetA->center, (size_t)qh->center_size);
data/qhull-2020.2/src/libqhull_r/qset_r.c:188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&((*setp)->e[size].p), (char *)&(setA->e[0].p), (size_t)(sizeA+1) * SETelemsize);
data/qhull-2020.2/src/libqhull_r/qset_r.c:321:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&(newset->e[0].p), (char *)&(set->e[0].p), (size_t)(size+1) * SETelemsize);
data/qhull-2020.2/src/libqhull_r/qset_r.c:553:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newElem, elem, (size_t)elemsize);
data/qhull-2020.2/src/libqhull_r/qset_r.c:878:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newp, (char *)oldp, (size_t)(setsize+1) * SETelemsize);
data/qhull-2020.2/src/libqhull_r/qset_r.c:1046:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newp, (char *)oldp, (size_t)nth * SETelemsize);
data/qhull-2020.2/src/libqhull_r/qset_r.c:1074:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newp, (char *)oldp, (size_t)tailsize * SETelemsize);
data/qhull-2020.2/src/libqhull_r/rboxlib_r.c:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[250], seedbuf[50];
data/qhull-2020.2/src/libqhull_r/rboxlib_r.c:375:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(seedbuf, " t%d", seed); /* appends an extra t, not worth removing */
data/qhull-2020.2/src/libqhull_r/stat_r.h:518:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[ZEND+10]; /* id's in print order */
data/qhull-2020.2/src/libqhull_r/stat_r.h:519:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *doc[ZEND]; /* array of documentation strings */
data/qhull-2020.2/src/libqhull_r/stat_r.h:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[ZEND]; /* type, see ztypes above */
data/qhull-2020.2/src/libqhull_r/stat_r.h:522:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printed[ZEND]; /* true, if statistic has been printed */
data/qhull-2020.2/src/libqhullcpp/QhullUser.cpp:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newMessage[MSG_MAXLEN];
data/qhull-2020.2/src/libqhullcpp/RboxPoints.cpp:132:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimStr[20]; // max dim is 200 (MAXdim)
data/qhull-2020.2/src/libqhullcpp/RboxPoints.cpp:133:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dimStr, " D%d", dim);
data/qhull-2020.2/src/libqhullcpp/RboxPoints.cpp:195:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newMessage[MSG_MAXLEN];
data/qhull-2020.2/src/user_eg/user_eg.c:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[250]; /* option flags for qhull, see qh-quick.htm */
data/qhull-2020.2/src/user_eg/user_eg_r.c:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[250]; /* option flags for qhull, see qh-quick.htm */
data/qhull-2020.2/src/user_eg2/user_eg2.c:361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options [2000];
data/qhull-2020.2/src/user_eg2/user_eg2.c:394:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(qh rbox_command, "user_eg2 cube example");
data/qhull-2020.2/src/user_eg2/user_eg2.c:437:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(qh rbox_command, "user_eg2 Delaunay example");
data/qhull-2020.2/src/user_eg2/user_eg2.c:489:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(qh rbox_command, "user_eg2 halfspace example");
data/qhull-2020.2/src/user_eg2/user_eg2_r.c:360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options [2000];
data/qhull-2020.2/src/user_eg2/user_eg2_r.c:385:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(qh->rbox_command, "user_eg2 cube example");
data/qhull-2020.2/src/user_eg2/user_eg2_r.c:428:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(qh->rbox_command, "user_eg2 Delaunay example");
data/qhull-2020.2/src/user_eg2/user_eg2_r.c:480:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(qh->rbox_command, "user_eg2 halfspace example");
data/qhull-2020.2/src/libqhull/global.c:94:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*hiddenflags != ' ' || hiddenflags[strlen(hiddenflags)-1] != ' ') {
data/qhull-2020.2/src/libqhull/global.c:159:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chkerr[strlen(chkerr)-1]= '\'';
data/qhull-2020.2/src/libqhull/global.c:223:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qh qhull_commandsiz2= (int)strlen(qh qhull_command); /* WARN64 */
data/qhull-2020.2/src/libqhull/global.c:228:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qh qhull_optionsiz2= (int)strlen(qh qhull_options); /* WARN64 */
data/qhull-2020.2/src/libqhull/global.c:655:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qh qhull_command, command, sizeof(qh qhull_command)-strlen(qh qhull_command)-1);
data/qhull-2020.2/src/libqhull/global.c:655:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(qh qhull_command, command, sizeof(qh qhull_command)-strlen(qh qhull_command)-1);
data/qhull-2020.2/src/libqhull/global.c:776:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qh feasible_string, start, (size_t)(t-start));
data/qhull-2020.2/src/libqhull/global.c:2281:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(option) > sizeof(buf)-30-30) {
