Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-cran-nloptr-1.2.2.2/src/nloptr.c Examining data/r-cran-nloptr-1.2.2.2/src/dummy.cpp Examining data/r-cran-nloptr-1.2.2.2/src/nloptr.h Examining data/r-cran-nloptr-1.2.2.2/src/init_nloptr.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cdirect/cdirect.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cdirect/cdirect.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cdirect/hybrid.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/praxis/praxis.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/praxis/praxis.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/mma.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/ccsa_quadratic.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/mma.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/isres/isres.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/isres/isres.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/esch/esch.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/esch/esch.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/neldermead/nldrmd.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/neldermead/neldermead.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/neldermead/sbplx.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mlsl/mlsl.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mlsl/mlsl.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/rosen.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/testfun.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/stogo.cc Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/local.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/linalg.cc Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/global.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/prog.cc Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/tools.cc Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/linalg.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/global.cc Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/local.cc Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/testros.cc Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/tools.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/tst.cc Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/stogo_config.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/tstc.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/stogo.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/bobyqa/bobyqa.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/bobyqa/bobyqa.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/dummy.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-oct.cc Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/direct/DIRect.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/direct/DIRsubrout.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/direct/DIRserial.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/direct/direct-internal.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/direct/direct.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/direct/DIRparallel.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/direct/direct_wrap.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/direct/tstc.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/slsqp/slsqp.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/slsqp/slsqp.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/newuoa/newuoa.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/newuoa/newuoa.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/redblack.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/redblack_test.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/timer.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/sobolseq.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/stop.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/soboldata.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/rescale.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/redblack.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/nlopt-util.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/qsort_r.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/mt19937ar.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testfuncs.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testopt.cpp Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testfuncs.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/crs/crs.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/crs/crs.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/auglag/auglag.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/auglag/auglag.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/luksan/plip.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/luksan/pssubs.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/luksan/luksan.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/luksan/pnet.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/luksan/mssubs.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/luksan/plis.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/f77funcs_.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/nlopt-internal.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/f77api.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/deprecated.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/nlopt-in.hpp Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/nlopt.hpp Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/f77funcs.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/optimize.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/general.c Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/nlopt.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cobyla/cobyla.h Examining data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cobyla/cobyla.c Examining data/r-cran-nloptr-1.2.2.2/inst/include/nlopt.hpp Examining data/r-cran-nloptr-1.2.2.2/inst/include/nloptrAPI.h Examining data/r-cran-nloptr-1.2.2.2/inst/include/nlopt.h FINAL RESULTS: data/r-cran-nloptr-1.2.2.2/src/nlopt_src/direct/DIRsubrout.c:1499:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logfile, *iepschange == 1 data/r-cran-nloptr-1.2.2.2/src/nlopt_src/direct/DIRsubrout.c:1502:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logfile, *algmethod == 0 data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-oct.cc:141:42: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define CHECK1(cond, msg) if (!(cond)) { fprintf(stderr, msg "\n\n"); nlopt_destroy(opt); nlopt_destroy(local_opt); return NULL; } data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-oct.cc:208:41: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define CHECK(cond, msg) if (!(cond)) { fprintf(stderr, msg "\n\n"); nlopt_destroy(opt); return retval; } data/r-cran-nloptr-1.2.2.2/inst/include/nlopt.hpp:568:15: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. inline void srand(unsigned long seed) { nlopt_srand(seed); } data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/nlopt-in.hpp:508:15: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. inline void srand(unsigned long seed) { nlopt_srand(seed); } data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/nlopt.hpp:568:15: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. inline void srand(unsigned long seed) { nlopt_srand(seed); } data/r-cran-nloptr-1.2.2.2/src/nlopt_src/crs/crs.h:40:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int random); /* random or low-discrepancy seq. */ data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testopt.cpp:306:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "hLvCc0:r:a:o:i:e:t:x:X:f:F:m:b:")) != -1) data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/redblack_test.c:61:6: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned) (argc > 2 ? atoi(argv[2]) : time(NULL))); data/r-cran-nloptr-1.2.2.2/inst/include/nlopt.hpp:234:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (n) std::memcpy(&xv[0], x, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/inst/include/nlopt.hpp:238:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(grad, &gradv[0], n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/f77api.c:49:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (pnew) memcpy(pnew, p, sizeof(f77_func_data)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/general.c:48:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char