stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/ctrlc.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/splamm.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/cone.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/data.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/equil.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/spla.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/glblopts.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/wright_omega.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/timer.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/ecos_bb.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/expcone.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/kkt.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/ecos.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/ecos_bb/ecos_bb.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/ecos_bb/ecos_bb_preproc.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/emptyProblem/emptyProblem.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/quad_over_lin/quad_over_lin.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/quad_over_lin/quad_over_lin.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/qcml_utils.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/sq_norm/sq_norm.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/sq_norm/sq_norm.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/sum_sq/sum_sq.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/sum_sq/sum_sq.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/generated_tests.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/norm/norm.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/norm/norm.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/inv_pos/inv_pos.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/inv_pos/inv_pos.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/generated/qcml_utils.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/cvxpyProblems/githubIssue98.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/exponential/random_infeasible.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/exponential/log_ax_x.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/exponential/num_err.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/exponential/random_unbounded.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/exponential/random_feasible.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/ecostester.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/infeasibleProblems/infeasible2.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/infeasibleProblems/infeasible1.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/feasibilityProblems/feas.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/unboundedProblems/unboundedMaxSqrt.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/unboundedProblems/unboundedLP1.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/bb_test.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/minunit.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/MPC/MPC02.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/MPC/MPC01.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/updateData/update_data.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/LPnetlib/lp_beaconfd.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/LPnetlib/lp_25fv47.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/LPnetlib/lp_blend.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/LPnetlib/lp_agg.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/LPnetlib/lp_bnl1.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/LPnetlib/lp_adlittle.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/LPnetlib/lp_bandm.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/LPnetlib/lp_afiro.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/LPnetlib/lp_agg3.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/test/LPnetlib/lp_agg2.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/SuiteSparse_config/SuiteSparse_config.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/ldl/include/ldl.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/ldl/src/ldl.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/include/amd.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/include/amd_internal.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_1.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_preprocess.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_order.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_2.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_post_tree.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_aat.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_info.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_global.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_defaults.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_valid.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_dump.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_control.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_postorder.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/ctrlc.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/runecos_exp.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/ecos.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/preproc.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/cone.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/timer.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/equil.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/runecos.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/splamm.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/expcone.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/kkt.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/wright_omega.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/spla.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecosolve.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos-2954b2a-changes/include/glblopts.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos-2954b2a-changes/include/ecos_bb.h
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos-2954b2a-changes/ecos_bb/ecos_bb.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecos-2954b2a-changes/ecos_bb/ecos_bb_preproc.c
Examining data/r-cran-ecosolver-0.5.3+dfsg/src/ecosolver_init.c

FINAL RESULTS:

data/r-cran-ecosolver-0.5.3+dfsg/src/ecos-2954b2a-changes/include/glblopts.h:77:19:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define PRINTTEXT printf
data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_dump.c:39:2:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	fscanf (f, ID, &AMD_debug) ;
data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_global.c:79:41:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int (*amd_printf) (const char *, ...) = printf ;
data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/include/glblopts.h:77:19:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define PRINTTEXT printf
data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/external/amd/src/amd_dump.c:32:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen ("debug.amd", "r") ;
data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/ecos.c:1088:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fn[20];
data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/ecos.c:1288:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(fn, "PKPt_updated_%02i.txt", (int)w->info->iter);
data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/ecos.c:1302:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(fn, "PKPt_factor_%02i.txt", (int)w->info->iter);
data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/splamm.c:285:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *f = fopen(fn,"w");
data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/splamm.c:312:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(fn,"w");
data/r-cran-ecosolver-0.5.3+dfsg/src/ecos/src/splamm.c:348:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(fn,"w");
data/r-cran-ecosolver-0.5.3+dfsg/src/ecosolve.c:234:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(REAL(x), mywork->x, n * sizeof(double));
data/r-cran-ecosolver-0.5.3+dfsg/src/ecosolve.c:240:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(REAL(y), mywork->y, p * sizeof(double));
data/r-cran-ecosolver-0.5.3+dfsg/src/ecosolve.c:246:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(REAL(s), mywork->s, m * sizeof(double));
data/r-cran-ecosolver-0.5.3+dfsg/src/ecosolve.c:252:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(REAL(z), mywork->z, m * sizeof(double));

ANALYSIS SUMMARY:

Hits = 15
Lines analyzed = 18497 in approximately 10.01 seconds (1847 lines/second)
Physical Source Lines of Code (SLOC) = 11531
Hits@level = [0] 109 [1]   0 [2]  11 [3]   0 [4]   4 [5]   0
Hits@level+ = [0+] 124 [1+]  15 [2+]  15 [3+]   4 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 10.7536 [1+] 1.30084 [2+] 1.30084 [3+] 0.346891 [4+] 0.346891 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.