data/qhull-2020.2/src/libqhull/global.c:2283:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(option), (int)sizeof(buf)-30-30, option);
data/qhull-2020.2/src/libqhull/global.c:2288:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf), " %d", *i);
data/qhull-2020.2/src/libqhull/global.c:2290:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf), " %2.2g", *r);
data/qhull-2020.2/src/libqhull/global.c:2291:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen= (int)strlen(buf); /* WARN64 */
data/qhull-2020.2/src/libqhull/global.c:2293:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remainder= (int)(sizeof(qh qhull_options) - strlen(qh qhull_options)) - 1; /* WARN64 */
data/qhull-2020.2/src/libqhull/global.c:2296:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(qh qhull_options, "\n", (unsigned int)remainder);
data/qhull-2020.2/src/libqhull/global.c:2303:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qh qhull_options, buf, (unsigned int)remainder);
data/qhull-2020.2/src/libqhull/io.c:193:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, source, (size_t)length);
data/qhull-2020.2/src/libqhull/io.c:3748:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qh rbox_command, s, sizeof(qh rbox_command)-1);
data/qhull-2020.2/src/libqhull/io.c:3766:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qh rbox_command, s, sizeof(qh rbox_command)-1);
data/qhull-2020.2/src/libqhull/io.c:3889:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qh rbox_command, s, sizeof(qh rbox_command)-1);
data/qhull-2020.2/src/libqhull/io.c:3959:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qh rbox_command[strlen(qh rbox_command)-1]= '\0'; /* remove \n, previous qh_errexit's display command as two lines */
data/qhull-2020.2/src/libqhull/libqhull.c:342:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qh qhull_optionsiz= (int)strlen(qh qhull_options); /* WARN64 */
data/qhull-2020.2/src/libqhull/random.c:52:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(s) < max_size) /* WARN64 */
data/qhull-2020.2/src/libqhull/random.c:62:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining= max_size - (int)strlen(command) - (int)strlen(s) - 2; /* WARN64 */
data/qhull-2020.2/src/libqhull/random.c:62:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining= max_size - (int)strlen(command) - (int)strlen(s) - 2; /* WARN64 */
data/qhull-2020.2/src/libqhull/random.c:64:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *t= command + strlen(command);
data/qhull-2020.2/src/libqhull/random.c:84:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(command, " ");
data/qhull-2020.2/src/libqhull/random.c:113:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += (int)strlen(argv[i]) + 1; /* WARN64 */
data/qhull-2020.2/src/libqhull/rboxlib.c:144:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(command, rbox_command, sizeof(command)-sizeof(seedbuf)-strlen(command)-1);
data/qhull-2020.2/src/libqhull/rboxlib.c:144:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(command, rbox_command, sizeof(command)-sizeof(seedbuf)-strlen(command)-1);
data/qhull-2020.2/src/libqhull/rboxlib.c:404:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(command, seedbuf, sizeof(command) - strlen(command) - 1);
data/qhull-2020.2/src/libqhull/rboxlib.c:404:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(command, seedbuf, sizeof(command) - strlen(command) - 1);
data/qhull-2020.2/src/libqhull_r/global_r.c:86:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*hiddenflags != ' ' || hiddenflags[strlen(hiddenflags)-1] != ' ') {
data/qhull-2020.2/src/libqhull_r/global_r.c:151:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chkerr[strlen(chkerr)-1]= '\'';
data/qhull-2020.2/src/libqhull_r/global_r.c:215:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qh->qhull_commandsiz2= (int)strlen(qh->qhull_command); /* WARN64 */
data/qhull-2020.2/src/libqhull_r/global_r.c:220:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qh->qhull_optionsiz2= (int)strlen(qh->qhull_options); /* WARN64 */
data/qhull-2020.2/src/libqhull_r/global_r.c:629:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qh->qhull_command, command, sizeof(qh->qhull_command)-strlen(qh->qhull_command)-1);
data/qhull-2020.2/src/libqhull_r/global_r.c:629:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(qh->qhull_command, command, sizeof(qh->qhull_command)-strlen(qh->qhull_command)-1);
data/qhull-2020.2/src/libqhull_r/global_r.c:748:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qh->feasible_string, start, (size_t)(t-start));
data/qhull-2020.2/src/libqhull_r/global_r.c:2229:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(option) > sizeof(buf)-30-30) {
data/qhull-2020.2/src/libqhull_r/global_r.c:2231:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(option), (int)sizeof(buf)-30-30, option);
data/qhull-2020.2/src/libqhull_r/global_r.c:2236:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf), " %d", *i);