nlopt_algorithm_names[NLOPT_NUM_ALGORITHMS][256] = { data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/nlopt-in.hpp:174:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (n) std::memcpy(&xv[0], x, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/nlopt-in.hpp:178:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(grad, &gradv[0], n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/nlopt.hpp:234:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (n) std::memcpy(&xv[0], x, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/nlopt.hpp:238:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(grad, &gradv[0], n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:143:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nopt->lb, opt->lb, sizeof(double) * (opt->n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:144:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nopt->ub, opt->ub, sizeof(double) * (opt->n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:145:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nopt->xtol_abs, opt->xtol_abs, sizeof(double) * (opt->n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:153:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nopt->fc, opt->fc, sizeof(nlopt_constraint) * (opt->m)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:166:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nopt->fc[i].tol, opt->fc[i].tol, data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:176:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nopt->h, opt->h, sizeof(nlopt_constraint) * (opt->p)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:189:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nopt->h[i].tol, opt->h[i].tol, data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:202:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nopt->dx, opt->dx, sizeof(double) * (opt->n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:265:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opt->lb, lb, sizeof(double) * (opt->n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:287:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lb, opt->lb, sizeof(double) * (opt->n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:297:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opt->ub, ub, sizeof(double) * (opt->n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:319:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ub, opt->ub, sizeof(double) * (opt->n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:370:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tolcopy, tol, sizeof(double) * fm); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:554:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opt->xtol_abs, xtol_abs, opt->n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:575:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xtol_abs, opt->xtol_abs, opt->n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:663:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opt->dx, dx, sizeof(double) * (opt->n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:677:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dx, o->dx, sizeof(double) * (opt->n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/api/options.c:681:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dx, opt->dx, sizeof(double) * (opt->n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/auglag/auglag.c:132:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xcur, x, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/auglag/auglag.c:266:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, xcur, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cdirect/cdirect.c:140:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->xmin, x, sizeof(double) * p->n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cdirect/cdirect.c:199:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rnew, rdiv, sizeof(double) * L); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cdirect/cdirect.c:232:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rnew, rdiv, sizeof(double) * L); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cdirect/hybrid.c:104:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->xmin, x, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cdirect/hybrid.c:183:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rnew, r, sizeof(double) * L); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cdirect/hybrid.c:189:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rnew+3, rnew+3+n, sizeof(double) * n); /* x = c */ data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cdirect/hybrid.c:206:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rnew, r, sizeof(double) * L); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/cdirect/hybrid.c:212:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rnew+3, rnew+3+n, sizeof(double) * n); /* x = c */ data/r-cran-nloptr-1.2.2.2/src/nlopt_src/crs/crs.c:69:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, best->k + 1, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/crs/crs.c:153:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(worst->k, d->p, sizeof(double) * (n+1)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/crs/crs.c:201:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->ps + 1, x, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/crs/crs.c:245:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, best->k + 1, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/crs/crs.c:258:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, best->k + 1, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/direct/tstc.c:28:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxits = argc < 2 ? 100 : atoi(argv[1]); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/esch/esch.c:139:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(esparents[0].parameters, x, nparameters * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/esch/esch.c:168:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, esparents[id].parameters, data/r-cran-nloptr-1.2.2.2/src/nlopt_src/esch/esch.c:221:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, esoffsprings[id].parameters, data/r-cran-nloptr-1.2.2.2/src/nlopt_src/isres/isres.c:123:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xs, x, sizeof(double) * n); /* use input x for xs_0 */ data/r-cran-nloptr-1.2.2.2/src/nlopt_src/isres/isres.c:183:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, xs+k*n, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/isres/isres.c:248:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x0, xs, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mlsl/mlsl.c:263:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, ((pt *) node->k)->x, sizeof(double) * d->n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mlsl/mlsl.c:268:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, node->k + 1, sizeof(double) * d->n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mlsl/mlsl.c:331:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->x, x, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mlsl/mlsl.c:400:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lm+1, p->x, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/ccsa_quadratic.c:329:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xcur, x, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/ccsa_quadratic.c:372:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (++k > 1) memcpy(xprevprev, xprev, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/ccsa_quadratic.c:373:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xprev, xcur, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/ccsa_quadratic.c:466:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fcval, fcval_cur, sizeof(double)*m); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/ccsa_quadratic.c:467:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, xcur, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/ccsa_quadratic.c:468:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dfdx, dfdx_cur, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/ccsa_quadratic.c:469:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dfcdx, dfcdx_cur, sizeof(double)*n*m); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/mma.c:214:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xcur, x, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/mma.c:257:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (++k > 1) memcpy(xprevprev, xprev, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/mma.c:258:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xprev, xcur, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/mma.c:326:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fcval, fcval_cur, sizeof(double)*m); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/mma.c:327:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, xcur, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/mma.c:328:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dfdx, dfdx_cur, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/mma/mma.c:329:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dfcdx, dfcdx_cur, sizeof(double)*n*m); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/neldermead/nldrmd.c:83:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. *minf = (fc); memcpy(x, (xc), n * sizeof(double)); \ data/r-cran-nloptr-1.2.2.2/src/nlopt_src/neldermead/nldrmd.c:133:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pts+1, x, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/neldermead/nldrmd.c:138:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pt+1, x, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/neldermead/nldrmd.c:237:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xh, xcur, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/neldermead/nldrmd.c:241:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xh, xcur, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/neldermead/nldrmd.c:252:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xh, xcur, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/neldermead/sbplx.c:97:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xstep, xstep0, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/neldermead/sbplx.c:113:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xprev, x, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c:81:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[FLEN]; data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c:98:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mxGetPr(d->prhs[d->xrhs]), x, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c:114:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gradient, mxGetPr(d->plhs[1]), n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c:128:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mxGetPr(d->prhs[d->xrhs]), x, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c:129:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mxGetPr(d->prhs[d->xrhs + 1]), v, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c:139:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vpre, mxGetPr(d->plhs[0]), n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c:241:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(d.f, "feval"); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c:258:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(dpre.f, "feval"); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c:303:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(dfc[j].f, "feval"); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c:340:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(dh[j].f, "feval"); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/octave/nlopt_optimize-mex.c:358:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, x0, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/praxis/praxis.c:183:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q_1.xbest, &x[1], n*sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/praxis/praxis.c:184:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prev_xbest, &x[1], n*sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/praxis/praxis.c:438:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prev_xbest, q_1.xbest, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/praxis/praxis.c:610:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&x[1], q_1.xbest, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/praxis/praxis.c:1242:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q_1->xbest, t, n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/slsqp/slsqp.c:54:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dy, dx, sizeof(double) * ((unsigned) n)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/slsqp/slsqp.c:2477:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xcur, x, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/slsqp/slsqp.c:2478:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xprev, x, sizeof(double) * n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/slsqp/slsqp.c:2611:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, xcur, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/slsqp/slsqp.c:2624:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xprev, xcur, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/slsqp/slsqp.c:2637:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, xprev, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/slsqp/slsqp.c:2641:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, xcur, sizeof(double)*n); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/prog.cc:229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[STRLEN_MAX]; cin >> str; data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/tst.cc:47:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). params.maxeval = argc < 2 ? 100 : atoi(argv[1]); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/stogo/tstc.c:35:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxits = argc < 2 ? 100 : atoi(argv[1]); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testopt.cpp:148:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lb, func.lb, func.n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testopt.cpp:149:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ub, func.ub, func.n * sizeof(double)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testopt.cpp:322:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nlopt_srand((unsigned long) atoi(optarg)); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testopt.cpp:325:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). c = atoi(optarg); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testopt.cpp:334:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (!test_function(atoi(optarg))) data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testopt.cpp:338:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxeval = atoi(optarg); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testopt.cpp:341:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iterations = atoi(optarg); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/test/testopt.cpp:371:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int b = atoi(s); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/redblack_test.c:57:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/redblack_test.c:61:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). srand((unsigned) (argc > 2 ? atoi(argv[2]) : time(NULL))); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/sobolseq.c:277:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sdim = atoi(argv[1]); data/r-cran-nloptr-1.2.2.2/src/nlopt_src/util/sobolseq.c:279:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(argv[2]); ANALYSIS SUMMARY: Hits = 122 Lines analyzed = 37224 in approximately 1.18 seconds (31493 lines/second) Physical Source Lines of Code (SLOC) = 26269 Hits@level = [0] 200 [1] 0 [2] 112 [3] 6 [4] 4 [5] 0 Hits@level+ = [0+] 322 [1+] 122 [2+] 122 [3+] 10 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 12.2578 [1+] 4.64426 [2+] 4.64426 [3+] 0.380677 [4+] 0.152271 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.