data/qhull-2020.2/src/libqhull_r/global_r.c:2238:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf), " %2.2g", *r);
data/qhull-2020.2/src/libqhull_r/global_r.c:2239:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen= (int)strlen(buf); /* WARN64 */
data/qhull-2020.2/src/libqhull_r/global_r.c:2241:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remainder= (int)(sizeof(qh->qhull_options) - strlen(qh->qhull_options)) - 1; /* WARN64 */
data/qhull-2020.2/src/libqhull_r/global_r.c:2244:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(qh->qhull_options, "\n", (unsigned int)remainder);
data/qhull-2020.2/src/libqhull_r/global_r.c:2251:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qh->qhull_options, buf, (unsigned int)remainder);
data/qhull-2020.2/src/libqhull_r/io_r.c:193:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, source, (size_t)length);
data/qhull-2020.2/src/libqhull_r/io_r.c:3748:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qh->rbox_command, s, sizeof(qh->rbox_command)-1);
data/qhull-2020.2/src/libqhull_r/io_r.c:3766:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qh->rbox_command, s, sizeof(qh->rbox_command)-1);
data/qhull-2020.2/src/libqhull_r/io_r.c:3889:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qh->rbox_command, s, sizeof(qh->rbox_command)-1);
data/qhull-2020.2/src/libqhull_r/io_r.c:3959:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qh->rbox_command[strlen(qh->rbox_command)-1]= '\0'; /* remove \n, previous qh_errexit's display command as two lines */
data/qhull-2020.2/src/libqhull_r/libqhull_r.c:342:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qh->qhull_optionsiz= (int)strlen(qh->qhull_options); /* WARN64 */
data/qhull-2020.2/src/libqhull_r/random_r.c:52:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(s) < max_size) /* WARN64 */
data/qhull-2020.2/src/libqhull_r/random_r.c:62:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining= max_size - (int)strlen(command) - (int)strlen(s) - 2; /* WARN64 */
data/qhull-2020.2/src/libqhull_r/random_r.c:62:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining= max_size - (int)strlen(command) - (int)strlen(s) - 2; /* WARN64 */
data/qhull-2020.2/src/libqhull_r/random_r.c:64:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *t= command + strlen(command);
data/qhull-2020.2/src/libqhull_r/random_r.c:84:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(command, " ");
data/qhull-2020.2/src/libqhull_r/random_r.c:113:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += (int)strlen(argv[i]) + 1; /* WARN64 */
data/qhull-2020.2/src/libqhull_r/rboxlib_r.c:116:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(command, rbox_command, sizeof(command)-sizeof(seedbuf)-strlen(command)-1);
data/qhull-2020.2/src/libqhull_r/rboxlib_r.c:116:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(command, rbox_command, sizeof(command)-sizeof(seedbuf)-strlen(command)-1);
data/qhull-2020.2/src/libqhull_r/rboxlib_r.c:376:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(command, seedbuf, sizeof(command) - strlen(command) - 1);
data/qhull-2020.2/src/libqhull_r/rboxlib_r.c:376:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(command, seedbuf, sizeof(command) - strlen(command) - 1);
data/qhull-2020.2/src/libqhullcpp/Qhull.cpp:233:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s= qh_qh->qhull_command + strlen(qh_qh->qhull_command) + 1; //space
data/qhull-2020.2/src/libqhullcpp/Qhull.cpp:234:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qh_qh->qhull_command, command, sizeof(qh_qh->qhull_command)-strlen(qh_qh->qhull_command)-1);
data/qhull-2020.2/src/libqhullcpp/Qhull.cpp:234:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(qh_qh->qhull_command, command, sizeof(qh_qh->qhull_command)-strlen(qh_qh->qhull_command)-1);
data/qhull-2020.2/src/libqhullcpp/Qhull.cpp:316:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( qh_qh->rbox_command, inputComment2, sizeof(qh_qh->rbox_command)-1);
data/qhull-2020.2/src/libqhullcpp/RoadLogEvent.cpp:35:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n= strlen(tag);
data/qhull-2020.2/src/libqhullcpp/RoadLogEvent.cpp:36:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(format_string && strlen(format_string)>n+1 && isdigit(format_string[n+1]) && (strncmp(format_string, tag, n)==0 || strncmp(format_string+1, tag, n) == 0)){
data/qhull-2020.2/src/testqset/testqset.c:150:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fmtlen= strlen(fmt);
data/qhull-2020.2/src/testqset_r/testqset_r.c:142:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fmtlen= strlen(fmt);
ANALYSIS SUMMARY:
Hits = 232
Lines analyzed = 86589 in approximately 2.75 seconds (31432 lines/second)
Physical Source Lines of Code (SLOC) = 54999
Hits@level = [0] 140 [1] 70 [2] 72 [3] 12 [4] 78 [5] 0
Hits@level+ = [0+] 372 [1+] 232 [2+] 162 [3+] 90 [4+] 78 [5+] 0
Hits/KSLOC@level+ = [0+] 6.76376 [1+] 4.21826 [2+] 2.94551 [3+] 1.63639 [4+] 1.41821 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.